Jonathan Cassell, Senior Solutions Architect at Syxsense, gazed into the cyber-crystal ball and came up with several predictions for 2023. These include more cyberattacks on critical infrastructure, increased cyber-regulation, faster zero-day exploits, and growing adoption of zero trust, though not at a pace necessary to significantly reduce the quantity of successful cyberattacks.
Here goes:
Attacks on Critical Infrastructure
2021 and 2022 saw the appearance of serious attacks on critical infrastructure. The famous ones included: The Colonial Pipelines breach that took down east coast fuel supplies for a few days and sent gas prices soaring; and the largest meat processing firm in the world JBS suffering a ransomware attack that disabled beef and pork slaughterhouses and impacted facilities in the U.S. Canada, and Australia. Expect more of the same in 2023, and perhaps even bigger targets getting hit.
More Cyber-Regulation
The FBI’s Cybersecurity and Infrastructure Security Agency (CISA) has had quite a year. It was regularly in the news through issuance of alerts about Common Vulnerabilities and Exposures (CVEs), Shields-Up notifications to guard against Log4j and other threats, and actions taken on a bypass of many enterprises to fix vulnerabilities deemed to be a severe threat. Don’t think that the higher profile of the CISA isn’t going to ripple into other facets of government. Therefore, more cybersecurity legislation is probably on the cards. There is also talk about a potential federal-level privacy regulation similar to the EU’s GDPR.
Regardless of regulatory pressure, insurers are turning the screws on businesses, demanding that they institute stronger cybersecurity safeguards if they want to be given cyber-insurance. Some are being turned down, some given high premiums, and others given less than comprehensive coverage as they were not deemed to have sufficient layers of protection in place.
Faster Zero-Day Exploits
The term zero day relates to recently discovered security vulnerabilities that a vendor or developer has only just learned about. Hence the term – they have zero days left to remediate it. Zero-day attacks are particularly worrying as they can be exploited by cybercriminals before developers have addressed them by issuing patches and figuring out remediation steps. These exploits, therefore, can cause serious damage and data theft until fixed.
When Log4J was discovered, for example, it led to a scramble by a great many vendors and a rash of patches and remediation protocols.
The bad news is that 2023 will probably bring even quicker zero-day exploits leading to shorter time frames between attacks. It may even lead to manufacturers and other victims not discovering such vulnerabilities for longer periods, and not disclosing them promptly either.
Zero-Trust Grows, But Slowly
There is great hope in the cybersecurity community that zero-trust network access (ZTNA) will solve a lot of ongoing difficulties. Certainly, ZTNA is growing and should grow more in 2023. However, we don’t yet see the market traction for it to be deployed widely in enough businesses to make a serious dent in the number of cyberattacks and breaches.
ZTNA encompasses technologies that enable secure access to internal applications. It grants access on a least-privileged basis via granular policy management to give verified users secure connectivity to private applications while protecting the network and avoiding exposing apps to the internet. Thus, Zero Trust is all about securing IT infrastructure and data via a framework that can tackle safeguard remote workers, hybrid cloud environments, and IT in general. It works on the assumption that any network is always at risk of either internal or internal attacks. In essence, Zero Trust means an individual is not just trusted because they are on the network. They must prove who they are and are given only limited access to the systems they need. Beyond safeguarding and vetting individual identities, the next frontier is now verifying machine identities such as the specific device and browser being used for access.
The Syxsense Zero Trust module, part of Syxsense Enterprise, provides hundreds of parameters IT can use to report and act on device compliance. For example, it can determine if a is laptop accessing a NetSuite server after hours from an IP address in an unfamiliar location. If so, it blocks it. It also has the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And it includes automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool, and making sure it is up to date on patterns, emailing IT about unauthorized access, and more.
For more information, visit: www.Syxsense.com
