Intelligent CIO North America Issue 29 - Page 84

FINAL WORD covering people , process and technology and focusing on early detection and sound response as opposed to protection and prevention .
Multi-Factor Authentication ( MFA ) will continue to be a prime target for attackers : With identity attacks on the rise , in 2023 attackers will continue to take advantage of vulnerable MFA methods . As companies continue to roll out MFA , attackers will continue to take advantage , either by flooding endusers with requests to brute-force their way in , or by skilled phishing campaigns . End-users will be the ones directly targeted by attackers . This means not just organizations , but also consumers will need to
decrypted . Defenders should not rest on the laurels of encryption and start to take note of what NIST is doing in post quantum encryption this year for action in the coming years .
As the war for talent increases , security companies will need to develop creative ways to recruit and retain workers : As an industry that is no stranger to burnout and stress , cybersecurity companies will have to ensure they can demonstrate they are an attractive outfit to work for . This is in order to fend off competition from tech companies that can often offer lucrative salaries and superior work-life balance . To achieve this , cybersecurity companies must adopt a more forward-thinking approach , this could include offering flexible working arrangements , performance incentives and health and wellness policies .
Organizations must ensure they have tools in place to detect suspicious login activity and stop it in its tracks .
be more aware than ever of the risks to their digital identities . Meanwhile , organizations must ensure they have tools in place to detect suspicious login activity and stop it in its tracks .
Attackers will begin to steal and keep encrypted data to decrypt in a post quantum world : Advances in Quantum Computing will force the hand of security leaders in 2023 to start thinking about this sensitive encrypted data in a post-quantum world . However , this approach will also grab the attention of attackers , and instead of bypassing encrypted data that was previously safeguarded , they will attempt to grab the data and keep it stored for sale or to be later
Private and public sector will batten down the hatches against nation state cyberattacks : Cyber warfare will remain a real threat in 2023 , from a broader use of known TTPs to an unknown equity of zero days just waiting for the strategically right moment to deploy against one ’ s foes . Leaders of private and public sector organizations will start to really pay attention , investing more in the incident response and speed at which vulnerabilities are being handled in the coming year to limit the blast radius of such a cyber weapon . Posture , detection and quick response will be paramount this coming year .
Software and IOT device labelling take a foothold : Labels should state clear facts about the privacy and information security parameters of the product and organization . One key piece of information on labels should be how long a company will support its software , because a physical device may outlast the time a product is supported .
“ While the threat landscape might seem daunting , there are technologies out there to give organizations the decided advantage , but action has to be taken now . Regional SOCs need to introduce AI into their security mix – AI that eliminates the noise found in most of today ’ s IT environments ,” Neuhaus added . “ The right data , analyzed the right way , will open the door to a new era of visibility and control for security teams . In this Attack Signal Intelligence framework , cyber actors ’ TTPs [ tactics , techniques and procedures ] become more obvious and allow security professionals to be more effective threat hunters .” p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com