Cybersecurity: Year in Review and New Year Resolutions
Cyberthreats affect not only businesses, but all of us since the digital world is an integral part of our daily lives, and we spend a considerable amount of time online working, shopping, connecting with friends and so forth says Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea
The year drawing to a close has shown that cybersecurity continues to be a major challenge for many governments, organisations, and citizens around the world, as they step up their efforts to protect businesses and mitigate risks from malicious attackers.
The reality check is that cyber threats are increasing at the same time when many businesses are becoming entirely dependent on digital services, with cybercriminals vigorously looking for ways to gain remote access, steal credentials, elevate privileges, and exfiltrate sensitive data that could bring a business to a complete stop and result in significant financial costs.
Cyberthreats affect not only businesses, but all of us since the digital world is an integral part of our daily lives, and we spend a considerable amount of time online working, shopping, connecting with friends and so forth.
Looking back on this past year’s developments, I have identified these Top 5 Cybersecurity Trends.
Top 5 Cybersecurity Trends in 2022
- Information Wars and the Algorithm Social Bubbles
With so many geopolitical tensions and conflicts happening in the world, we have seen a major increase in Information Wars that have become a vital factor in how we see and believe in what is our version of reality.
At the same time, algorithms are determining not only what data appears in our social feeds but also who we are connected to and, at the same time, reinforcing our beliefs and whether they are true or fake. Algorithms are often shaping our lives more than our education, and this is becoming very scary. As we look through our social feeds, we only see what the algorithms want us to see to power our dopamine needs.
The reality is that we are now living in an era of Information Warfare where our digital society is overlapping with the real-world.
- Cyber Fatigue – Bypass MFA and Social Engineering
Cybercriminals are always looking for the easiest ways to access an organisation’s network or systems. They continue to look for the quickest and cheapest path that allows them to stay hidden under the disguise of an authorised employee.
Social engineering has been on the rise for the past ten years, but in 2022 it went to a whole new level. In response, more organisations have strengthened their security controls by adapting two-factor (2FA) and multifactor authentication (MFA) to reduce the risks associated with employees continuing to choose weak or repeated passwords.
However, following this increase in security controls, attackers have adapted their techniques, looking for ways to bypass these additional security challenges through social engineering and cyber fatigue. This should be a reminder to organisations and businesses that not all 2FA and MFA are equal.
Additionally, they need to find the right balance between security and productivity to reduce the risks of cyber fatigue, which can increase the risks of social engineering techniques being successful.
- The Hybrid Workforce and Bring Your Own Office (BYOO)
As a result of COVID-19, in the past few years, we have experienced the explosion of remote working which has also accelerated digital transformation to cloud services for many organisations. The post-pandemic reality is that we now have a modern hybrid workforce.
The new working norm is that employees only go into the office about 3 out of 5 days of the week, if at all. This has resulted in employees’ homes becoming an extension of the workplace and introducing the evolution from Bring Your Own Device (BYOD) to employees needing to Bring Your Own Office (BYOO).
- The Rise of Cyber Insurance
Business leaders are looking to mitigate the risks from cyberattacks and ransomware, which had devastating consequences for many, both in terms of business availability and financial stability. The need to reduce the financial burden of cyberattacks has seen many business leaders look to cyber insurance as a safety net, making it a de facto mandatory requirement for business resilience and continuity.
A recent survey report from Delinea revealed that 33% of IT decision-makers applied for cyber insurance due to requirements from Boards and Executive Management. Furthermore, their policies are getting a workout – almost 80% said they have had to use their cyber insurance, and over half of them said they’ve used it more than once.
As a result of cyber insurance policies being used and, ultimately, many businesses needing them, the cost of cyber insurance is continuing to rise at alarming rates.
- Deep Fakes – Can you spot the difference?
The advancements made in the quality of deep fakes in 2022 are scary to the point that with only a few images and audio clips available on the internet, an attacker can become a digital version of you.
We have seen many deep fakes circulating on social media that make identifying the real original version almost impossible without technology assisting in analysing the bits. We now must become aware that any digital video or audio must be validated for authenticity.
Top 3 Cyber Resolutions for 2023
While cybersecurity threats can appear overwhelming, we can nevertheless make it harder for malicious attackers to disrupt our lives. As we start the new year, take some time to make some changes to your cyber hygiene and increase your security posture.
- Renew your password experience – reward yourself with a Password Manager
Creating and remembering new passwords is a pain that no one needs to endure. Starting from January, let’s stop reusing passwords and let a password manager do all the work for you in the background. It will help generate a complex strong password for each credential and remember it for you. Some tools can also alert if any of your passwords might have been compromised in one of the many data breaches happening all the time.
- Turn on MFA – More than Just a Password
Let’s not leave passwords to be the only protection for your credentials. For at least one of your most important accounts, try enabling multi-factor authentication. Once you get past the first time you will find it much easier to enable MFA for more accounts. This will help reduce the risk of attackers gaining access to your accounts.
- Audit Yourself – Assess Your Security
Take a moment to check your audit logs and look for suspicious activity, such as any failed login attempts from suspicious locations or devices. If you find unknown or old devices you are no longer using, make sure to revoke access or update your passwords.