With evolving technologies and the fast-changing world, new cyber security challenges arise.
Many of today’s cybersecurity problems still to be fixed, and certainly, there are some constants.
Ransomware has been a major cybersecurity issue for years, but shows no signs of going away as cyber criminals continue to evolve their attacks.
Unfortunately, a significant numbers of enterprise networks remain vulnerable, often as a result of security flaws for which updates have long been available.
Even if you think you’re on top of every software vulnerability in your network, new security flaws are always appearing and some of them can have a big impact.
Take the Log4j flaw: a year ago it was completely unknown, lurking within the code. But after it came to light in December, it was described by the head of CISA as one of the most serious flaws around.
Late in 2022, it’s still an often unmediated security flaw hidden within many organisations’ code – something that is likely to continue far into the future.
Security Skills Shortages
Whatever the latest hacker trick or security hole discovered by researchers, people are always at the core of cybersecurity.
That focus starts at the basic level, with cybersecurity awareness training. Employees should be able to identify a phishing link or a business email compromise scam.
As cyber threats become more sophisticated, it beyond important to have the proper resources, skillsets, and knowledge to combat them.
No one wants their organization to be at risk. You need access to the right information security team, such as ourselves here at bva.
We need to encourage people from a variety of different backgrounds – from computer engineering and coding to psychology – to explore cybersecurity.
For us to really win the war on talent we need to be committed to not just hiring but to building, retaining and investing in our talent.
It’s vital that organisations have the people and processes in place to prevent or detect cyberattacks.
Not only is there the continued day-to-day risk of phishing, malware attacks or ransomware campaigns from cyber-criminal gangs, there’s also the threat from hackers and hostile nation states.
New & Bigger Supply Chain Cyber Threats
While cyberspace has been an arena for international espionage and other campaigns for some time, the current global geopolitical environment is creating additional threats.
“We’re going back to a geopolitical paradigm that features great power competition, a place we haven’t been in a number of decades,” says Matt Gorham, former assistant director of the FBI’s Cyber Division.
“And we’re doing that when there’s no true consensus, red lines or norms and cyberspace,” he adds.
For example, technology involved in running critical infrastructure has been targeted by Russia in its ongoing invasion of Ukraine.
However, it isn’t just in a war zone where hostile states are looking to cause disruption with cyberattacks: organizations, particularly those involved in criticial supply chains, are finding themselves being targeted by state-backed hackers too.
Concerns are always driven by real-world events. For the last couple of years, we’ve seen nation-state supply chain attacks that caused everyone to think about the supply chain risk associated with that.
If a state is determined to get on your systems, they have the resources and the capacity to do so, it’s about being able to detect and evict them.
Often, it isn’t advanced techniques that allow attackers to enter networks, it’s common vulnerabilities such as having weak passwords, old software, not applying security updates or a lack of multi-factor authentication (2FA).
Web3 & IoT: New Problems or Back To Basics?
Just because something is new, that doesn’t mean it’s automatically secure.
There continues to be a lot of hype about the potential of Web3 – a vision of the web that takes control away from big companies and decentralizes power among users by using blockchain, cryptocurrency and token-based economics.
However, like any new technology, especially one that comes with a lot of excitement and hype, security is often forgotten about as software development rushes to release products and services.
As demonstrated by various hacks against crypto exchanges where attackers have stolen millions in crypto.
“People get really excited about new technology. Then they forget to consider the security flaws because they’re in such a rush to implement it.”
With Web3, we’re seeing that kind of situation, where people have been hyped to get started – but security gets left behind,” says Katie Paxton-Fear, lecturer in cybersecurity at Manchester Metropolitan University and a bug bounty hunter for HackerOne.
Due to this situation, bug bounty hunters are finding many vulnerabilities in Web3 applications and services.
They’re often major vulnerabilities that could be extremely lucrative for malicious hackers if they discover them first and potentially costly for users.
While some of these vulnerabilities are novel and complex, many of the security breaches that have hit cryptocurrency exchanges and other Web3 services have been down to misconfigured services or phishing attacks, where criminals got hold of passwords.
So, while experimental and unusual vulnerabilities are an issue, putting cybersecurity basics in place can help stop Web3 breaches, particularly as the technology becomes more popular – and a more attractive target for cyber criminals.
While blockchain and Web3 might still be considered niche technologies for now, the Internet of Things isn’t.
There are billions of IoT devices in homes and workplaces installed around the world, including some that help power critical infrastructure and healthcare.
As with other new technologies, there’s the risk that if these connected devices are not secured properly.
Which then they could be disrupted, or even leave whole networks vulnerable. That’s a gap that needs to be considered as connected devices become ever-more prevalent in all our lives.
Right now, bad actors can get in through a medical device and use that as a pivot point to take down the entire hospital network, which could obviously have an impact on patient care.
It’s imperative for hospitals, critical infrastructure providers of any other organizations to recognize that cybersecurity has a key role in planning and decision-making processes in 2023.
Be cyber smart, and help ensure that networks are as secure against threats as possible.
The 2023 Cyber Security Outlook
Cyber security has to have a seat at the table, and it’s very, very critical.
Businesses need to think through strategically how to mitigate these cyber risks, because these devices are important.
It’s been seen that progress is being made, with boardrooms becoming more aware about cybersecurity issues. However, there’s still much work to do.
We’ve collectively taken a lot of steps over the past year that are going to start to put us in a better and a better light and be able to really combat some of these threats in the future.
While cybersecurity and cybersecurity budgets still need more attention, things are moving in the right direction generally.
As the world moves into 2023, there’s still going to be plenty of challenges to deal with.
The threat’s only become more significant as we continue to transform digitally. The fact that cyber security awareness is rising shows a good sign for the future.