30.03.2023

Cybersecurity 2023: Top threats and how to counter them

What are the cybersecurity trends organizations will have to brace themselves for this year?

The year is already in full swing, but I keep coming back to the question of the cybersecurity trends organizations will have to brace themselves for this year. Instead of gazing into my own crystal ball, however, I would like to take a look at trends identified by various analysts and experts and the types of cybersecurity attacks enterprises might be facing. 

 

Security Trends Grafik

Let's start by taking a look at the identified threats. Across all reports, we see that they can be broken down into five threat types: 

  • Ransomware attacks continue to be on the rise – specifically also targeted human-operated ransomware campaigns 
  • We are seeing increasing attempts to circumvent both state-of-the-art technologies and identity management through MFA bypass techniques 
  • Worldwide, geopolitical risks and associated supply chain risks continue to be very high  
  • Inadequate cybersecurity as a result of the ongoing—and growing—shortage of cybersecurity skills remains a highly relevant risk factor 
  • And last but not least, new potential risks may emerge from generative AI such as the current ChatGPT tool 

What can organizations do to counter these risks? How should businesses navigate the situation? Or are we left defenseless? 

No, not at all. We have valuable tools at our disposal and implementing them will definitely pay off. When I say “pay off”, I mean that taking action will contribute to reducing the risks and the damage amounts. 

Innovative EDR/ XDR solutions

To protect against ransomware attacks, and specifically against human-operated ransomware, enterprises should rely on state-of-the-art EDR/XDR solutions. This also includes verifying that the AI-supported automated attack response functions are enabled. This is indispensable to ensure that an organization will benefit from the latest innovations as well as swiftly respond to an attack, should it occur. 

Migration to a zero-trust architecture

In addition, the systematic implementation of a zero-trust architecture is an important tool for mitigating the effects of malware attacks. Of course, it cannot 100% protect against an attack, but it does protect an organization against potentially catastrophic consequences, such as the full encryption of all their systems. As always, the journey is the reward: zero-trust technologies are constantly evolving, and an organization’s architecture and implementation should be continuously reviewed and further developed. 

Maximum protection for the major vulnerability

MFA attacks have increasingly come into focus over the past year. The only way forward, in my view, is to systematically add phishing-resistant MFA components (e.g., number matching procedures and/or Azure AD certificate-based authentication). Even better would be to check if switching to a fully passwordless login procedure is a possibility. And while you are working on this, also verify at the same time that the principle of least privilege is still applied and that privileged accounts, in particular, are protected—for example through just-in-time access as well as dedicated systems for the corresponding administrative tasks (jump servers and/or dedicated secure workstations). 

Business partner protection

It goes without saying that the exposure to supply chain risks can only be partially mitigated by technical measures. When collaborating across organizational structures, organizations should ensure that their own resources are optimally protected. This begins with simple aspects such as a proper guest user lifecycle management in cloud-based collaboration solutions such as Teams. 
In addition, it is best practice for many organizations to monitor vendors—based on their respective cybersecurity risk rating—through governance and compliance requirements as well as vendor security audits (usually based on standardized questionnaires). I believe that this approach is not always ideal. It is a considerable challenge for small companies to properly complete an ISO 27001 questionnaire checklist, and they usually cannot present a comprehensive ISMS policy. I believe it would be better, if large enterprises, who are often also dependent on smaller vendors, would assist them with specific cybersecurity guidelines and their implementation. This could significantly improve supply chain security. 

Leveraging automation to fill workforce gaps

Even large enterprise can affected by the shortage of skilled labor. Therefore, they need to leverage tools that provide the highest possible degree of automation. They should also review, which services really need to be provided in-house and which services can be outsourced to specialized providers.  

Eliminating attack vectors

Last but not least, the question arises, what safeguard CISOs can implement to protect themselves against potential new risks from generative AI (such as those on which ChatGPT is based). On the one hand, we can expect that security providers will gradually incorporate these technologies into their tools. But an organization can also proactively protect themselves by systematically using passwordless authentication to guard against the risk of user name and password attacks as well as attacks on the corresponding MFA tools. In this case, it wouldn’t matter whether or not an attacker adds generative AI components to their password generation tools to make the attack even more efficient and effective, because passwordless authentication completely eliminates the user name/password attack vector. 

We see that we definitely are not defenseless against these attack trends. But it is important to take action or, even better, to keep taking action and systematically keep updating security architectures and tools to counter the latest attack trends. 

Author

Stefan-Haffner_300x170.jpg

Stefan Haffner

Associate Partner | Cyber Security

Weiterführende Inhalte