Page 96 - Cyber Defense eMagazine January 2023
P. 96

redundant tooling, in addition to controlling cloud spend, to manage high operational costs and complex
            integrations.

            I think this is a good time to remind organizations that zero trust is simply a security framework, not a
            tool. It is not a ‘single solution,’ but rather a framework used to secure data in a modern digital enterprise.
            Zero trust is also not overhyped, despite some opinions to the contrary. It has become a critical step
            towards  mitigating  cyber  risk,  detecting malicious  behavior,  and responding  to  security  incidents.  By
            requiring users and devices to be authenticated, authorized, and continuously monitored for a ‘trusted’
            security posture before access is granted, zero trust can contain threats and limit business impacts when
            a breach does occur.”


            Credential-based attacks and evolving threats:

            “We’ve seen the classic Cat and Mouse Game before: as credential-based attacks evolve, so too do
            cyber defenses. Threat actors will continue to leverage tried and true methods like social engineering,
            initial  access  brokers,  and  information  stealer  tools  to  carry  out  their  objectives.  Where  multi-factor
            authentication stands in the way of compromising an account with stolen credentials, we can expect
            cyberthreat actors to implement new techniques to bypass this particular layer of defense. I think this will
            lead to an expansion of passwordless authentication solutions, to combat the attackers.

            We can also expect to see more malicious attacks, as anyone can play this game. A broader set of threat
            actors  will  join  in  to  conduct  cyber  operations  in  2023.  They  have  financial  motivation,  government
            mandates to justify their cause, not to mention bragging rights that increasingly attract a younger group
            of threat actors.”


            Protecting brand as much as infrastructure:

            “During the past year, we witnessed several high-profile breaches, where organizations suffered severe
            brand damage. This resulted in a shift from data recovery to reputation management when faced with a
            ransom.  I  expect  to  see  threat  actors  shift  their  strategies  to  exploit  this  fear  through  extortion  vs.
            ransomware in the year ahead.

            Further, threat actors will continue to take advantage of weaknesses in the software supply chain, which
            will  become  the  number  one  threat  vector  in  2023.  Organizations  should  create  a  vendor  risk
            management plan, thoroughly vet third-parties and require accountability, to remain vigilant and align to
            cybersecurity best practices. This is critical too, as cyber insurance claims have exploded. We can expect
            to see insurance companies lowering their risk appetite and reducing client coverage in 2023. If your
            organization is in the market for a policy, expect to pay a hefty premium, or face a rigorous review of the
            organization’s security posture, as insurance companies increase their due diligence to avoid liability.”








            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       96
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   91   92   93   94   95   96   97   98   99   100   101