Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
6 IT Security Challenges for the Year Ahead
By Maxime Trottier,
VP Sales & Marketing at
Devolutions
At Devolutions, we have very close
relationships with InfoSec organizations and specialists around the world.
Based on our ongoing conversations with them, along with our own experiences in
developing and delivering a roster of universal password and access management
solutions, we anticipate six major IT security challenges in 2023:
1. Ransomware
will continue to proliferate.
The average ransomware payout has climbed to
$170,704 per incident (all figures USD). And it gets even
worse: only 8% of victims who pay a ransom get all of their data back. In light
of this, it is not surprising that ransomware was listed as the top threat that
SMBs are most concerned about in the Devolutions
State of IT Security in SMBs in 2022/2023 Survey Report.
To reduce the chances of being victimized, at
a fundamental level we advise organizations to adopt rigorous cybersecurity hygiene
and endpoint protection, and implement a backup and restore plan. And speaking
of backups: organizations should ensure that they meet their recovery point
objective (RPO) and recovery time objective (RTO).
2. Cyberwarfare will get uglier with
geopolitical tensions, wars and conflicting nation's strategic interests.
Organizations
do not just need to protect themselves from hackers. They must also be on guard
against nation-states that engage in cyber warfare to achieve political rather
than economic ends.
To
address this growing threat, organizations should assess the risks of business
development, support, and relationships with foreign nations. As necessary,
they should act to limit or prevent potential negative impact.
3. Social media will continue to facilitate
political interference, crime and surveillance.
These
days, social media is being used-or better stated, misused-for political
interference, as well as to deploy malware and spyware.
To
reduce their exposure, organizations should educate users on social media dos
and don'ts (with an emphasis on don'ts!), and ensure that they have full,
updated visibility across all of their social media platforms.
4. The supply
chain will become a more attractive target for adversaries.
Overall, digital
products and services are getting more secure. That is the good news. But the
bad news is that cyber criminals are reacting to this by targeting supply chain
vulnerabilities, and infiltrating software vendors' networks to install a
backdoor. This enables them to compromise newly acquired software
from the start, or compromise existing software prior to the application of a
hotfix or patch (this was the approach used in the notorious Solorigate/Solarwinds
supply chain attack).
To
dial back this vulnerability, organizations should rigorously assess vendors
against their own security requirements. We recommend choosing vendors that
follow best
practices that include: regularly testing the strength
of their cybersecurity resilience; providing evidence of the latest source code
scan and/or application penetration; deploying application firewalls/network
segmentation; complying with all appropriate policies and regulations (e.g.,
SOC 2, GDPR, etc.); and running a comprehensive employee security awareness
program.
5. Get ready
for more cloud leakage and breaches.
Many organizations
(and virtually all SMBs) do not have cloud security specialists on their
roster; not because they do not want them, but because they are quite hard to
find-and very costly when available! Unfortunately, this growing skills
shortage means that we will see many more cloud leakage and breach events in
2023.
To deal with this challenge, organizations should continuously
train users, DevOps, IT, and security staff in order to ensure the proper and
secure use of the fast-changing cloud space. It is also critical to establish
visibility over the usage and consumption of deployed resources. In addition,
organizations that do not have in-house cloud security expertise should fill
this critical skills gap by working with a Managed Service Provider (MSP).
6. Pressures
from regulatory bodies and insurance providers will drive increasing privacy
and security due diligence and requirements.
In response
to the worsening IT security threat landscape, regulatory bodies and insurance
providers are demanding that organizations meet increasingly higher IT security
standards.
We expect
this to intensify in 2023, which means that some organizations will need to
revisit (or in some cases, create from scratch) their cybersecurity incident
response plan and policies. As part of this effort, some organizations may also
need to add or replace tools in their ecosystem. For example, a growing number
of insurance companies are demanding that policyholders have a robust
privileged access management (PAM) solution in place that supports practices
such as account brokering, password
rotation, role-based access control, and session recording.
The Bottom
Line
Nobody has
a crystal ball or magic mirror to gaze into the future and see precisely what
is on the horizon. However, regardless of how the next 12 months play out, it
is a very safe bet that the IT security challenges above will determine for
many organizations whether 2023 is a year worth remembering-or one they cannot
wait to forget!
##
ABOUT THE
AUTHOR
As VP Sales & Marketing at
Devolutions, Maxime Trottier leads the company's international market research
and development efforts, along with customer relations and overall business
development. He's driven to bring innovative and cutting-edge solutions to
Devolutions' customers around the globe - this includes secure remote access
management, secure digital vaulting, secure password management, MFA, and
security automation. All of Devolutions' solutions are affordable for SMBs, and
are simple to deploy, configure and use.