Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Staying Secure in 2023 and making it the Year of Action
By Ihab Shraim, chief technology officer
(CTO) with CSC DBS
This past year we saw a shifting cybersecurity
threat landscape, security breaches of major organizations, constant
geopolitical challenges, repeated spikes in targeted cyber-attacks in the form
of phishing and malware (ransomware), brand infringement and counterfeit, and
so much more. Organizations' ability to have awareness and visibility into all
of it, keep up with it, and make notable adjustments to their overall security
posture and cyber risk mitigation strategies has been a constant challenge. Almost
every targeted phishing and malware attack campaign begins with domain names. Therefore,
part of these strategies must involve online domain security.
In many ways, 2022 was no
different than the prior year in that domain security has not been the number
one priority as organizations address other business risks as part of their
overall security posture. However, we are starting to see a major shift toward
including it. An organization's domain ecosystem plays a vital role in brand
reputation, revenue leakage, customer engagement, and most importantly, sales.
It remains a major target for bad actors and fraudsters and needs to be a
target of cyber risk investment for organizations. With this backdrop, I
anticipate 2023 looking a bit different.
Since 90% of
cyberattacks were carried out by targeted phishing campaigns in 2022, they will
continue to grow exponentially - both in number and sophistication - throughout
2023.
CISOs are now putting more emphasis on ensuring that their domain
security (i.e., domain portfolio) and online brand reputation are becoming an
integral part of the corporate global security posture. As the adoption of the
Zero Trust model gains more traction in the industry, there will be continued emphasis
on user authentication and authorization in cloud infrastructures-essentially solidifying
the need for domain security. This in
turn, translates to a more accurate monitoring, detecting, and enforcement
against those threat vectors targeting their corporate online brand presence.
Additionally, companies are struggling to
qualify for cyber insurance rates they can afford, and domain security is one
area where the fix is a relatively low cost compared to other cybersecurity and
risk management expenses. Domain security protocol implementations such as registry
lock, registrar domain locks, continuous domain registration monitoring and
mitigation, 100% availability of domain name system (DNS) and bi-costal redundancy,
managing & monitoring DNS traffic and IP space, implementing DNS security
extensions (DNSSEC), online Brand protection & enforcement, and managing digital
certificates portfolios are must-haves within today's cybersecurity landscape. All
of this requires the deployment of the latest technology architectures such as leveraging
a domain data lake equipped with machine learning and deep search.
More scrutinization of the security of partner
ecosystems
In 2023, organizations will need to
continue to scrutinize the cybersecurity posture of those vendors, suppliers, and
partners that work as part of their supply chain. There will be a redefining of
what it means to be a trusted partner - someone that has shown they have
implemented the security processes and technologies in place with continuous
security audit controls to ensure the data you are sharing with them is secure
and not susceptible to cyberattacks. There will also be a greater
emphasis on partner ecosystems and verifying with valid proof that they have
deployed comprehensive security programs with emphasis on user authentication
& authorization, role-based access controls, continuous network &
system vulnerability assessments, patch management, and penetration testing.
Over the years, we've seen challenges
with choosing the wrong partners. For
instance, in the domain security space, not all partners are alike in
implementing security technologies and security audit controls to keep your
company and data secure. How do you evaluate and cross-check to be sure they
are dedicated to your safety as well as enabling your business? Enabling
business requires security - you can't have one without the other. As CTO of an
enterprise-class registrar, I've seen how this plays out poorly for companies
that use other registrars (consumer-grade) that don't have a strong security
posture. Essentially, it translates to owning
a large environment that's attractive and favorable to bad actors and fraudsters.
Fraud and online brand abuse and scams
will continue to plague companies and consumers
Fake websites used by criminals are most
prevalent with some of the largest brands in the world. In this year's annual
domain security report looking at global 2000 companies, we found that 3 out of
4 brands had fake domain registered by third parties. And despite the constant
barrage of fraud schemes, less than five percent of the global 2000 companies
implemented new proactive domain security measures this year.
This time of year, we all like to be
forward-looking and outline what we anticipate will occur. But every year,
there are so many unknowns that influence organizations' activity. In 2023,
organizations will do their best to navigate what comes at them. However, the
most important rule of thumb is - control what you can control. To that end,
it's even more imperative to embrace a more preventative approach to cyber risk
management shoring up the exposed surfaces that have been overlooked or under-invested
in to date. That's why 2023 is really the year of ‘action'.
Security Operation (SecOps) Impact: Increased
demand on registrars to provide secure API integration with threat intelligence
and SIEM platforms
Threat intelligence platforms suffer from
overload of available ingested data. However, the data require smart queries,
training, and time to conduct security investigations to track indicators of
potential compromise. Moreover, SIEM's main challenge today is that the SecOps team
suffer from "alert fatigue" and "alert numbness" which is an overload of alerts
being generated from deployed security appliances, systems, and network logs.
This directly results in SecOps wasting valuable response time, delays in
processing alert queues, and a diluted focus on what is critical for mitigation.
CISO's and SecOps teams are increasingly
requesting domain registrars to provide real-time, secure API gateways, focused
domain security data associated with their online domain name portfolio, DNS
services, digital certificates, and online brands infringement solutions. This
also include comprehensive enforcements (takedowns) and data associated with
threat vectors targeting their corporate online domain names and brands. Such API
integration with threat intelligence and SIEM platforms will provide focused
accurate data which in turn reduces SecOps personal alert fatigue and increases
the overall workflow performance and incident investigations.
##
ABOUT THE AUTHOR
Ihab Shraim is the chief technology officer (CTO) with CSC DBS. He is
responsible for the vision, innovation, and product revenue growth within the
company's cyber security, domain security, fraud protection, and brand
protection lines of business.