Attacker tradecraft centres on identity and MFA
Once considered a ‘silver bullet’ in the fight against credential stuffing, it hasn’t taken attackers long to find and exploit weaknesses in Multi-Factor Authentication (MFA) and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a stand-alone ‘set and forget’ solution.
Ransomware rushes to the cloud
Ransomware attacks are ever-evolving, and as cloud adoption and reliance continue to surge, attackers will continue to follow the data.
Recession requires CISOs to get frank with the board about proactive security
CISOs will move beyond just insurance and checkbox compliance to opt for more proactive cybersecurity measures in order to maximise ROI in the face of budget cuts, shifting investment into tools and capabilities that continuously improve their cyber resilience.
– Tony Jarvis, Director of Enterprise Security at Darktrace
- Compromising collaboration tools – while phishing attempts against business and personal email accounts are an everyday threat, in 2023 criminals will widen their aim to target business collaboration tools such as Slack, Teams, OneDrive, and Google Drive with phishing exploits. These are a rich source of sensitive data given most organisations’ employees continue to often work remotely.
- Weaponising deepfakes – In October 2022, a deepfake of US President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely. Was this a joke, or an attempt to influence the important US midterm elections? Deepfake technology will be increasingly used to target and manipulate opinions, or to trick employees into giving up access credentials.
- New laws around data breaches – The breach at Australian telco Optus has driven the country’s government to introduce new data breach regulations that other telcos must follow, to protect customers against subsequent fraud. We will see other national governments following this example in 2023, in addition to existing measures such as GDPR.
- New national cybercrime task forces – More governments will follow Singapore’s example of setting up inter-agency task forces to counter ransomware and cybercrime, bringing businesses, state departments and law enforcement together to combat the growing threat to commerce and consumers.
- Mandating security and privacy by design – The automotive industry has already moved to introduce measures to protect the data of vehicle owners. This example will be followed in other areas of consumer goods that store and process data, holding manufacturers accountable for vulnerabilities in their products.
– Check Point Software
Cybersecurity will finally join the modern data stack
In 2023, we will see more security teams leveraging modern cloud data lakes, which provide a consolidated view of all security data, alongside business and IT data, to greatly improve an organisation’s security posture.
Security data lakes no longer need to be “DIY projects” based on Hadoop and homegrown tooling. Recent updates to leading security products enable them to run directly on top of an enterprise’s existing cloud data platform. That way, cybersecurity teams have a much lower barrier to using the same data platform as the rest of their organisation. The economics of the modern data stack, with the cloud data platform at its core, will drive savings and while better data analytics capabilities will translate to higher fidelity insights for security teams.
Board members will demand timely and actionable security metrics
The rise of security data lakes in the cloud will make it much easier to generate near-real-time reports around critical security metrics. In 2023, board members will demand transparency through quantified insights on the company’s security posture, areas of weakness, and rate of improvement. While standard in other departments, cybersecurity has been late to provide this kind of visibility.
Expect that cross-company data sharing will be leveraged to establish peer comparisons and inform executives of how their progress compares to others in their cohort. Watch for collaboration between security and data teams to establish modern data sharing in a governed way that supports sharing of key metrics within infosec groups, while preventing sensitive information from getting out.
– Omer Singer, Head of Cybersecurity Strategy, Snowflake
Digital identities form the foundational components of our digital services, holding critical information such as personal and corporate data. 2023 will see a stronger focus on safeguarding digital identities as more and more companies go through increasingly complex digital transformation agendas. Hence, earning digital trust becomes imperative for companies as it reflects the confidence and trust of stakeholders in their technology and processes. To achieve digital trust is to have zero-trust principles in place that can help fortify the company’s infrastructure, application, and network, making sure they are independently secured, authenticated, and authorised.
– Neville Burdan, Director, Security, Asia Pacific DXC Technology
Software vulnerabilities are inevitable as more code is written
The increase in the number of vulnerabilities is inevitable due to the sheer amount of code being written each day. While nobody writes bad code on purpose, producing 100% secure code is very hard to achieve.
The industry therefore needs more openness around vulnerability reporting; the current ad-hoc bug bounty programs are not functional when we consider all of the different sources and users of each piece of code. Instead, governments should provide support to create a worldwide bug bounty program that standardises this process and provides a centralised location for all reporting. The moves that the Biden Government has made around open source software are a good starting point for this, and in 2023 this will continue to expand.
There is also a need to encourage software developers to follow best practices around application development. Embedding frameworks like OWASP into how developers create and check their code should be done as standard, but this will grow in popularity.
ML will be a prerequisite to combat SOC burnout and alert fatigue
Most attackers automate, and have done so for a long time, yet organisations have been reluctant to adopt the same tactics. This reliance on manual forms of defence against automated attacks is like fighting against a tank with a bow and arrow. Automation and ML can help – the technologies can speed up detection and remediation times, but also to cut through all alert noise.
In 2023, analytics will play more of a role in how security teams manage attacks and levels of risk. Many teams will be happy to rely on the tooling that they are given and the signals they get back, but the best-performing teams will take the time to understand how the results they get come through to them. By knowing more about the theory and workings of security analytics, these teams will outperform. They will use tools to help them move faster, but they won’t rely on the tools alone to get their insights.
Using technology to weed out the irrelevant threats will allow teams to get back to the more “juicy” work by addressing the serious threats that they were trained to handle. When SOC teams are empowered to do the work they really want to do, job satisfaction should increase.
– Debashish Jyotiprakash, Vice President for Asia and Managing Director for India at Qualys
Cloud will play an increasingly pivotal role in preventing cyberthreats
Today’s business climate involves heavy reliance on virtual tools to support hybrid work environments across the globe; increasing adoption of SaaS tools; and continued growth of enterprise data volumes. APAC, in particular, is on the precipice of a digital evolution with the continued rollout of 5G across the region, millions of new users set to join the internet in the next year alone, and businesses accelerating their digital transformation journeys. With such a digitally connected environment, it is inevitable that cybersecurity threats will persist and become increasingly complex in 2023.
The reality businesses must prepare themselves for is that it will be nearly impossible to prevent all the ways malicious actors can infiltrate networks, exploit unknown vulnerabilities, and target company data and backups to extort money from organisations. In many ways, security preparedness and malware prevention is a cat-and-mouse game. This is why so many organisations deploy security strategies which include not just prevention and detection, but data protection, backup, and recovery as well.
In this perpetual battle against cyberthreats that risk downtime and data loss, cloud data management and protection features will be growingly critical tools in businesses’ arsenals. For one, cloud storage can enable businesses to quickly replicate secondary and tertiary copies of data in multiple regions and geographies without even the need to purchase or implement any local hardware. Businesses can also utilise the immutable storage capabilities offered by cloud providers, to mitigate against inconsistencies between active data and backup copies.
– Sunny Chua, Singapore General Manager, Wasabi Technologies
Online fraud will aggressively increase in volume and transactional value as cybercriminals more deeply utilise AI/ML combined with targeted bots and automation. We’ll also see a rapid increase in the use of deepfake technology to commit online fraudulent activities. As some examples, deep fakes will fuel synthetic identity fraud, social engineering, and phishing-based attacks.
– Reinhart Hansen, Director of Technology – Office of the CTO, Imperva
Securing connected medical devices will be critical
Digitisation enables new healthcare capabilities, e.g., virtual healthcare and remote diagnosis. The prevalence of legacy systems and sensitive data attractive to cybercriminals makes healthcare a soft target, and cyberthreat actors will focus on it. The closer a device is to a patient, the more likely it is to impact patient safety, and the more likely a threat actor will weaponise it. Ensuring the cybersecurity of medical IoT will be important as ever for patient safety.
Cloud supply chain attacks will disrupt businesses
Companies adopting cloud-native architectures are also inherently consuming third-party code in their critical applications. Log4J recently demonstrated how many organisations can be immediately vulnerable due to a piece of dependent code tucked deep into the software packaging process. We have also seen attackers targeting the volunteers who maintain these open-source code constructs to infiltrate organisations through the package update processes. This issue falls under the cloud supply chain, and we will see more disruptions due to cloud adoption trends in the coming year(s).
The debate on data sovereignty will intensify
As the world becomes more reliant on data and digital information, the volume of regulations and legislation emanating from a desire to control and protect citizens and ensure the continued availability of critical services will increase. As a result, the conversations around data localisation and data sovereignty will likely intensify in 2023.
Metaverse to be the new playground for cybercriminals
With an estimated US$54 billion spent on virtual goods every year, metaverse could open up a new playground for cybercriminals. The immersive nature of the metaverse will unlock new opportunities for businesses and consumers alike, as it allows buyers and sellers to connect in a new way. Companies will take advantage of mixed reality experiences to diversify their offerings and cater to the needs of consumers in the metaverse.
– Sean Duca, Vice President and Regional Chief Security Officer, Asia Pacific and Japan, Palo Alto Networks
Cybercriminals seek keys to the kingdom to launch API attacks
In 2023, we’ll continue to see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organisations. A main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment. Because the majority of traffic within modern applications is API traffic, and it’s often not closely monitored, this fuels lateral movement as cybercriminals continue to use evasive techniques once inside the environment to divert detection across VDIs, VMs, and traditional applications. It may be a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom through four key steps – steal credentials, move laterally, acquire data, and then monetise it.
Remote desktop protocol will fuel island hopping attacks
Many organisations have learned the hard lesson that you’re only as secure as the weakest link in your supply chain. In 2023, cybercriminals will continue to utilise island hopping, a technique that aims to hijack an organisation’s infrastructure to attack its customers. Remote desktop protocol is regularly used by threat actors during an island hopping campaign to disguise themselves as system administrators. As we head into the new year, it’s a threat that should be top of mind for all organisations, but particularly those in the healthcare industry given the sensitive nature of personal health data and the regulations across the sector.
– Chad Skipper, Global Security Technologist, VMware
The focus on resilience will see a change in the role of security leaders as the discipline of cybersecurity continues to evolve. CISOs will need to take more responsibility to address broader cyber resilience to address the accelerating volume and effectiveness of cyberattacks. We are starting to see the convergence of ITOps, security tools, and data convergence that could help close the gaps and vulnerabilities in the space between physical security, such as RFID key cards and smartphones, and cybersecurity functions. On the other hand, the increasing interest in AI/ML could help introduce good cybersecurity practices and shrink attack surfaces instead of the need to chase after malicious activities constantly.
– Robert Pizzari, Vice President, Security, APAC, Splunk
Dormant account takeovers become mule accounts
Dormant accounts occur when consumers do not access their online accounts for a long period of time rather than closing them. These dormant accounts are just what fraudsters like to use in the laundering of funds received from illegal activities.
By recruiting mules through deceptive social media posts and ads, phishing and easy money scams, these dormant accounts are then used for illegal purposes.
Fraudsters manipulate mules by asking them to receive money and make purchases or send funds to other accounts. Bank accounts that suddenly switch from being inactive to active do raise red flags, but it is the account holder who will be punished if caught rather than the perpetrator in most cases. We predict 2023 will see a sharp rise in dormant account takeovers by fraudsters using mules.
The rise of BNPL fraud
The rise of Buy Now, Pay Later (BNPL) companies across the region all share similar characteristics, i.e. they all offer convenience, interest-free payments, encourage purchases, flexible repayments, and fast account opening approval. Yet they are all prone to fraud found in the retail sector.
In the race to attract customers and win market share, some BNPL companies have forgone standard security protocols to the extent that crypto exchanges have better controls as a whole. We predict 2023 will begin to see BNPL exposed to friendly and refund frauds, accounts opened with stolen credentials, bot attacks and more.
– Chris Stephens, Solutions Engineering, Callsign
Demand for cyber insurance is going to increase, but it’s going to become harder to get
Cybersecurity awareness has its benefits and drawbacks, one of which is higher premiums for cyber insurance. The global cybersecurity insurance market is projected to be worth US$29.2 billion by 2027, up from US$11.9 billion in 2022. In Asia-Pacific, the demand for cybersecurity insurance is only set to grow given the increase in fines due to non-compliance and regulatory developments. This is largely due to heightened awareness of the financial and reputational risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation, and more.
At the same time, underwriters are also making requirements for obtaining cyber insurance much stricter, requiring things like two-factor authentication and adoption of specific technologies like EDR and XDR. These documents, which used to be two-page questionnaires, are now full audits and 12+ pages long. On that note, increasing cyber insurance premiums and stricter requirements to obtain insurance will be interesting hurdles to watch in 2023.
On the flip side, we’ll likely also see an increase in demand stemming from the rising incidence of supply chain issues. Because of these issues, companies will likely start requiring vendors or third parties they work with to have some form of cyber insurance. With geopolitical issues spilling out across borders coupled with cyberthreats companies are constantly facing, companies are going to prioritise protecting their most critical assets (including their reputation). Demand for cyber insurance will continue to increase, as will prices and requirements for obtaining these policies next year.
Wiperware attacks will increase
Although wiperware, ransomware’s close cousin, has been around for nearly a decade now, we saw a drastic increase in the number of wiperware attacks in 2022. The motivation behind wiperware is almost always to sabotage victims, especially during times of war, as we see with Russia and Ukraine. Seven different types of wiperware have been used to attack Ukrainian organisations in attempts to weaken their abilities to conquer Russia. We can anticipate a rise in nation-state-motivated wiperware attacks in 2023 as the Russia/Ukraine conflict continues, and we can expect to see other nations utilise these attacks in future conflicts now that they’ve become more prevalent on the global scene. Additionally, with the rise in wiperware, there’s likely to be a rise in phishing attacks, given that it’s the most common vector for distributing ransomware and wiperware.
– Jon France, Chief Information Security Officer at (ISC)²
More sophisticated spear phishing
Fraudsters will continue using social engineering, a method of attack where cybercriminals weaponise personal information to target a specific user. Sophisticated attacks like spear phishing – where attackers send emails that appear to be from a known or trusted sender – will grow.
Most prominently, whaling will be on the rise, which is an even more specialised variety of spear phishing, and targets a specific user high in an organisation’s hierarchy – also known as CEO or CFO fraud.
Increase in MaaS
Malware as a service (MaaS), which is a model similar to software as a service, will continue to grow as a booming business for cybercrime organisations. MaaS is available for purchase on the dark web, to target big businesses with sensitive and critical assets.
Harvest now, decrypt later
Quantum computing is closer to becoming a reality and as we move towards Q-Day – when this technology will be readily available – organisations need to prepare for ‘harvest now, decrypt later’ attacks. Bad actors will ‘harvest’ data from organisations, with the intention of decrypting the data later, when quantum computing reaches maturity.
AI voice cloning technology
Threat actors will take social engineering to the next level. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilise audio deepfakes. These will be used in combination with compromised email and collaboration accounts.
Malicious use of LLMs
Large language models (LLMs) will be used by criminals to increase the number of attacks. These are AI tools that read, summarise and translate texts and predict future words in a sentence, letting them generate sentences similar to how humans talk and write.
Bad actors will use accessible LLMs to create campaigns using natural language and automatic social engineering, aimed at the most vulnerable people in companies. This will allow them to carry out more attacks while at the same time improving their success rate.
– Mimecast
Zero trust network access over VPN
To prepare for the ever-expanding attack surface in 2023, we anticipate seeing a bigger shift towards zero trust network access (ZTNA), with fewer organisations opting to place all their eggs in the VPN basket. Zero Trust security forces everyone and everything to prove who they are before access is authorised by assuming every user, device or network is hostile.
– Shishir Singh, Executive Vice President and Chief Technology Officer, BlackBerry Cybersecurity
Reconnaissance-as-a-Service models could make attacks more effective
Another aspect of how the organised nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organisation’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack. Attacks fueled by CaaS models means stopping adversaries earlier during reconnaissance will be important.
Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organisations know the enemy and gain advantage.
Money laundering gets a boost from automation to create LaaS
To grow cybercriminal organisations, leaders and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organisations and subsequent job listings to make their businesses seem legitimate. Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organisations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.
Looking outside an organisation for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and to help gain contextual insights on current and imminent threats before an attack takes place.
– Fortinet’s FortiGuard Labs
Blindspots to surprise businesses, as they cut corners to make ends meet in uncertain economic times
In tough economic times, an organisation’s c-suite will be focused on cutting what they perceive as non-essential costs and carefully analyse what they would choose to protect from a business perspective. However, as organisations balance between international turning points and scaling down operations, threats will inevitably continue to evolve as cybercriminals take this chance to up their attack game during the recession. Therefore, it is crucial that all organisations, regardless of sectors, take on proactive security strategies, adopt frontline prevention and detection technologies together with other security tools that provide preemptive capabilities.
– Kevin Kirkwood, Deputy CISO, LogRhythm
Organisations will turn to subscription and managed services to better manage security
Developing an IT budget has grown increasingly complex over the last few years, further amplified by the industry’s skill shortage. General sentiments of economic uncertainty have swept through nearly every sector, leaving executives with a bevy of difficult budgeting decisions. Ultimately, organisations will be looking to do more with less in 2023 – or more with the same, in many instances. This will be especially evident among organisations in APAC, with almost half of the region’s cybersecurity market predicted to be driven by managed security services in 2023.
One way organisations are hoping to accomplish this is through the prioritisation of subscription and managed services in their security budgets. Lean IT teams will turn towards these services to fill internal skill gaps and help achieve organisational security goals, like improving maturity, unlocking 24×7 visibility and optimising threat detection and response.
– Eric Hart, Manager, Subscription Services, LogRhythm
Attacks are getting more personal
Another thing we can expect in the coming year will be that targeted attacks will be much more personal in nature. Already, we see attackers steering away from targeting official work emails to ensnare their victims. Instead, they’re finding more success by sending targeted social engineering campaigns to personal accounts of employees through SMS messages and third-party messaging apps such as Whatsapp.
This stems from a larger trend we’ve seen taking place. Our personal and work lives are blurring more and more together with every new technological advancement. Even before the pandemic, 80% of senior IT and business leaders surveyed by Oxford Economics believed their employees could not do their jobs effectively without a smartphone.
This is something we can learn from the recent Uber breach. There is currently very little tech coverage to give visibility into what’s happening to enterprise data and little control over this surface (which is easiest to exploit). As a result user error and account compromises will become more pronounced.
– Sundaram Lakshmanan, CTO, Lookout
The real-world impacts of cyberattacks will become more significant
The last year has been notable for the significant number of ransomware and DDoS attacks on major government organisations, businesses, and infrastructure. Unfortunately, we’ve reached a turning point in cyberattacks, where criminal enterprises have been able to make cyber-attacks a repeatable and scalable business. We will only see this continue, and perhaps worsen, in 2023. The next battle ground in cybercrime will be our real-world infrastructure, including our cities, factories, and the supply chain. Cyberattacks won’t just impact your data or a computer you’ve never heard of, but impact your ability to get gas, buy groceries, and secure healthcare. The solution to this issue
will be complex and multifaceted, requiring public and private collaboration, robust investment in the security of our software supply chain, and embracing the principle of least privilege as a core security philosophy across all industries.
– Robert Blumofe, Executive Vice President and Chief Technology Officer, Akamai
Shadow APIs could be a cause of major breaches
In 2022, we saw a glimpse of what misconfigured or unknown APIs, better known as shadow APIs, can do to enterprises. There has been recent research showing about 5 billion malicious transactions observed in the first half of 2022 targeting shadow APIs.
With the rapid proliferation of APIs, new vulnerabilities and misconfigurations emerge along with it – which proves why there is a strong need to identify and secure shadow APIs. This can be done through building a comprehensive inventory of all known APIs, their endpoints and expected operations. The security loophole can then be further closed by utilising a machine learning platform like F5 Distributed Cloud WAAP, to periodically scan and analyse data, ensuring API inventory is as up to date as possible.
– Shahnawaz Backer, Senior Solution Architect, Asia Pacific, China and Japan, F5
The rise of Chief Zero Trust Officer
2023 will see the introduction of a new role in large organisations akin to a “Chief Zero Trust Officer.” Like other digital transformation efforts, the journey to zero trust requires coordination and cooperation across the enterprise, which can be a real challenge. A zero trust “czar” empowered with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023.
Over the last several years, ransomware, data breaches, and other cyber campaigns have been hugely disruptive and cost organisations and governments millions. For example, we’ve seen the Singapore government enshrine Zero Trust as part of its cybersecurity strategy. In ‘The Journey to Zero Trust’ survey commissioned by Cloudflare, markets like Malaysia and Australia were found to have at least a 75 percent adoption of Zero Trust. When governments and organisations need to move quickly and cut across organisational boundaries, they often appoint a czar to take charge of a particular program and see it through to implementation or execution.
As private sector organisations embrace digital transformation and move their operations to the cloud, they too are looking to zero trust to help provide a robust and secure network infrastructure. Secure Access Service Edge (SASE) has emerged as a cloud-delivered convergence of network access and security services and is a common approach for enterprise zero trust adoption. The challenge however is that in many organisations, responsibility for networking and security live in different parts of the organisation and these groups often rely on different vendors in their respective areas. Breaking down the silos between security and networking teams and choosing the right tools, products, and vendors to align with desired business outcomes is critical to implement zero trust in larger enterprises.
As pressure to implement zero trust intensifies, I predict that a role analogous to a “Chief Zero Trust Officer” will emerge within some large organisations. This person will be the zero trust czar for the enterprise and will be the individual responsible for driving a company on its zero trust journey. Their job will be to bring together siloed organisations and vendors and ensure that all teams and departments are aligned and working toward the same goal. If resistance is encountered, the zero trust czar should have the backing of senior leadership (CIO, CISO, CEO, Board of Directors) to make decisions quickly and cut across organisational boundaries to keep the process moving ahead. Whether the very bold title of Chief Zero Trust Officer becomes reality or not, an empowered individual with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023.
– John Engates, Field CTO, Cloudflare
Pre-empting quantum hybrid computing’s impact on cybersecurity
While quantum hybrid computing is still some time away from mass adoption, it is emerging as a very real threat to cybersecurity. Companies need to think about data protection now more than ever. Bad actors are increasingly sophisticated, and companies need to be equally sophisticated when it comes to their security measures.
The industry is already exploring how quantum hybrid models can help protect sensitive data more effectively and drive the development of new encryption protocols and algorithms. It is encouraging to see such forward-thinking , and stakeholders exploring a cloud-based approach to solve security issues that once seemed unsolvable.
When it comes to cloud technology, we know that the only constant is change. Companies must be forward-thinking about how and where they manage their data, security, and their hybrid, multi-cloud infrastructures. We can’t keep the next local, national, or global crisis from happening, but with a strong cloud strategy, the impact can be mitigated.
– Sanjay Rohatgi, Senior Vice President and General Manager of Asia Pacific and Japan, NetApp
The human element of remote work will be most challenging
Organisations got a crash course in hybrid and remote work at the start of the pandemic. While many of the related security and technology issues have been ironed out, some of the remaining challenges aren’t about technology. One concern is employee mental health and another is creating the right processes and procedures to access the infrastructure. Additionally, the threat landscape is beyond the enterprise perimeter, making it difficult to identify employees and detect behaviours. Employees are going to continue to use devices for both personal and professional purposes, increasing risk but also improving productivity.
The SOAR market isn’t shrinking but integrating with other platforms
Security orchestration, automation and response (SOAR) will continue to exist but will be increasingly absorbed into other security platforms and the term will die out as it becomes baked into overall security. SOAR will converge with security information and event management (SIEM) and acquisitions will continue to contribute to vendor consolidation.
– George Gerchow, CSO and SVP of IT, Sumo Logic
Further investment in Transparent Data Encryption (TDE)
As data security concerns rise amongst large businesses that have accelerated their cloud journey, especially those in financial services, data encryption will become a best practice. This feature greatly enhances data security by encrypting data at the database level, giving full control to the DBAs but preventing unauthorised access to customer data. It can aid in safeguarding confidential data and other cloud data assets from accidental exposure and unauthorised access by threat actors lacking the necessary decryption keys. Overall, this helps organisations create a security architecture that mitigates a number of threats that would contribute to a security breach.
– Dan Garcia, CISO, EDB
As we approach 2023, cybersecurity will continue to remain a huge challenge for organisations in Asia Pacific (APAC). In fact, cybersecurity incidents appear to be more common in APAC, with 84% of respondents having experienced more than three security incidents in the last 18 months, as compared to 61% globally.
In response to rising threat attacks, organisations are increasingly adopting artificial intelligence and machine learning to identify and mitigate threats. However, cybercriminals are also taking advantage of the same technologies to launch their attacks with quick precision, expediting the end-to-end attack life cycle from weeks to days or hours. These attacks are also expected to evolve and become highly localised, more personalised, and geo-targeted.
As social engineering tactics grow in popularity and effectiveness against targets, organisations looking to build stronger resilience must move beyond merely reacting to cyberattacks and adopt a proactive stance. They will need to anticipate the continuous expansion of the enterprise attack surface and ensure that security processes and tools put in place are constantly evaluated and updated. These include adopting a more robust Zero-Trust framework, and incorporating app-based cybersecurity solutions that can scan employee’s devices – a vulnerable commonplace entry point for potential attacks.
In addition, business leaders must prioritise empowering the cybersecurity function so that it can build stronger defenses. This means equipping security teams with the right tools. Broader cybersecurity resilience could include mandating multi-factor authentication (MFA) for work process in and across business units. Training seminars can inform employees about their roles and responsibilities and understand how the latest cyberthreats and social engineering tactics apply to their daily work. Taking a step further, organisations may also assess employees’ levels of cyber competence and resilience through regular internal tests, to provide insights into their employees’ cyber awareness and how they can best be trained.
– David Chan, Managing Director, Singapore, Adnovum
Enterprises will shift to multimodal biometrics for identity verification
The era of passwordless authentication is well underway as businesses across sectors continue to adopt biometric identity verification. Biometric verification technology has improved significantly in recent years — so much so that it’s been ingrained in many everyday tasks, like unlocking our mobile devices. Even as facial recognition technology reaches upward of 99% accuracy, fraudsters have engineered workarounds through the likes of face morphs, deepfakes, digital image manipulation and the use of synthetic masks.
These concerns will remain top of mind for enterprises heading into the new year, which paves the way for the rise of multimodal biometric adoption in conjunction with multimodal liveness. Introducing an additional level of biometric verification to the authentication process adds another layer of insulation between enterprises and malicious actors. Supplementing facial recognition with an additional biometric like voice or iris detection provides additional security for businesses seeking to verify their customers, patients, employees and other users. Additionally, adding multi-modal liveness detection further strengthens the protection the person is real. Techniques such as correlated mouth moment and speech, and detecting blood flow in the face all make the authentication process much harder to spoof.
– Stuart Wells, Chief Technology Officer, Jumio
Measuring and increasing the cloud security posture will be number one in terms of pushing forward and implementing broader changes to security. What typically happens when you see an initial panic with breaches of a large size, is that it can often start with a single, well-placed phishing email that allows an initial intrusion. Larger organisations will start looking at data privacy and data governance very strongly. And it’s not only a cybersecurity issue, it’s also a data governance issue. Organisations will look to how these factors interplay going forward.
– Sandeep Bhargava, Global Head of Solutions and Services, Rackspace Technology