Here are four compelling technology and social trends that signal the need for not just cybersecurity but cyber resilience
Recently, the Cyber Security Agency (CSA) of Singapore announced that 54% more local firms had fallen victim to ransomware attacks in 2022 as many organizations had expanded their online footprints in offering hybrid work models and embracing cloud computing.
In 2023, cyber threats will only become more sophisticated and hybrid work will present more complex IT challenges.
It is clear that today’s security approach needs to be rooted in cyber resilience due to the growing risks posed by social engineering attacks, instabilities in the software supply chain, and the increasing reliance on cloud vendors. In particular:
- Security leaders need to increase their focus on cyber resilience: While protecting organizations against cyber threats will always be a core focus area of security programs, there will be an increased focus on cyber resilience, which expands beyond protection to include recovery and continuity in the event of a cyber incident. It is not only about investing resources in protecting against cyber threats; it is also about investing in the people, processes, and technology to mitigate impact and continue operations in the event of a cyber incident.
- Security teams need to protect against increasingly sophisticated attacks: The sophistication of spear phishing and social engineering attacks makes attribution of threat actors more difficult, which makes it tougher for organizations to properly defend against them. Expect to see more advanced social engineering attacks utilizing emerging deep-fake and AI technologies.
- Continuing software supply chain instabilities will attract large-scale attacks: More organizations need to focus on strengthening their security practices, from considering a zero-trust approach to further securing infrastructure services such as code signing, PKI, and hardening the release process. Increasing dependencies on third parties will also require more focus on security controls throughout the software supply chain, such as instituting third-party risk assessments, identity and access management, and timely vulnerability/bug patching.
- Attack surfaces will only get larger with the growing reliance on cloud vendors: With this trend, more organizations are layering cloud technology into new places and enabling unique use cases with cloud technologies. However, in doing so, they are expanding their attack surfaces and will need to come up with new strategies to strengthen cloud security. IT leaders will also need to have a strong process in place to evaluate cloud vendors and understand the proprietary technologies used in the backend.
In 2023 and even beyond that, it is essential to remember that securing the workplace is a collective effort. Organizations need to go beyond the basics and equip employees with the necessary know-how to manage increasingly complex cyber threats, especially in the era of flexible work arrangements.
Ultimately, security cannot be an afterthought. Implementing secure solutions with the popularity of a work-from-anywhere model is now more vital than ever.