Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Censys 2023 Predictions: Electrical Grids, the Internet, Third Parties and Ransomware

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Power Play: 4 Cybersecurity Predictions for 2023 about Electrical Grids, the Internet, Third Parties and Ransomware

By Art Sturdevant, VP of technical operations at Censys

If there is a common thread for our 2023 predictions, it's that too many companies are still investing in security solutions that are better suited for systems of the past: An anti-virus and firewall package isn't enough. Binging on lots of tools doesn't adequately address the core issues either - it just leads to alert fatigue, false positives, wasted resources and staff turnover.

Instead of "piling on" with products, it's essential to get the basics right: maintain an accurate inventory of systems, control user authentication, patch systems quickly, identify which outside parties have access to your data and understand what applications and activities you "own" on the internet.

With this in mind, here are four predictions for cybersecurity in 2023:

The energy sector will emerge as a prime target for attacks. Many organizations within this sector heavily utilize supervisory control and data acquisition (SCADA) and industrial control systems (ICS) and remain textbook examples of what can go wrong without strong security controls and often outdated equipment.

There's also a growing tendency here to enable remote access on devices that were never meant to be connected to the Internet, which increases vulnerability exposure for data and devices. Anyone who reads the headlines has seen that global tensions have triggered the targeting of water filtration plants, electrical grids, nuclear plants, etc. To avoid contributing to the next cyber attack "breaking news" situation, industry leaders need to overhaul their security strategies and resources to incorporate measures summarized here.

Security teams will focus more on the internet. They won't suddenly ignore servers and other embedded systems. But they will monitor internet applications and system activity closely as adversaries keep pushing at the fringes of the attack surface. As organizations continue to shift toward zero trust networks (ZTNs), they'll consider external inventories as a primary point of focus so teams can sufficiently protect these critical ingress points.

As part of this, the adoption of external attack surface management (EASM) solutions will start to soar to the point in which they emerge as a foundational pillar of a security program. It's important to avoid confusing your basic vulnerability management platform with EASM, which enables teams to identify and mitigate risks associated with internet-facing assets and systems. We're hopeful that we'll see EASM vendors distinguish themselves in the year ahead by demonstrating how they can push the perceived boundaries of what can be detected without an agent.

Organizations will deeply scrutinize their third-party/software as a service (SaaS) providers. They'll have no other choice. As regulations and fines pile up, security leaders and their teams will perform greater due diligence on cloud vendors and third parties to verify that they are committed to defense investments and strategies which measure up to their standards and are compliant.

Ransomware criminals will target the bigger fish. They go where the money goes, right? So why take over grandmom's hard drive or some mom-and-pop business when they can take down a huge hospital or utility network for a hefty payoff? The most recent Verizon Business 2022 Data Breach Investigations Report reveals that ransomware incidents have grown 13 percent within the last year - more than the last five years combined. We expect this trend to only increase in 2023. 

For many organizations, the prospect of disruptive and costly cyber threats makes for a potentially foreboding 2023. But your organization can rise above that by implementing essential policies and practices: Constantly educate employees about the latest phishing trends and tactics. Identify and protect what you have on the internet. Boost investments into application defense tools. Even simple steps like container scanning, static analysis and dependency tracking will sharpen your game in a big way, helping prevent attacks for a successful - and safe - year ahead.

##

ABOUT THE AUTHOR

Art-Sturdevant 

Art Sturdevant’s career spans more than 20 years and includes time as an entrepreneur, a Sr. Security Engineer at Duo Security, and most recently as VP of Technical Operations at Censys.

Published Friday, December 30, 2022 7:33 AM by David Marshall
Get This Featured White Paper: Password Management Report: Unifying Perception with Reality
You may also be interested in this white paper: The Guide to Choosing Backup Storage
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567