John McClurg, Senior Vice President and CISO at BlackBerry, discusses the key considerations for CISOs as we enter into a new year, to ensure they operate with a secure strategy to ensure success filters from the top down.
Over the past few years, organisations have been busy grappling with the security requirements of managing newly remote workforces. As we look ahead to 2023, while we will turn a corner on the global pandemic, we anticipate an increase in the quantity and severity of cyberattacks, which will have significant consequences for organisations that aren’t prepared. So, what should cybersecurity leaders be prepared for in 2023?
Why 2023 will be the year of more sophisticated ransomware attacks
The threat landscape is rapidly expanding and bad actors will be relentless in their efforts to carry out more sophisticated attacks in the year ahead. Next year, CISOs should be prepared for threat actors to continuously develop new tactics, techniques and procedures (TTPs) to try and stay one step ahead of vendors.
Additionally, we can expect threat actors to leverage the massive cyber power of Quantum Computing wherever possible. While this technology defines a new, evolving era of advancements in data, Quantum Computing also offers a new set of opportunities for threat actors to gain access to sensitive information that could immobilise organisations. Security leaders must ensure their teams are vigilant and proactive as attackers continue to seek out innovative and creative ways to work around cybersecurity solutions.
Adopt a prevention-first approach to close the security skills gap
BlackBerry research revealed that eight-in-10 security leaders agree that filling specialised roles remains a key challenge, with many organisations lacking in-house expertise in incident response, cloud security and malware analysis. Even with the best cybersecurity tools available, if an organisation lacks the skills to manage them effectively then they cannot be confident in their ability to hunt and eradicate threats. This problem is most acute for small businesses that are unable to recruit and retain skilled staff to optimise their investments.
However, the reality is that millions of cybersecurity positions around the world remain unfilled and there simply aren’t enough experts on the global market to fill those gaps, particularly those with a strong background in AI and ML. In the face of a global talent shortage, security leaders should adopt a prevention-first approach to guard against malicious actors. This will become increasingly important as the gap widens between threats faced and the number of security workers available to handle them.
Prepare for more software supply chain attacks
If cybersecurity leaders look back at some of the most prominent supply chain attacks during the last couple of years, then names like SolarWinds, Kaseya and Okta come to mind. Attackers targeting the software supply chain frequently exploit systems and services that are in widescale use within industries and across geographies.
In fact, BlackBerry research revealed the magnitude of software supply chain cybersecurity vulnerabilities in today’s organisations – with 80% IT of decision-makers stating that their organisation had received notification of attack or vulnerability in its supply chain of software in the last 12 months, with the operating system and web browser creating the biggest impact. Following an attack, respondents reported significant operational disruption (59%), data loss (58%) and reputational impact (52%), with nine out of 10 organisations (90%) taking up to a month to recover.
This attack vector typically requires skill and planning to execute, making it well-suited to APT adversaries that have the resources to create bespoke tools and exploits that can maximise the stealth and reach of their campaigns. These types of attacks are why I so often write about ’locking shields’ in the cybersecurity ecosystem — because if suppliers or vendors aren’t protected from this type of attack, then neither are you.
In 2022, 24×7 monitoring and mitigation capabilities – specifically through managed extended detection and response (XDR) – could be the missing link for security leaders seeking to more effectively monitor and manage their software supply chain. Additionally, security leaders should select software suppliers that are equally innovative, partnering with those that use advanced technologies such as AI and Machine Learning to remove blind spots faster.
Prioritise investment in Zero Trust to minimise human risk
The ongoing popularity of flexible working models requires security leaders to continue to look for new solutions to help them manage and protect dispersed workforces. In fact, Gartner estimates the total market size for information security and risk-management spending will exceed US$188 billion in 2023.
Research has consistently shown that humans are still the most notable risk to cybersecurity and this largely results from a lack of awareness, negligence, or inappropriate access controls. Training alone will not solve these problems, nor will attempts to turn everyone into a cybersecurity expert. CISOs therefore need to focus on this truism and transition to a prevention-first security strategy by leveraging intelligent solutions that focus on impairing and impeding cyberattacks so that employees can focus on their jobs, not cybersecurity, wherever they choose to work.
As the attack surface expands, security leaders should prioritise investment in Zero Trust security measures. This approach assumes there is no longer a traditional network edge and takes a more stringent, continuous and dynamic approach to user authentication, but also does this seamlessly to avoid impacting the user experience. User access to resources will also be dynamically controlled based on real-time risk assessments of their current behaviour, while user-focused security controls are deployed at every enterprise network and cloud application ingress point to prevent remote employees from accidentally or intentionally violating security policies.
Invest in better CEM capabilities to be prepared for a cyberattack
As we saw in 2022 with Uber, if a hacker takes down an internal comms system, how are you able to communicate with employees? This will inundate your help desk with tickets indicating employees can’t access their email accounts because their email was shut down due to a cyberattack. As we look ahead to the next 12 months, companies therefore need to consider the consequences of any disruptions to their internal systems or operations, such as loss of productivity, negative impact on morale, displacement of staff, revenue loss and the increased cost of working.
Organisations should consider implementing a crisis communications plan as part of their overall incident response strategy to make them aware of any threats to operations that could impact employee safety or their ability to do their jobs. Communications systems facilitate off network notifications and alerts to address threats and incidents as they unfold, providing a reliable and secure way to keep people connected in crises – sharing the right information at the right time to keep them safe.
Click below to share this article
