Posted By
Published Date
As home networks become more intertwined with enterprise systems and organizations, the danger of cyberattacks continues to mount. As digital transformation progresses and cloud platforms become ubiquitous, cybersecurity professionals must face an ever-growing number of complex challenges. Over the past year, we've all had to demonstrate our resilience by adapting to unknown conditions.
Gartner reported that in the past year, we had seen an escalation of malicious activities such as ransomware attacks, cyberattacks on digital supply chains, deeply embedded security flaws, and more frequent assaults on identity systems.
As I reflect on some unexpected security trends from the past year, I'm eager to uncover what is ahead for cybersecurity in 2023 and beyond.
Our actions to secure remote access and supply chains have yet to produce the desired results.
I was shocked by the discovery, especially since both issues are critical and cybersecurity professionals have been discussing solutions for years. Organizations have prioritized strengthening their security measures around remote access and supply chains for a decade. As COVID-19 restrictions began to lift, I hoped these advancements would be widely adopted across sectors. Sadly though, this has yet to be the case. Everyone was committed to tackling these issues. Unfortunately, no one took action.
A new report from The 2022 Ponemon Institute reveals staggering statistics about the current state of cybersecurity. 54% of organizations were victims of cyberattacks in the past year, and 75% noticed increased security incidents such as credential theft, ransomware attacks, DDoS activities, and device losses or thefts. We have a lot of work to ensure our corporate settings, virtual or onsite, are secure and safe from malicious attacks.
Policy and Regulations Move Slow — Enterprises Must Move Faster
With President Joe Biden's executive order in May 2021 to bolster the nation's cybersecurity, businesses from all industries have scored a significant victory. In the executive order, it was declared that our country is currently enduring consistent and increasingly complex malicious cyber operations which threaten not only public sector entities but also the personal security and privacy of all American citizens. The Federal Government must take decision action to secure our nation from malicious actors and their activities. To do this, they must actively pursue initiatives that identify threats, deter them before they occur, protect against any potential attacks or intrusions, detect attempts on our systems quickly, and respond swiftly in the event of a breach. These issues are essential to debate, particularly at the federal level. Nevertheless, policies and regulations (especially concerning cyber safety) are only sometimes a quick fix. They establish the baseline, not the apex.
The executive order is an excellent gift to the cybersecurity world and businesses of all kinds; it includes provisions that will enhance baseline security systems, such as zero trust and supply chain protection. There's no doubt this move is beneficial for everyone involved! However, creating large-scale policies for the entire nation only guarantees a widespread and speedy adoption of pioneering cyber safety technologies. Establishing realistic expectations is the key. Regulations won't be effective or show positive results immediately, so businesses should take matters into their own hands as soon as possible and ensure their cybersecurity measures are up-to-date.
Even though we should rejoice in this executive order, let's not shy away from looking forward and discussing policy reforms that can make a real difference. While the Biden administration's executive order marked a significant step forward, keeping our expectations in check is essential. We cannot expect supply chain breaches to decrease by half within just six months- although that would be an incredible feat! It's going to take time, but I implore you - now more than ever – to let us prioritize the security of our supply chains in the years ahead.
The Huge Challenge Facing the Cybersecurity Industry
The US Census Bureau reported that the number of people who work primarily from home skyrocketed from roughly 9 million in 2019 to almost 27 million in 2021. This tremendous growth was mainly due to the pandemic and its effect on remote working. Despite the commotion regarding employers in 2022 urging their workforce to come back into the office, evidence confirms that remote work is here to stay. Undeniably, remote employment is projected to rise shortly, particularly for those with professional occupations.
The implications of this shift are far-reaching and will have significant ramifications for cyber professionals across all industries. Since the beginning of the pandemic, businesses and organizations have been confronted with a massive increase in their attack surface. Adapting to a diverse, dispersed workforce and the introduction of digital supply chains, public-facing technology assets, and operational tech beyond standard working conditions has proven incredibly taxing. The adoption of cloud computing further complicates matters. I am confident this will remain the reality, so companies must take action now instead of waiting until a breach or attack has impacted them.
Even before the pandemic flipped traditional work arrangements upside down, hybrid working was on its way to becoming more commonplace and would have kept moving forward. Companies have long been on the path toward a hybrid enterprise environment, and its increase in popularity only solidified this trend. As such, businesses must anticipate cybersecurity threats before they strike to stay ahead of adversaries; doing so has become desirable and necessary for survival. The advantages of having a distributed workforce, from access to diverse talent and improved capital efficiency, are so advantageous that we must embrace this way of working beyond 2020.
Inevitably, such a valuable organizational organization carries serious cybersecurity threats - especially regarding identity, roles, and rights distribution. Therefore, the critical inquiry becomes: how can we ensure that our distributed employees have sufficient access to do their tasks effectively in a hybrid working environment without having too much access?
In the past, when corporate resources and data were kept in a physical location with restricted access, security was often taken for granted. But as enterprises have become increasingly distributed across multiple digital platforms and networks - or put another way, the castle moat has been filled in - prioritizing cyber security should be at the top of every business's agenda. Compared to cyber-attacks against cloud-based critical infrastructures, gaining unauthorized access to a physical site is undoubtedly more challenging. Compared to a server within a secure building that's not connected to the internet, an individual working remotely is more vulnerable to laptop infiltration by cyber criminals.
Hybrid work will continue to be the norm, and an enterprise cannot risk a breach -- especially in today's unstable economic climate. Nowadays, more than ever, it is essential to construct robust protocols that address security on a fundamental level, particularly for remote access and digital identity management.
The pandemic had a devastating effect on the manufacturing industry. Organizations will seek to digitalize as the economy continues its comeback to gain efficiency and compensate for resource deficits. We can already observe manufacturers embracing the latest, cutting-edge, connected technology like various industrial IoT solutions. With modernization underway, supply chain issues should be resolved soon. Unfortunately, integrating innovative technologies comes with unfamiliar obstacles – particularly regarding cybersecurity. Thus, it is paramount that we stay informed and aware when utilizing novel tools and resources.
Even though many current intelligent factories have been able to embrace new advances, there are still a lot of small and middle-sized manufacturers needing help with complexities within their hybrid settings. Manufacturing companies will face a monumental cybersecurity challenge in identifying and deploying compatible security solutions for their complex systems, often combining decades-old on-premises technology with the cloud.
For any enterprise, securing identity access and permissions is a cornerstone of effective cybersecurity practices. Currently, only 36 percent of organizations understand the level and extent to which both internal and external users gain access to their systems. That's an alarming amount of access that needs to be accounted for! Granting access to your organization's systems should only be done with due consideration. Organizations must know who is accessing their systems to protect their assets and data. Ignoring the potential risk posed by unknown individuals could lead to an attack on their networks at any time. Organizations can significantly fortify their cybersecurity defenses by implementing more sophisticated privileged and third-party access controls and zero-trust policies.
As Gartner predicted in 2022, three of the most vital trends in cyber security will be attacked surface expansion due to enterprise dispersion, supply chain risk, and identity threat detection/response. They've got it to spot on! As we make our way into 2023, it is apparent that regulation can help move the needle forward; however, cyber security techniques must evolve to keep up with continually changing threats. No matter the industry, enterprises must recognize the significance of safeguarding their operations from malicious actors and take proactive steps to guarantee their security.