Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
2023 will bring more shifts to the cybersecurity landscape - Make sure you're prepared
By Immanuel Chavoya, Threat Detection
& Response Strategist, SonicWall
We have seen a drastic shift in the
cybersecurity landscape over the last several years, driven by the COVID-19
pandemic, remote and hybrid work, and rising international conflicts. 2021 saw record ransomware, and this year brought the first escalation of global malware volume in
more than three years. In the first half of 2022 alone, SonicWall observed 2.8 billion
malware attacks, a 45% increase in never-before-seen malware variants, and 77%
increase in IoT malware attacks.
With 2023 around the corner, many are
wondering what cybersecurity threats and trends the new year may bring. To
answer that question, I have a few trends and predictions to share from myself
and colleagues at SonicWall to help businesses prepare for the new threat
landscape.
Cybercrime-as-a-Service
fuels bad actors
Vying for dominance in the billion-dollar
cybercrime industry, threat actors are going to use the tactics of
cybersecurity intelligence providers to begin flooding the market with false
flags, diluting actionable intelligence, pointing the finger at competing
criminal syndicates. With the rise in sanctions and global takedown
coordination, threat actors will become savvy to the practices of threat
intelligence providers and begin using BAS to plant false flags. In other
words, we will see threat actors adopt cutting edge tactics such as Breach and
Attack Simulation (BAS), to simulate other threat actors' TTPs.
Immanuel
Chavoya, Emerging Threat Expert at SonicWall
Remote
and hybrid work brings threats home
The days of 2-hour commutes and endless
traffic are history. Remote and hybrid workforces are here to stay, bringing a
huge societal shift that will impact everyone. But in addition to more freedom
and time at home, this shift will also bring new challenges and threats -
welcoming threat actors into the home. We have already seen an uptick in
attacks targeting remote and hybrid environments over the past year, but in
2023, this may come to a head as threat actors target weak MFA and other
vulnerabilities in the home office.
Derek
Maggiacomo, Vice President, North America Sales at SonicWall
CISOs
will be held personally responsible for security breaches
In 2002, the United States passed the SOX (or
Sarbanes-Oxley) law in response to a number of major corporate and accounting
scandals, including Enron and WorldCom. Under title III of this law, principal
officers (commonly agreed to mean CEO and CFO) of public companies have to take
individual responsibility for the accuracy and completeness of corporate
financial reports. The law enforces specific limits on the behaviors of
corporate officers and describes forfeitures of benefits and civil penalties
for non-compliance. Now, 2022 brought the first criminal prosecution of a tech
company executive over a data breach. Going forward, we will see CISOs being
held personally responsible for security breaches on their watch and for ensuring
that appropriate compliance policies are followed after breaches.
Sarah
Choi, Senior PMM for SonicWall Capture Client and SonicWall TZ products
The good news is that there are steps
businesses can take now to ensure they are protected from evolving cyber
threats. With a hybrid workforce, a successful cybersecurity strategy starts
with employees, taking steps to improve password security, implementing a
strong form of multi-factor authentication, and training all employees to
recognize the signs of common social engineering attacks. Patching
vulnerabilities in software is also key but is something organizations often
forget, with a recent survey finding 78% of organizations don't patch critical vulnerabilities
within 24 hours of patch availability. Ultimately, those who prepare now will
fare better no matter what shifts the cybersecurity landscape may bring in the
new year.
##