Predicting the thrust of cybersecurity is not straightforward, although there are signs that most businesses see cybersecurity risk as a primary factors to be concerned with when conducting third-party transactions and business engagements. To gain an insight, Digital Journal spoke with experts at LogRythm.
Among some of the trends predicted it appears that businesses as a whole may be less resilient and to avoid this risk, organizations will need to invest in training to combat new social engineering tactics.
There is also a trend within Information Technology whereby leaner IT teams are expected to turn toward subscriptions rather than building the expertise in-house. While this may bring some financial advantages, there is a risk of some firms struggling in the face of a knowledge shortfall. Here continued economic uncertainty will lead organizations to be more judicious with spending, and companies will look for proven technologies and ways to maximize return on investment.
The first expert is Eric Hart, Manager, Subscription Services. Hart predicts that into 2023 organizations will reassess and expand end-user awareness training.
By this, Hart means: “Coming to the end of a year in which so many organizations fell victim to social engineering attacks, more organizations will look to invest in training their end users to better detect threats. The past year has seen some big names – the likes of Microsoft, Cisco and Uber – suffer breaches by way of multi-factor authentication (MFA) fatigue, phishing and other social engineering tactics.”
With threat groups like Lapsus$ introducing bribery tactics to lure credentials from internal users, many of today’s attacks have evolved beyond the basic phishing techniques that end users are trained to recognize. Organizations will look to reassess their training programs to ensure that users are familiar with the bribery and extortion tactics associated with the latest social engineering schemes. Threat actors are constantly searching for new inroads into networks. Organizations concerned with their security postures will be sure to educate their users on emerging threats.
Providing an example, Hart states that organizations will feel the pressure of impending security standards. To illustrate this: “The combined efforts of the Cybersecurity & Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) in recent years have led to a series of new cross-sector cybersecurity performance goals (CPGs) that organizations have already begun to implement. The NIST is constantly workshopping its cybersecurity framework with the goal of helping organizations manage and minimize risk. While these standards are designed to strengthen organizations, the process of reaching full regulatory compliance can be tricky. The complexity, along with the growing push for federally enforced compliance, suggests we could see a flurry of activity in 2023 as more organizations seek to adopt these new security standards.”
The second expert to comment is Charles Talley, Senior Director of Services. Talley expects competitors within industries will model security strategies of their peers.
By this Talley means: “Each industry tends to consider itself to be the most threatened by malicious actors. While each sector can surely argue its case, one trend we’re seeing across the board is stagnation in security maturity. So how do organizations determine upgrades to their security approaches?”
He adds: “For most, it starts with a close look at the competition. No one wants to feel less secure or equipped than their competitors, so within individual industries, we’re seeing a pattern of organizations comparing themselves to their industry counterparts. Just as competition drives evolution in products or services, it will serve as a catalyst for security upgrades in the year ahead. The ever-looming threat of security incidents will push organizations across industries to reevaluate their security maturity and IT budgets in 2023.”
Talley also thinks that organizations will turn to subscription and managed services to better manage security.
Talley notes how “Developing an IT budget has grown increasingly complex over the last few years – amplified by the industry’s skill shortage – and 2023 looks to be no different. General feelings of economic uncertainty have swept through nearly every sector, leaving executives with a bevy of difficult budgeting decisions. Ultimately, organizations will be looking to do more with less in 2023 – or more with the same, in many instances. One way organizations are hoping to accomplish this is through the prioritization of subscription and managed services in their security budgets. Lean IT teams will turn towards these services to fill internal skill gaps and help achieve organizational security goals, like improving maturity, unlocking 24×7 visibility and optimizing threat detection and response.”
