The world of cybersecurity never stops, threats and the technology to counter them are constantly evolving.
So while it’s hard to predict what will happen, we can extrapolate current trends to show where things are headed. is.
Ilkka Turunen, field CTO at Sonatype, believes open source software will continue to be an attractive target for attackers. “Open source is a huge success story for the technology industry, but meanwhile, attacks on the software supply chain have increased by an average of 742% each year since 2019, and there is no reason to believe that next year will change. Just as you can’t insulate a building with just any material, 2023 will be the year organizations realize they have to get rid of the more enthusiastic mentality of the components contained in the software.”
This view is shared by Marc Woolward, CTO and CISO of vArmour. “One of my top priorities for 2023 is to address cybersecurity and operational risks in the software supply chain, especially as regulators protect critical business functions and sensitive data in this space. Because we continue to enact guidance for.From PyPI to Lapsus$, attackers are going all out: the benefits of vulnerabilities in third-party applications and the fact that companies can’t stop them. Our focus is on helping our customers understand the IT supply chain from the inside out, where the full enterprise risk and context can be assessed through the supply chain (via observability techniques and software bill of materials). It’s just a behind-the-scenes perspective that surrounds it, selects your preferred security strategy, and closes the everyday vulnerabilities in enterprise software that attacks can so easily exploit.”
Brian Behlendorf, General Manager of OpenSSF, believes industry and governments will need to take precautions to protect critical infrastructure from cyberattacks in 2023.
Critical infrastructure is at risk. 2023 will very likely be the year cyberattacks threaten railroads, power grids, nuclear power plants and even cars (many of which today he has over 100 computers). . No one has correctly bet that cyberattacks will slow down. As such, he should expect ransomware and digital asset theft to increase in 2023.
A huge amount of effort is already being put into thwarting cyber threats from foreign state actors, but it is not enough. The United States, especially Europe, needs to invest more in better software supply his chain management and cybersecurity of critical infrastructure. Open source software cannot be ignored in this formula. It’s the bridge and highway of the software supply chain, representing 75-90% of all code bases. As with all roads and bridges, they must be maintained with care. Otherwise, you’ll keep getting into car crashes like SolarWinds and Log4Shell incidents.
Immanuel Chavoya, Threat Detection and Response Strategist at SonicWall, also believes there will be more geopolitically motivated attacks. “When it comes to protecting against the threat of geopolitically motivated attacks, the current call to action is to be proactive rather than reactive to attacks such as targeted malware and exploitation of vulnerabilities. attacks can be used to wreak havoc on critical infrastructure such as healthcare, utilities, financial institutions, oil and gas. Cause damage and send signals.In 2023, organizations and governments will have to be prepared by preventing trouble from happening.Can easily launch attacks and closely monitor network activity so we can quickly identify and respond to attacks.”
John Stock, product manager at Outpost24, said the economic slowdown will make cybercrime more sophisticated. “The current economic climate means that individuals and businesses are tightening their purse strings and may not be able to withstand the economic impact of cybercrime. People are looking for new ways to make money, and online scams are on the rise, from the most basic scams to highly sophisticated ransomware extortion. businesses and individuals alike need to be aware of evolving scams and educate themselves on the latest tactics, as cybercriminals seek ever more sophisticated methods to carry out their attacks. .”
Rick Vanover, Senior Director of Product Strategy at Veeam, says AI will play a role in countering attacks. “Ransomware, phishing attacks and data breaches are very well known among organizations. While these attacks are not a new concern, they have and will continue to wreak havoc on the industry. Moreover, the bad actors show no signs of stopping: these continued and evolving attacks, AI and machine learning are beneficial, and organizations are poised to face another highly active cyberthreat in 2023. As we get closer to the situation, we’ll look to these tools: Once AI is implemented, we’ll apply deployed open source programs and automated security analytics.”
Alberto Yepez, co-founder and managing director of Forgepoint Capital, believes companies are increasingly turning to third-party providers to fend off threats.
In 2022, the cybersecurity landscape has become increasingly complex, with harmful activity by threat actors occurring frequently. However, because CISOs and other security decision makers have traditionally been pressured to do more with less, market conditions have limited the ways in which these threats can be countered. rice field. These challenges have created a serious need for organizations to strengthen their defenses in a holistic and affordable way. Queue: Managed Service Providers (MSP) and Modern Managed Security Service Providers (MSSP).
MSPs and MSSPs have provided organizations with a unique edge by offering them the opportunity to solve specific pain points within small and medium-sized businesses (SMBs). In short, we offer both the economic ease of working with one vendor and the security strength to strengthen your defenses. Current market penetration is around 30%, and the shift towards broader adoption of MSPs and MSSPs will only increase in the new year as organizations look to solve the problems posed by large security stacks. Providers that offer both preventive and reactive security tools, along with partnerships with cyber insurance and remediation experts, will have an edge.
Splashtop CEO Mark Lee believes that more people working from home will lead to more phishing scams. “We expect to see an increase in remote access scams next year as more targets stay at home. A phishing campaign that tricks people into installing it.As with all phishing, companies must adhere to regular employee training, encryption of sensitive data, and extended enterprise-wide security patches and updates. We must take proactive steps to mitigate this threat, including ensuring compliance.”
Renowned security strategist and leader of Splunk’s SURGe research team, Ryan Kovar, believes we’ll see cybercriminals move away from cryptocurrencies. “Ransomware gangs are trying to stay away from cryptocurrencies because of financial instability, but because of traceability. Ultimately, cryptocurrencies aren’t really anonymous, but you If you’re a criminal living in an anonymous country, if you support, sponsor, or don’t care about cybercrime, you probably won’t get prosecuted easily unless you really offend people. is not.”
image credit: lightkeeper/depositphotos.com