Virtualization Technology News and Information
Fortra 2023 Predictions: Embracing Digital Transformation - 4 Key Cybersecurity Elements to Consider in the New Year


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Embracing Digital Transformation: 4 Key Cybersecurity Elements to Consider in the New Year

By John Grancarich, executive vice president, strategy at Fortra

There's not a single organization or vertical out there that hasn't been affected by digital transformation, and unfortunately, many have been thrown into the fire before their time. What we thought we had years to adjust to and accept has been unexpectedly thrust upon us, with the events of the past few years precipitating a digital surge that not only hit us like a ton of bricks but had to be dealt with immediately.

Companies scrambled and did the best they could. As organizations rushed to put systems online, spin up apps for more connectedness and convenience, and push on-premises assets into the cloud, some clear thinking got missed. Cyber criminals spotted the gaps and jumped on them, initiating the ‘golden age' of cybercrime. Now, we're left dealing with the aftermath and finding out how to pick up the pieces.

It's never too late to begin again or to take stock of what you've done right and what might need improvement. Here are my answers to some hot-button issues revolving around the ongoing digital revolution and how we can embrace it safely in the coming year.

The biggest attack vectors to watch out for in 2023

Phishing and credential theft will likely remain at the top of the list for 2023 and with good reason: they're an effective strategy where the odds are stacked in an attacker's favor. Think about it: an organization needs to be right 100% of the time, while the attacker only needs to be right once. Who's likely to come out on top? The attacker of course, unless an organization doubles down on mitigation from both a solutions and training perspective.

Something else to keep in mind is that these attack vectors, due to their success, are coming in ever greater varieties to further improve an attacker's chances of success. Just look at how phishing has evolved - we now have spear phishing, smishing, and vishing, among others. In the wrong hands, these vectors will open opportunities to launch business email compromise attacks, supply chain and partner attacks, and of course, ransomware attacks - which we believe now affect upwards of 90% of organizations at one time or another.

Building future cyber resilience

I speak with CISOs and their teams regularly and have noticed a somewhat troubling trend: many are not quite sure where to focus their time and resources to build organizational resilience. When we dig deeper, there is an interesting root cause we often hear, which is that organizations are trying to treat all assets equally from a defense perspective. However, given the incredibly dynamic nature of the threat landscape, this is going to be all but impossible to do.

I think the way to start solving that problem is decidedly old school, but in my experience, quite effective: the business, IT, and security leaders need to come together and have a conversation to define what is actually most important to protect. It could be your intellectual property, your financial data, or something similarly critical, but you need to know what it is, where it is and how to protect it. Despite the hype and confusion, in my view, this is where zero-trust architecture comes in. By starting out focused and not trying to boil the proverbial ocean, you can prioritize this architecture around your most valuable assets and then proceed methodically from there.

Consider the importance of security automation

We have over 3 million open cybersecurity positions around the world, and these are difficult jobs to train and prepare for - you can't just drop someone into a security operations role and task them with protecting your organization against attacks. Anyone who's tried to hire just one developer or IT professional knows how hard it is, and yet we're somehow going to hire millions of new cybersecurity professionals? It's not going to happen, and we need to rethink the problem and how we're going to solve it.

Every industry is ultimately revolutionized by automation when demand for output outstrips the supply of skilled labor. Cybersecurity today is no different. We have too many vendors, too many products, and too many alerts, which creates an unsustainable signal-to-noise ratio. We have frustrated and burnt-out cybersecurity professionals who were promised a balance of professional challenges and growth, but in reality, find themselves facing challenges of a very different and undesirable nature. And this is where automation will play a key role in maturing the cybersecurity industry over the next several years. We can use it to amplify what a single professional can accomplish by taking on the routine, repetitive, and high-volume work that weighs them down and free them up to focus on more rewarding and higher-value work like security architecture, research, and strategy.

Protecting against ransomware attacks in 2023

Something we need to keep in mind is that ransomware is the output of a successfully exploited attack vector, whether that be credential theft, phishing, exploiting a vulnerability, or something else. The better an enterprise does at monitoring, protecting, and evolving how it defends against these attack vectors, the more successful it will be. So how do you do this?

A key strategy is ongoing testing. Utilizing a testing strategy that encompasses automated and non-automated tools regularly is going to yield insights about an enterprise's security posture that will likely come as a surprise. By combining both automated and non-automated testing - from vulnerability assessment and management to penetration testing and red teaming - an enterprise will develop a valuable view of where it is most resilient and where it is not. It can then prioritize where it focuses its remediation efforts and resources to yield the most benefit for the organization.

Growing accustomed to the new threat landscape will require some adjustment, but the sooner we can come to terms with the new realities, the sooner we can align our security strategies to give us the best foot forward in this new and uncharted domain.

You can read more about The State of the Cybersecurity Landscape here.



john grancarich 

John Grancarich is executive vice president, strategy at Fortra. He works with cybersecurity and automation customers to develop a full understanding of their needs in light of today's complex market dynamics and anticipate future trends and technologies. John's leadership enables the HelpSystems team to conceptualize, develop and implement market leading strategies and deliver continuous value to our customers.

Published Friday, November 18, 2022 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>