A year is a long time in cybersecurity.
Sure, there are some constants. Ransomware has been a major cybersecurity problem for years, but it shows no sign of disappearing as cybercriminals continue to evolve their attacks. Also, a significant number of corporate networks remain vulnerable, often as a result of security flaws for which updates have been available for so long.
But even if you think you know all the software vulnerabilities in your network, new security flaws are constantly appearing, some of which can have a big impact.
Consider Log4j flaws. A year ago it was lurking in code and completely unknown. But after the issue came to light in December, a CISA chief described him as one of the most serious flaws. Even in late 2022, this is still hidden in the code of many organizations, often an unmediated security flaw, and likely to persist for many years to come.
Lack of security skills
Whatever the latest hacker tricks and security holes uncovered by researchers, people, not technology, have always been at the core of cybersecurity, for better or worse.
That focus begins, at a fundamental level, with employees being able to identify phishing links and business email compromise scams, and with superiors hiring the right information security team to help set up and monitor corporate defenses. .
However, the demand for cybersecurity skills is so high that they simply aren’t staffed enough.
Booz Allen Senior Vice President and National Cyber Defense Officer Kelly Rosmalski said: Hamilton.
“We need to encourage people from different backgrounds, from computer engineering and coding to psychology, to explore cybersecurity, because to really win the war for talent, it’s not just about jobs. Because we need to focus on building, maintaining and investing in our talent,” she says.
Also: There is a hopeless skills crisis in cybersecurity.Rural America May Have the Answer
It is critical that organizations have the people and processes in place to prevent or detect cyberattacks. Phishing, malware attacks, or ransomware campaigns by cybercrime groups continue to pose a risk every day, as well as threats from hackers and hostile nation states.
New and larger supply chain threats
Cyberspace has been the arena for international espionage and other campaigns for some time, but the current global geopolitical environment creates additional threats.
Matt Gorham, leader of PwC’s Cyber and Privacy Innovation Lab and former Assistant Director of the FBI’s Cyber Division, said: Split.
“And that’s what we’re doing in the absence of real consensus, redlining, norms and cyberspace,” he adds.
For example, the technology used to run critical infrastructure has been targeted by Russia in its continued incursions into Ukraine.
In the hours leading up to the invasion, satellite communications provider Viasat was hit by outages that disrupted broadband connections in Ukraine and other European countries. The incident is attributed to Russia by Western intelligence agencies. Elon Musk has also said Russia is trying to hack the systems of Starlink, a satellite communications network operated by his SpaceX rocket company that provides Internet access to Ukraine.
But it’s not just war zones where adversaries seek to wreak havoc with cyberattacks. Organizations, especially those involved in critical supply chains, have also been targeted by state-sponsored hackers.
See how Russian hackers compromised a major software provider with malware. The malware launched malicious updates and provided backdoors to the networks of multiple US government agencies.
“Concerns are always driven by real-world events, so in the past few years there have been nation-state supply chain attacks that have made everyone think about the associated supply chain risks,” Gorham said. says. It asks organizations to consider not only how to prevent cyberattacks, but also how to detect malicious intrusions into their networks and respond appropriately.
“If a nation-state decides to infiltrate your system, they have the resources and capabilities to do so, which means it is important to detect and eliminate it.”
Also: This overlooked cybersecurity risk could lead to a sea of trouble for all of us
In many cases, attackers aren’t able to get into your network through sophistication, but rather through common threats such as weak passwords, lack of security patches, and lack of two-factor authentication (2FA). Vulnerability. Also, the software running these systems can be many years old, especially for critical infrastructure and industrial networks.
Web3 and IoT: New Problems or Back to Basics?
But just because something is new doesn’t automatically mean it’s safe. And as technologies like Web3 and the Internet of Things (IoT) continue to advance in his 2023, they will become an even bigger target for cyberattacks and hackers. .
There continues to be a lot of hype about the possibilities of Web3. This is a vision of a web that uses blockchain, cryptocurrencies, and token-based economics to take control away from big corporations and decentralize power among users.
But like any new technology, especially with excitement and hype, security is often forgotten as software development rushes to release products and services.
“People are so excited about new technology, and then they forget to think about security flaws in the rush to implement them. With Web3, we see that. People are People are eager to get started, but security is left behind,” says Katie Paxton-Fear, a lecturer in cybersecurity at Manchester Metropolitan University and a bug bounty hunter at HackerOne.
Due to this situation, bug bounty hunters have found many vulnerabilities in Web3 applications and services. These are often critical vulnerabilities that can be of great benefit to malicious hackers if they are the first to discover them, and can be costly for users.
But while some of these vulnerabilities are novel and complex, many of the security breaches that have hit cryptocurrency exchanges and other Web3 services are due to misconfiguration of the service, or the fact that criminals obtained passwords. It is caused by a phishing attack.
So while experimental and unusual vulnerabilities matter, having cybersecurity basics in place will help stop Web3 breaches. Especially as this technology becomes more popular and a more attractive target for cybercriminals.
Paxton-Fear said:
Blockchain and Web3 may still be considered niche technologies for now, but the Internet of Things is not. There are billions of devices installed in homes and workplaces around the world, some of which help power critical infrastructure and healthcare.
But like any new technology, if these connected devices are not properly protected, they risk being disrupted or leaving the entire network vulnerable. It’s a gap that needs to be considered as smart devices become more and more prevalent in our lives.
Also: The terrifying future of the Internet: How tomorrow’s technology will pose even greater cybersecurity threats
“We are in a very difficult situation, but we have to be careful,” said Rozmalski of Booz Allen Hamilton. “Right now, a malicious person can get in via a medical device and use it as a pivot point to bring down an entire hospital network. there is potential.”
Importantly, other organizations are encouraged to recognize that cybersecurity will play a key role in their planning and decision-making processes for 2023 to ensure their networks are as secure against threats as possible. It is essential for hospitals, which are critical infrastructure providers for
Cybersecurity Outlook for 2023
“Security needs to be on the agenda, it’s very important. But because these devices are important, we need to think strategically about how to mitigate those risks,” Rozumalski said, adding that progress I believe you will see Boards are becoming more aware of cybersecurity issues. However, there is still much work to be done.
“I think we’ve taken a lot of steps over the past year.
And she’s not the only one who thinks things are generally going in the right direction, although cybersecurity and cybersecurity budgets still need more attention.
PwC’s Gorham acknowledges that cybersecurity won’t suddenly be perfect, but “there’s a growing realization that this is a serious and pervasive threat, and that there are significant risks. I am optimistic.” As the world enters his 2023, there are still many challenges to deal with.
“The threat has not gone away. It is significant and will only become more important as we continue our digital transformation. I think it’s a sign,” he says.