Which direction will information technology take during the course of 2023? For example, during a time of economic downturn will organizations go back to security basics? Coming up with some predictions for Digital Journal is Sadik Al-Abdulla, CPO of Onapsis.
The commentator focuses on upcoming cybersecurity trends. Their predictions include the likelihood that attackers will seek out the next Log4j vulnerability and will likely become successful. Moreover, the exploitation of known vulnerabilities will become a leading attack vector. It also stands that threat actors will shift away from ransomware and opt for more discreet methods to monetise.
According to Sadik Al-Abdulla issues around the Log4j vulnerability are key. As he explains: “Attackers will seek out the next Log4j vulnerability and will likely become successful
The impact of the Log4j flaw has been widespread and far-reaching, with countless organizations still reeling from its massive ripple effect.”
Expanding on the problem, Al-Abdulla says: “Log4j has underscored the level of difficulty in patching vulnerabilities within commonly used libraries, as almost every vendor within the software supply chain has been responsible for fixing it. Attackers have become well aware of this and have continued taking advantage of unpatched Log4j vulnerabilities.”
As an example, Al-Abdulla says: “Just a few weeks ago, we saw North Korean nation-state threat actors exploiting Log4shell to hack energy providers and conduct espionage campaigns.”
As to what the trajectory over the next year will be Al-Abdulla predicts “In 2023, we’ll not only continue to see the breadth of Log4j’s exposure increase, but we’ll also see threat actors focusing more on exploiting open-source libraries. To mitigate the impact of a vulnerability as critical as Log4shell, organizations must adopt a risk-based vulnerability management program that can help them prioritize patching the vulnerabilities that are most at-risk.”
There are also some limited options for firms given the financial situation. This may mean that “During a time of economic downturn, organizations will go back to security basics. Given the current period of economic uncertainty, organizations will continue cutting their budgets and putting their dollars into resources that are most critical to their business.”
There will be some level of investment, albeit of a more targeted nature. Here Al-Abdulla states: “While strengthening their cybersecurity programs will be a priority in the coming year, organizations will begin rethinking the types of tools they are investing in. In 2023, we’ll see organizations lean more toward fundamental security technologies to protect their business assets.”
Drawing on an example, Al-Abdulla offers: “For instance, business-critical application security tools, such as vulnerability management platforms specifically designed for enterprise resource planning (ERP) applications, will help defend valuable data that enables an organization to successfully operate.”