Cybersecurity in 2023: Forescout’s top five predictions revealed
With the end of 2022 fast approaching, Forescout’s research team, Vedere Labs, has looked ahead to what the cybersecurity landscape will look like next year.
Here are the top five predictions for 2023, as shared by Daniel dos Santos, Head of Security Research at Vedere Labs.
Ransomware groups will expand into more IoT devices and continue evolving their extortion campaigns
Now that cross-platform ransomware is the norm, several groups have shown the profitability of attacks leveraging IoT devices (e.g. Lorenz on VoIP, Conti on routers and DeadBolt on NAS) and organisations have increased protections on their IT networks. As a result, the stage is set for an explosion of ransomware attacks using these devices for initial access or impact.
Threat actors will focus on exposed devices with a weak security posture (e.g. default/weak credentials and easy-to-exploit vulnerabilities) for initial access into organisations and on-critical devices for impact and new extortion techniques.
Probable favourite targets will be IP cameras and VoIP systems. We could also see the emergence of Initial Access Brokers (IAB) specialising in IoT access.
Hacking groups that appeared or became more active during the war in Ukraine will continue to act, regardless of what happens with the war
The war in Ukraine brought a lot of hacking groups to the scene or made groups that already existed focus on politically-motivated attacks.
Regardless of whether the war continues or ends, these groups will remain active. The people who gained offensive skills, and the groups that formed, will continue attacking politically-motivated targets or transition into the cybercriminal underground for financial gain.
State-sponsored actors will continue to expand their arsenal with new sophisticated malware
2022 has seen the emergence of state-sponsored ransomware, the use of wiper malware on satcom modems and out-of-band management technology, as well as new OT/ICS-specific malware.
In 2023, state-sponsored actors will continue to expand their arsenal and target other types of devices in espionage or disruption campaigns.
Medical device cybersecurity challenges will persist
On September 12, the FBI released a private industry notification about a growing number of vulnerabilities in medical devices that can be exploited by threat actors to ‘impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity.’
This notification came after the discovery of significant vulnerabilities this year, affecting medical devices, such as infusion pumps, medication dispensing systems and electrocardiographs. It also follows a wave of ransomware attacks that have targeted healthcare organisations over the past few years, some of which have rendered medical devices unusable.
The challenges with medical device security – long lifespans, difficulty in patching and customised software/firmware – will remain.
2023 could also be the year where we see attacks not only spill over to medical devices, but actually target them (potentially their insecure-by-design features as in OT), although it would require specific attacker motivation to purposefully target devices that could directly harm people.
Attacks on critical infrastructure will continue to increase
2022 saw dozens of notable attacks on utilities and critical infrastructure organisations, either directly targeting OT or via ransomware starting on the IT network.
These types of attacks will continue in 2023, with ransomware being the most popular type of attack. In many cases, ransomware gangs are refraining from encrypting data on critical infrastructure, instead resorting to exfiltration and extortion.
Next year, some of this leaked data, which often contains sensitive OT data, could be used for disruptive OT attacks by other groups with different objectives than financial gain.
The cybersecurity space will undoubtedly continue to evolve next year, at the same rapid pace we’ve experienced this year. IoT devices, particularly IP cameras and VOIP systems, will be particularly compromised, as will medical devices. At the same time, ransomware will pose an even greater threat to utilities and critical infrastructure organisations, further compromising the IoT device space. Meanwhile, state-sponsored ransomware will cause widespread disruption and the activity of hacking groups will proliferate.
Every organisation must stay alert to the areas outlined above and keep security top of mind. Otherwise, they run the risk of bad actors exploiting vulnerabilities. Above all else, they must heed the fact that no business, irrespective of industry or location, is immune from the growing threat of a successful cyberattack.
How to identify the signs that your IT department need restructuring
Source: Finance Derivative
Eric Lefebvre, Chief Technology Officer at Sovos
For firms to execute transformations and meet their overall vision, it is crucial that their CIOs are able to recognise the signs that their department is in need of some internal change. In the current economic climate, CIOs working to fulfil their organisation’s priorities and meet business goals might hesitate to acknowledge that their IT department needs restructuring, never mind be able to identify the signs.
However, these problems rarely fix themselves and organisational restructuring requires conviction and determination from leadership for it to occur successfully. So, what are some of the key signs that CIOs should look out for?
Struggling to keep up with industry demands
CIOs unsurprisingly are working in an extremely demanding environment at the moment. Meeting these evolving demands is crucial for companies. When demands are not met and not handled properly, this can have a lasting impact on organisational goals and objectives, and even impact the way in which transformations are put into effect.
Depending on the organisation’s structure, the way in which being unable to keep up with demands manifests itself can differ. Despite double digit reductions across the industry, the search for talent across the tech world continues, project costs continue to rise as the cost of labour has increased and schedules have been disrupted by significant attrition. Many companies will also find business costs, such as that of third-party software, are higher than planned and technology debt continues to pile up faster than it can be sunset.
Whilst leadership teams might dedicate their department’s attention on the factors discussed above, they may find that their team will fall short when it comes to timely deliverables and helping maintain your organisation’s tech stack and guide its business transformations. Looking beyond the immediate problems of high costs and considering an internal reshuffle may be the solution for many IT departments.
Internal conflict within the team
Organisational designs with underlying issues can cause constant friction, especially when they go unacknowledged. An IT department that lives in conflict will certainly be reflected in results and less than successful tech transformations. CIOs will find that by adopting an organisational design which works through staffing issues, will better innovate, especially if they can all work together.
Department leads should have a strong understanding of their team’s work environment and guide them through any long-term or potential problems. When an individual is working in a demanding or complex industry, working well with your team shouldn’t be the main impediment to innovation. By acting quickly to eliminate internal conflict, CIOs can better lead and ensure their team’s focus is entirely on producing more optimal outcomes.
Delays are commonplace
When a large amount of your team’s time is spent setting objectives, budgets and timelines for the projects they are working on, it is vital that they are met. When delays are coming from the IT department, they will inevitably hinder the development of any business transformation, especially if it prompts teams to spend excessive amounts of time rearranging budgets and timelines and therefore hindering innovation.
IT departments are a crucial aspect in many different parts of a company’s transformations, so remaining on track when it comes to timelines and innovation is critical to operational plans. If delays have become commonplace in an IT team, and external factors are impacting projects, CIOs should look at restructuring an IT department to solve these issues.
The strongest team relationships do not happen by accident and are the result of good planning, strong leadership and a motivated team. CIOs can ensure this by providing vision and long-term strategy with clear goals and objectives to produce high levels of quality output.
When internal issues are noticed in an IT department, and are noticeably impacting team morale or productivity, this should indicate the need for departmental restructuring. Be that due to an inability to meet market demands, issues with productivity and meeting deadlines or internal conflict, these issues all risk a department’s functionality and an organisation’s ability to achieve its goals. In short, don’t overlook the warning signs!
Why the future is phygital
Source: Finance Derivative
By Eric Megret-Dorne, Head of Card Issuance Services and Service Operations at Giesecke + Devrient
Digital banking has become increasingly ingrained in people’s everyday lives. Today, 73% of people globally use online banking at least once a month. Traditional bricks-and-mortar banks, which have long relied on the in-person experience with customers, are now having to step up their offering. With new ways of working blurring the work-home boundary, banks must ensure a fast, seamless connection between face-to-face processes and virtual customer experiences.
However, this does not mean that physical and digital banking are in competition with each other. In fact, many continue to use physical bank cards, with 1.12 billion in circulation in 2021, which provides the basis for digital payments and offerings. As a result, the benefits of digitalisation should converge with the comfort of physical touchpoints to create a holistic, “phygital” experience.
The path to phygital
Banks are accelerating their digital transformation strategies to keep up with the fast pace of fintech innovations. To meet the changing needs and preferences of customers, the payment world is leveraging new technologies to create personalised experiences through a range of different channels.
While the digitalisation of banking has been underway for quite some time – particularly for younger generations – events such as the Covid-19 crisis forced banks and customers of all ages to use digital tools and processes to compensate for branch, office, and call centre closures. With branches worldwide typically operating at reduced capacity due to social distancing requirements, consumers embraced online banking to avoid both the virus and potentially long queues.
However, some consumers still enjoy physical touchpoints, meaning a digital-only approach won’t suit everyone.
Striking a balance
It’s all about options – consumers now want to freely switch between traditional and digital channels without being forced into one. But how can banks achieve this phygital balance? One way is to equip physical channels with digital capabilities, so that online tools can augment the physical experience. For example, personalised bank cards with a bespoke design can be activated digitally, offering customers an extra layer of convenience. Having to wait for a new PIN to arrive in the mail is a common bugbear for consumers, so bringing card activation processes into the digital ecosystem will ensure a more seamless experience.
Greater automation in the card issuance and activation process enables the benefits of digital to be integrated into the physical banking experience without being intrusive. For instance, self-service kiosks empower customers to print their own cards, reducing the time between acquisition and card issuance, while still allowing for in-branch expertise if needed.
The personal touch
Phygital strategies also give banks a range of valuable data insights that can help them better serve their customers. This includes data on purchasing behaviours and habits, which can then be utilised to improve banks’ offerings and unify the physical and digital brand experience. Using omnichannel data helps to build a hyperpersonalisation strategy to provide real-time services.
In this way, digital solutions help banks maximise their user experience. Whenever a consumer interact with a bank, it creates data and behaviours. With fragmented databases, legacy systems and real-time data created by interactions with third-party partners through Application Programming Interfaces (APIs), it is not always easy for banks to streamline this data from different sources. By understanding patterns in that data and behaviours, banks can tailor and personalise unique experiences for each and every user.
Where security meets innovation
With big data opportunities abound, banks should be mindful of their consumers’ security concerns. Customers are now demanding much more transparency when it comes to how information is stored and collected. At the same time, they still desire greater personalisation via digital methods. Therefore, any successful phygital strategy requires a robust digital security to ensure customers have the same peace of mind as when they complete physical transactions.
To close the gap between innovation and security, banks should utilise tokenised infrastructure, which ensures the safe provision of payment credentials and securing of customer payments across all touchpoints. This is particularly important as regulations such as PSD2 and SCA demand strong authentication requirements.
The use of a token greatly enhances the consumer experience. For example, it allows for card details to be automatically updated for subscription services upon the expiry of an existing one, avoiding any service disruption. Multi-factor authentication can also ensure an additional layer of security, as it combines a password with verifiable human biometrics such as fingerprints or facial recognition.
Best of both worlds
Every consumer has unique preferences when it comes to banking. Therefore, banks must evolve by bringing both physical and virtual touchpoints into a ‘phygital’ world. Only a phygital approach can meet the needs of all end users – whether they favour an in-person experience, an online one, or a blend of the two. The holistic data insights, personalisation opportunities, and optimised security ensured at every touchpoint are also critical in building future-ready banks.
51% of Apprenticeships Axed: Alternative Ways To Secure The Future of SMEs
More than half of UK-based SMEs expect to increase their workforce numbers by the conclusion of 2023. However, many industries are experiencing a skills shortage problem, instigated by Brexit and a rise in economic inactivity.
One of the solutions has traditionally been the hiring of appearances. Unfortunately, due to the cost of living crisis, SME apprenticeships are under threat. Financial difficulties led to 51% of apprenticeships being axed in 2022, hindering both the job market and smaller businesses that rely on their talent.
Apprentices are valuable to SMEs for several reasons, addressing skills shortages, and allowing businesses to mould the ideal candidate whilst securing government funding.
Luckily, there are several other ways SMEs can dominate their market, with SME-focused digital marketing agency Add People providing their top tips:
7 Practices All SMEs Should Implement To Succeed:
- Invest In Employees
“Employees are obviously one of the most important elements of a successful business.
By investing in your staff, such as rewarding them for hard work, offering incentives and cultivating a space for them to flourish, you can help your SME succeed. From increased productivity and morale to a more positive workplace that attracts top talent, success often begins here.”
- Create A Strong Digital Presence
“The internet should not be underestimated as a tool for generating business. From allowing individuals to find out information, contact you and even purchase products and services, establishing an online presence is essential. Consumers are also more likely to trust and purchase from a business with a visible, credible online presence, so creating a user-friendly website is more essential than ever.”
- Diversify Revenue Streams
“If the last few years of instability have proven anything, it is that diversifying revenue streams is paramount to mitigating risks. Whether the blockage of the Suez Canal or the mass shipping delays caused by the Covid-19 pandemic, too much reliance on a single product can threaten your business.
Expanding into new products and services means SMEs are resultantly capable of reaching new audiences and new sources of revenue.”
- Collaborate & Form Partnerships
“Small-to-medium-sized enterprises can strongly benefit from collaborating with one another, especially across market sectors. These partnerships can provide your business with access to new resources, to enter new markets and improve your brand image within multiple markets.
Similarly, sharing your knowledge with another market can lead to increased innovation, allowing you to develop and improve both existing products and conceptualise new ones.”
- Use AI & Other Technologies
“AI is one of the most exciting developments of the 21st century and is set to revolutionise all industries. SMEs should be taking advantage of implementing AI into their offering, allowing them to stand out in their relevant markets and retain their competitiveness.
AI can also help to improve the decision-making made by a business due to analytics and insights. These can be particularly useful for any markets that are data-driven, but will ultimately help any business with regard to scalability.”
- Adapt To Industry Trends
“ World markets are continually changing, meaning industries are constantly having to evolve. By keeping on top of these changes, you allow your business to remain competitive and attract new customers.
This flexibility is one of the key tools to secure long-term success for any SME, and will allow you to capitalise on new opportunities for years to come.”
- Seek Feedback
“No business will get it right the first time, and the new and unpredictable changes to the market complicate this. Luckily, by always asking your customers and clientele for ways you can improve your business, you gain valuable insights into your consumer demographic and their needs. Learning from this information will allow you to become one of the most valuable and trusted providers within your industry.”
Peter Marshall, Chief Marketing Officer at Add People, a digital marketing agency specialising in small-to-medium-sized enterprises, had the following to say:
“While apprenticeships are a key feature of many SMEs, they are not vital for their success. One of the main reasons that apprenticeships are so popular is the funding that small employers can gain through their recruitment, allowing these smaller businesses to train staff that work to their standards and ethos. This means they are fully trained for a job role when the apprenticeship concludes.
Instead, businesses should focus on long-term solutions at the heart of operations. Making these changes will ensure a healthy future in any market, protecting both the business and the future workforce – including any apprentices!”
Simon Bell, Founder and Director at Careermap, the UK’s leading Early Career website also had the following to add about apprenticeships:
“’Apprenticeships are a win-win situation. Not only for the apprentice but for businesses alike. Training your workforce of the future is vital to keep businesses growing, helping to bridge the skills gap and offering unique perspectives. Reverse mentoring is a hot topic; apprentices can help your organisation do just that by re-energising current employees, encouraging creativity, open-mindedness and innovation.’