Cybersecurity will remain high on the agenda in 2023, Paula Januszkiewicz, a highly reputed MVP and cybersecurity expert predicts in her latest vlog. Paula thinks businesses need to change their attitude toward cybersecurity to become more resilient and adopt an “Assume Breach Principle”, implying that no organizations are immune to hacking. However, with the correct skillset and technology, and especially AI and automation, attacks can be detected, and damage can be prevented. As security moves from backroom to boardroom, a real dialogue has started between cyberteams and key decision makers. The threats identified by Paula, and the approach she recommends while addressing them, are well worth everybody’s attention.
Paula Januszkiewicz, MVP and cybersecurity expert, has recently released a video that summarizes the key issues and challenges IT managers and cybersecurity experts will face in the upcoming year. After elaborating on the more familiar threats, she also recommended a number of priorities for businesses.
Incident response readiness
Paula predicts that important changes in cybersecurity in 2023 will concern incident response readiness. That said, organizations should always be ready and properly equipped to respond to data breaches, she adds. Another trend is the need for a well-established monitoring of privileged access and identity management. For when an attack occurs, the hacker needs two things: an identity, and then access to privileged accounts. Therefore, companies require the ability to monitor identities travelling within their infrastructure.
Insecure design, software and data integrity failures as major threats
Insecure design, namely risks related to design flows, is also one of the key cybersecurity threats companies are currently facing. This means that developers will need more threat modelling, security design patterns and principles, and reference architectures. Software and data integrity failures, lack of good monitoring and a lack of incident response readiness are also possible threats that need to be addressed. These occur when critical data and software updates are added to the delivery pipeline without verifying their integrity, Paula asserts.
Cybersecurity is not a finished product
Cybersecurity is never a finished product, but rather a continuous process. Organizations with a mature cybersecurity policy are characterized by ongoing audits and constant efforts to minimize vulnerability. These include training of staff in order that employees can become aware of cyber threats and update their knowledge on tackling them. Employees are more interested than ever in gaining competences that will allow them to protect themselves, their relatives, and their companies from cyber threats. Of course, businesses need to have appropriate technologies and procedures: a well-crafted incident response, secure identity protection and management, and good monitoring. Despite threats and increasingly sophisticated attacks, it is possible to stay ahead of the hackers. The key ingredients of a properly crafted cybersecurity strategy are training and proper technology, which prevent malicious and undetected codes from running and also monitor how identities are used. If a hacker accesses a company’s infrastructure, good backups and recovery are not enough to prevent damage, but an appropriate skillset – namely incident response readiness – is needed to detect the hackers’ actions.
Moving from backroom to boardroom
Fortunately, there have been some positive changes regarding cybersecurity recently that will become common in the upcoming year. Perhaps the most important one is that security is moving “from the backroom to the boardroom”. Paula calls this a significant shift that will enable a real dialogue between cyber teams and decision makers. It is another positive tendency that data privacy laws are expanding to more countries around the world. It is projected that by the end of next year, approximately 75% of the world’s population will be protected by such laws. Also, it is seen as a positive trend that 30% of enterprise-level organizations will procure software as a service security solution coming from the same vendor by 2024. Therefore, organizations will further consolidate security vendors. Simplifying vendor management is crucial for increasing security in current market challenges. Organizations are under constant pressure to reduce costs, effectively manage risks and optimize operations, as the global landscape regularly poses new challenges to them. On average, organizations are using approximately 50 security solutions from different vendors and still remain unsure whether these solutions are effective, or even necessary. This is why it is important to simplify the customer security landscape and eliminate the redundant capabilities of different solutions or integrate them.
Businesses need to change their attitude toward cybersecurity to become resilient
As techniques rapidly evolve to match the everchanging security landscape, it is highly important to build security skillsets. Modern cybersecurity risk management includes on-prem cloud, IoT, OT devices. Organizations that work towards building their in-house cybersecurity teams should focus on developing a diverse skillset that will allow them to protect assets, detect threats and respond to incidents. However, organizations that are still building cybersecurity skillsets or teams can turn to solutions that help mitigate the skill gap by means of AI and automation. The role of AI and automation in detecting threats and allowing faster response times to mediate potentially risky activity is increasing. She underlined that unified CM (Configuration Management) or XDR (Extended Detection and Response) are means to improve operational efficiency. Companies must change their approach to cybersecurity in order to build a resilient environment. Namely, companies need to accept that no organization is immune to attacks. Therefore, a resilient environment should be built around the “Assume Breach Principle”.
As former FBI director James Comey put it once: “There are two types of big companies: those who have been hacked and those who don’t know that they have been hacked.” Companies must admit that at some point they are going to be attacked and their defenses will be breached.
This is why Paula prioritizes detection over protection and response: only after detection can companies respond appropriately with the correct tools and methods. Therefore, efficient monitoring, automation, and CM systems are crucial for reducing the impact of cyberattacks.