You can view all on-demand sessions of the Intelligent Security Summit here.
What’s on the horizon for cybersecurity 2023? You can see that the landscape is changing rapidly. trendsBusinesses should always be prepared to deal with ever-changing environments that can pose risks. In today’s cyber climate, no fish is too small for Hooking is a common attack. These are just some of the reasons that SMBs should be more proactive about security. key trends Target an expanding attack surface with increased risk.
Credential phishing remains hackers’ go-to
For access to network networks, hackers continue to attempt to obtain credentials. Historically, they’ve used email, but they are increasingly using social engineering. Around 80% of the 2022 population will be online in the first half. 70% A majority of emails attacked contained a credential hacking link.
Credential Phishing and Social Engineering go hand in hand. This practice can be both direct or indirect. Hackers are increasingly using lateral attacks to target one individual to gain access to another. Cybercriminals can use their compromised user to impersonate other employees or to gain access to related organizations such as partners or suppliers.
These methods aren’t going away; in fact, they’re becoming more sophisticated. Countermeasure for Multifactor authentication (MFA) is mandatory for all organizations. This is mandatory for Administrator accounts must be at least one account. This is because they have certain privileges.
Intelligent Security Summit Available On-Demand
Learn the critical role of AI & ML in cybersecurity Industry-specific case studies. Get on-demand videos of these sessions.
But getting other users to adopt this has been difficult because it’s a poor user experience and one more burden. Instead of making it more difficult for users to remember passwords and take on additional steps, passwordless authentication is a better option. A code is sent directly to the device that performs authentication. This increases security while also allowing for convenience which is often at odds.
However, it’s not only email where phishing keeps dropping its bait. Cyberattacks can now be carried out from any channel.
Omnichannel cyberattacks increase risks
Phishing has evolved to be omnichannel. It mirrors and exploits all the communication technologies that businesses use. Hackers use chat, phone calls, SMS and social media direct messaging to carry out these attacks. To begin, a targeted user might receive communications in one channel. Then they could be bombarded with communication through other channels. This is a way to trick the user into believing that they are authentic.
Increased attack channels are a must for A broader umbrella to protect email from all forms of attack. Defending against social engineering is especially challenging because the messages don’t contain explicit threats (malicious links or attachments) until the final step of the attack.
Cyber insurance may become more difficult for small businesses as the risk of these attacks continues to rise.
Increased requirements for cyber insurance
Cyber insurance has evolved in response to the changing threat environment. The cost of cyber insurance has increased and it is more challenging to maintain or obtain coverage. It is becoming a requirement for The coverage is for Businesses must prove that they are protected at the right level. Companies may have difficulty meeting this obligation because there is no industry standard.
To prove that an organization doesn’t present uninsurable risks, it needs to increase its technology base of security, ensure strong authentication is in place and provide certifications where available. The business will require its IT service provider to ensure strong security. What certifications should you look for? for SOC 1 and SOC 2 are available in the cloud partners. Industry-specific compliance such as HIPAA support is also possible. for healthcare-covered entities. This could help an organisation get more coverage.
When looking at protection technology that is well-suited, for Reduce security risks for Machine learning (ML), artificial intelligence (SMBs), and AI (artificial Intelligence) are all interesting trends.
AI’s role in threat protection matures
AI is now a crucial technology for Many business processes can be improved. Its continual learning model, which is particularly useful in changing security threats makes it easier to react to them. This technology provides continuous enhanced defense that detects and protects against new attacks. This technology is vital for Detection of attacks beyond the reach of previous experienced threats
Phishing attacks that are traditional use a broad threat to attack. Filtering emails that appears to be spammy for It can quickly detect and stop attacks. What it won’t catch are unique, customized phishing schemes deployed to a specific company or an individual in that company.
Hackers bypass email filtering by using social sites like LinkedIn to obtain employees’ names, which is easy to do, then sending socially engineered messages that don’t include telltale links or attachments. The hackers then use social media to identify employees and spread phishing through email and other channels. It’s not a mass attack, so it’s less likely to be recognized by email filtering. This scenario is where AI could be helpful, as it creates a picture. “normal” for To better identify unusual communications, you can contact a particular company.
This again highlights the fact that hackers love every user and every company. SMBs have weaker defenses, which is why this situation was so attractive.
It should be a top priority to use AI as a safety network for For small businesses. It’s now less expensive and more accessible. The barrier to getting it is now lower.
Architecture of zero-trust: Removing implicit trust
The zero-trust architecture replaces old security systems that rely on the outdated assumption that all information within a network is reliable. The framework states that once a user logs into a network, they can gain access to any data and even exfiltrate it.
Continuous validation is what zero trust uses to eliminate implicit trust. Establishing zero-trust architecture in a network requires visibility and control over an environment’s traffic and users. Such a scope involves determining what’s encrypted, monitoring and verifying traffic and using MFA.
Zero-trust security allows organizations to review all information, establish a standard for security and set a baseline. This approach will be more popular as companies begin to digitally transform their businesses.
For cybersecurity to remain flexible in the face of threats, it is essential that they are agile
All of these trends are interconnected and demonstrate that modern cyber-defense must be flexible and adjustable to meet new and evolving threats — as well as old threats. Security-centric partners are essential for SMBs for Applications and cloud hosting to preserve their borders and decrease risk for the coming year.
Alex Smith Intermedia Cloud Communications’ Vice President of Product Management.
VentureBeat is a community for you!
DataDecisionMakers allows experts to share their data-related insight and innovating with each other.
DataDecisionMakers is the place to go if you are looking for cutting-edge information and current best practices and about the future of data technology and data.
You might even consider contributing an article of your own!
DataDecisionMakers: More Information