Technology

Improve Cyber Security Posture with 2023 Predictions

What’s the risk with cloud misconfigurations?

Misconfiguration has been the most significant cloud risk for a couple of years now, accounting for up to 70% of all cloud security challenges. That shows no sign of changing in 2023 given the ongoing pace of cloud migrations, especially as network environments become more distributed and the hybrid workforce grows—opening the door to attacks and the misuse of cloud resources.

How to strengthen your cyber security posture

Misconfigurations occur because enterprise clouds are complex multi-vendor environments and IT teams seldom have time to get familiar with all the technologies. Creating upfront space for learning and testing can have big payoffs down the road.

For example, different cloud providers may have different restoration procedures for data backups. Giving IT the chance to test those procedures and internalize them means they’ll be prepared to act when company data has to be recovered in the wake of an incident.

Because of cloud complexity, automation is crucial. It’s not practical for teams to manually check the entire environment for correct configurations. Platform-based cloud-native software that can scan and verify settings without human intervention has the double benefit of relieving burden and catching errors in real time so they can be addressed.

What’s the risk with overlooked vulnerabilities?

Outdated network protocols, hardware, and firmware can all be sources of hidden vulnerabilities that create potential attack vectors for bad actors. At the same time, new applications that use open-source software are also prime targets—and will be throughout 2023. Now that most cloud-native projects depend in some way on open-source software that is subject to fewer vulnerability checks during development, malware and other weaknesses can easily end up embedded in cloud-based enterprise operations.

How to strengthen your cyber security posture

Technology companies—and legislators in some jurisdictions—are paying closer attention to the risks associated with open-source software. Up-to-date global threat intelligence is now considered vital. So are bug bounty programs designed to catch and patch flaws before they can be exploited, such as the one Google launched last year.

Enterprises can protect themselves with diligent software patching, virtual patching, open-source software security policies, and automated monitoring to defend against attacks. When it comes to supply chains, they will also want to adopt software bills of material (SBOMs) for their applications, which make it easy to pinpoint affected software versions and systems when security flaws are identified.

“These days, most software is to some extent made up of third-party code that is either commissioned specifically for a software product or an off-the shelf, pre-built component designed for a specific function. This could incentivize attackers to infiltrate popular resources… to pass off their malware as legitimate code.”

Future/Tense: Security Predictions for 2023

Hybrid and remote work are hallmarks of the expanding network perimeter. Last year, IBM and the Ponemon Institute determined that the more remote workers a business has, the more a data breach will cost: a company with an 81% remote workforce will pay roughly US$2.39 million more for a breach than a company with 50% remote workers.

What’s the risk of an expanding perimeter?

Cybercriminals will continue to attack hybrid work structures in 2023, launching network-based worms and exploiting virtual private network (VPN) connections, which are still popular despite hundreds of known vulnerabilities. Business email compromise (BEC) attacks will also persist—on track to cause losses of US$2.8 billion by 2027.

Related Post
How to strengthen your cyber security posture

A zero trust approach is the best way to protect data and assets in the context of an expanding—and evaporating—network perimeter, with a Secure Access Service Edge (SASE) architecture to consolidate security and network functions in distributed, cloud-oriented environments. Zero trust network access also solves the VPN problem by securely connecting authorized users only to specific applications or services, not the whole network.

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.

On the BEC front, two-factor verification, stronger password hygiene combined with zero trust authentication can help lessen the threat of email scams.

“Unlike VPNs that provide highway access to the entire network, ZTNA allows authorized users a secure connection to a specific application or service only, preventing threat actors from moving freely across a network.”

What’s the risk of new ransomware business models?

Ransomware perpetrators will seek new ways of profiteering in 2023, from directly monetizing information like stolen critical data to setting their sights on the cloud. Up to now, ransomware has tended to be designed for on-premises environments, but with all the enterprise investment in cloud, it’s a logical new target—one whose defenses remain untested. Since no business is immune to the threat of ransomware, every enterprise, however large or small, needs a proactive approach to defending against these attacks.

How to strengthen your cyber security posture

Here again, the zero trust approach is a must, paired with regular backups, cultivating an organization-wide cybersecurity culture, and taking advantage of existing frameworks from organizations like the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST). Also, look to shift left in detecting an attack earlier in the lifecycle that can help mitigate a later ransomware attack.

Another way to guard against ransomware, is to adopt a unified cybersecurity platform which can help security teams gain visibility of an attack across the network stack.

What’s the risk of point solutions?

Organizations deploy an average of 46 individual security monitoring tools, overwhelming security teams with uncorrelated daily alerts and too many false positives, resulting in the very real risk of a genuine attack slipping through the cracks. The traditional security paradigm using a point model is not sustainable: the scope and complexity of today’s cyber threats demand a holistic approach to security, delivered by a unified cybersecurity platform.

How to strengthen your cyber security posture

The move toward a platform approach will be led by organizations actively seeking more visibility across their attack surfaces like distributed clouds, networks, assets, accounts, and systems. To be truly effective, a platform will need to combine security information and event management (SIEM) with extended detection and response (XDR), artificial intelligence and analytics to provide an integrated view of the entire IT/cloud environment and deeper, contextualized correlations of alerts.

Platforms can also support endpoint detection, network defense monitoring, and more—with automation for continuous, repetitive discovery, assessment, and mitigation. They even help defend against zero-day exploits by checking bug bounty programs.

BlogofInnovation.com 

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.

Recent Posts

TIMES BPO Rings in the Revenue Revolution for Ambitious Businesses

Imagine a world where your phone rings not with complaints, but with eager customers ready to buy. A world where…

1 hour ago

[NEW] The 2024 Best Pokémon GO Spoofer for iPhone and Android | Tenorshare iAnyGo

NEW YORK, N.Y., July 17, 2024 (SEND2PRESS NEWSWIRE) — Tenorshare is excited to announce the launch of the 2024 edition…

10 hours ago

The Cloud Wars: A Ranking of Leading Cloud Service Providers

In the realm of digital transformation, cloud computing has emerged as a pivotal technology driving innovation across industries. As businesses…

14 hours ago

GRG PROFESSIONAL SERVICES LTD and Mindrops Merge: A New Era in Global Business Solutions

In a move that’s set to shake up the business services landscape, GRG PROFESSIONAL SERVICES LTD and Mindrops have announced…

1 day ago

More than 3,000 health care organizations recognized for commitment to high-quality cardiovascular care

​​DALLAS, July 16, 2024 — Someone in the United States dies of cardiovascular disease (CVD) every 34 seconds, on average.[1]…

2 days ago

Rascals Wins “Training Diaper Product of the Year” In 2024 Baby Innovation Awards

Annual Awards Program Recognizes Innovative Companies, Services and Products Within the Baby Care Industry Annual Awards Program Recognizes Innovative Companies,…

2 days ago

Seguici

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.