What Should CISO’s Look Out For In 2023?

Uploaded on 2022-12-07 in TECHNOLOGY--Resilience, FREE TO VIEW

As we look ahead to the New Year, CISOs should be quite rightly cautious about the threat landscape. With the effects of the pandemic largely behind us, it was hoped that 2022 would bring calm and composure, but instead it has brought more turbulence. 

From the Russian invasion of Ukraine to the growing cost of living crisis, it’s been another incredibly tough year for all – and has made the threat landscape precarious. 

Indeed, threat actors have continued to expand and evolve their attack methods, leveraging new techniques and exploiting a series of emerging vulnerabilities. 

Here, we look at four key emerging trends that we have observed this year and expect to grow throughout 2023. 

1.    HEAT Attacks 

Moves from threat actors to understand common technologies across the security stack and tailor attacks to bypass these tools is a pressing problem for enterprises. Indeed, modern threats are becoming increasingly advanced and evasive as adversaries come up with ways of getting around defences that are all too often inadequate or outdated.  

Throughout the last year, The Menlo Labs team has been tracking a distinct and notable rise in Highly Evasive Adaptive Threat (HEAT) techniques – a class of cyber threats that have been tailored to evade protective tools such as firewalls, secure web gateways, malware analysis including sandboxing, URL reputation and phishing detection technologies. 

Indeed, Menlo Labs identified a 224% increase in 2021, and we’re expecting a similarly alarming increase this year as attackers have further evolved their attack methods. If firms continue to lean heavily on traditional detect and respond security techniques, attackers will find success in HEAT-based endeavours.  

2.    Basic security Failures 

Unfortunately, basic security failures at even some of the most renowned organisations in the world continue to offer open doors for attackers to step through and begin to wreak havoc.  Take the attack on Uber in September 2022. Here, a lone threat actor was able to gain administrative control over the ride hailing giant’s IT systems and security tools owing to an exposed PowerShell script that contained admin credentials to the firm’s privileged access management (PAM) platform.  Indeed, it is a telling example. It doesn’t matter how extensive an organisation’s security investments might be, or how sophisticated their technologies are.

Often, threat actors can use simple and proven methods such as social engineering techniques to find ways around them.  

This example hasn’t just reiterated that there is simply no silver bullet or panacea to stopping attacks. Indeed, the Uber breach also showed multi-factor authentication (MFA) push notifications to be exploitable, causing widespread concern and a demand for the use of FIDO2 passkeys and hardware tokens in replace of passwords. This is something we might begin to see gather momentum in 2023. However, it will take a lot of work to implement it on a widespread basis, and even then, we foresee attackers simply finding the next weakest link in the chain. 

3.    Browser-based Attacks 

The third trend we see accelerating through 2023 is browser-based attacks. Undoubtedly the biggest attack surface available for threat actors to exploit today, it is critical that the security sector takes greater steps to protect this space. 

Indeed, several vendors are already looking at ways to add security controls directly inside the browser, moving away from traditional methods of improving protection with a separate endpoint agent or via the network edge where firewalls or secure web gateways are used.  

It’s pleasing to see major names such as Google and Microsoft making headway in this domain. Both organisations are developing and implementing built-in controls inside their respective Chrome and Edge browsers to secure at the browser level, rather than the network edge. 

However, threat actors seem to be determined to remain one step ahead. Browser attacks are increasing, with attackers exploiting new and old vulnerabilities, and developing new techniques such as HTTP Smuggling. 

As a result, remote browser isolation (RBI) is becoming an increasingly core principle of Zero Trust security that stipulates that no device or user – not even the browser – can be trusted. 

4.    One Size Doesn’t Fit All 

Fourthly, it is vital for organisations to remember that one size simply doesn’t fit all when it comes to security, and bespoke technology combinations and strategies are still the way to go. 

Recent reports from Gartner have suggested that many organisations are pursuing strategies focused on security vendor consolidation, cutting the number of providers they are working with for their security needs. This has been particularly prevalent in more complicated arenas such as secure access service edge (SASE) and extended detection and response (XDR).  

The motivation is less cost focused, and more about reducing complexity and improving risk management abilities. 

And while policies of continuous improvement are always going to be encouraged when it comes to security, it is important that organisations don’t discard best of breed solutions in the process.  

Adopting Zero Trust 

Policies such as Zero Trust will go a long way in improving security postures. Fortunately, this is a positive trend that we can expect to see in 2023, with many organisations already exploring Zero Trust as a policy in a more active manner. According to a survey from Verizon, presented in its 2022 Data Breach Investigations Report, 82% of respondents revealed that they had adopted or were considering adopting a Zero Trust approach to security.

What is the benefit of Zero Trust? Unlike outdated detect and respond solutions that weren’t built for cloud operating models and browser-based operations that now dominate our working world, Zero Trust has been designed to address risks in the current environment.

It recognises trust in a network as a vulnerability, demanding that all traffic (be it emails, documents, websites, videos or other) should always be scrutinised and verified. Equally, it advocates the ‘principle of least privilege’ where users are only given access to the enterprise resources and applications they truly need to carry out their daily tasks effectively. 

Together, these policies build resilience. Should attackers gain access to a network, they won’t be able to move freely, mitigating or limiting the potential damages of any attack.

Indeed, there are tools available to support organisations in achieving Zero Trust in the truest sense, with isolation technology being a prime example. Isolation works by moving the browser execution process away from the desktop and into the cloud, rendering only safe web content on the endpoint.

Resultantly, no active content from the internet – be it good or bad – is ever downloaded directly to the endpoint. Unlike other technologies, isolation isn’t ‘almost safe’. Rather, it can wholesale stop cyber attacks at source, 100% of the time by ensuring that attackers never have an opportunity to execute their payloads.
  
Jonathan Lee is a Senior Product Manager at Menlo Security.

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

 

« Fake Instagram Message Attacks Breach Email Security
Password Manager LastPass Gets Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.