Keeping an eye on what’s happening in global cybersecurity is a must if your organization wants to get ahead of new threats and keep up with the latest cybersecurity technologies.
Read this post to figure out what to expect from global cybersecurity in 2023 and learn 12 cybersecurity best practices your organization can implement to protect its sensitive assets.
What should you focus on in 2023?
Gartner, one of the key opinion leaders in cybersecurity, expects the world to spend 11.3% more on security and risk management in 2023 compared to 2022. Organizations are spending more on cybersecurity to manage the risks of an expanding attack surface, which is largely caused by the following factors:
- Increased teleworking. The remote work trend continues, creating a lack of visibility and control over employees. Remote environments are harder to secure, as they lie outside organizations’ perimeters. Hybrid work environments are also a source of risk, as they expand the area of potential attacks. When cybersecurity officers must protect both in-house and remote environments, it increases the possibility of human error and, eventually, a breach.
- Shift to the cloud. Gartner predicts that more than half of enterprise IT spending will shift to the cloud by 2025. Securing cloud infrastructure may be challenging due to the increased number of attack vectors, the complexity of cloud environments, and the sharing of security responsibilities between the client and the cloud services provider.
- Supply chain interactions. The supply chain continues to be a common point of cybersecurity failure. As the number of third parties you connect and interact with grows, so does the potential for hackers to access your infrastructure.
- IT/OT-IoT convergence. Security measures and protocols for Internet of Things (IoT) and operational technology (OT) devices are still developing, exposing IT systems to cybersecurity risks. Cyber attackers may use IoT and OT devices as entry points into your organization’s systems.
7 Key Measures of an Insider Threat Program for the Manufacturing Industry
“The pandemic accelerated hybrid work and the shift to the cloud, challenging the CISO to secure an increasingly distributed enterprise. The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote working and third-party infrastructure integration.”
Ruggero Contu, senior director analyst at Gartner
When securing your organization’s infrastructure, consider focusing on the following cybersecurity trends in 2023:
Developing cloud security
The rapid rate of cloud migration in recent years hasn’t left time for cybersecurity to catch up. Poorly secured remote work environments that cloud services are often accessed from and other cloud vulnerabilities are pushing the cloud security industry to develop fast. Gartner predicts the cloud security sector to have strong growth in 2023–2024.
Using zero trust in combination with a VPN
Virtual private networks might present challenges with scalability. VPN technology may be prone to cyber attacks and vulnerabilities in modern hybrid environments. In contrast, the zero trust approach is both secure and scalable. In the US, the Biden administration has required [PDF] government organizations to meet zero-trust principles by the end of the 2024 fiscal year.
Augmenting supply chain infrastructure
In 2023, cybersecurity specialists are expected to pursue new ways to protect supply chains and develop existing methods of cybersecurity supply chain risk management. This is mostly a response to cases of espionage, state-driven cyber attacks, and geopolitical disturbances that affect the global supply chain. For instance, Russia targeted technology involved in running critical Ukrainian infrastructure in February 2022. Gartner predicts that 45% of organizations will experience attacks on their software supply chains by 2025, which is three times as many as in 2021.
Stricter requirements for cybersecurity compliance
Governments worldwide are advancing their efforts to secure their citizens’ personal data. Gartner predicts that in 2023, 65% of the world’s population will have their personal data covered under modern privacy regulations, up from 10% in 2020. Five US states plan to roll out new data privacy laws in 2023. Following updates to cybersecurity laws, standards, and regulations is crucial for staying compliant and protecting your organization’s data.
Rise of threat detection and response tools
The only way your organization can efficiently handle an attack is by detecting suspicious user activity in your infrastructure and reacting to it promptly. Threat detection and response solutions are designed for just that. Gartner says the demand for cloud-based detection and response tools will increase in the coming years.
Continue reading to get a list of what you can do in 2023 to protect your organization from cyber attacks.
Reducing the Risk of Insider Threats among New Employees
Top 12 cybersecurity best practices for 2023
Here’s our checklist of new and time-proven cybersecurity principles and best practices for your organization to prevent cyber attacks in 2023:
1. Establish a robust cybersecurity policy
A cybersecurity policy serves as a formal guide to all measures used in your company to improve cybersecurity efficiency. The policy helps your security specialists and employees to be on the same page and describes essential and company-wide information security practices.
Consider implementing a hierarchical cybersecurity policy that consists of a single centralized policy and additional policies uniquely designed for each department within your organization. A hierarchical cybersecurity policy takes into account each department’s unique needs, helping you increase overall cybersecurity policy effectiveness and avoid disrupting departments’ workflows.
Likewise, you may design your security policies around different fields of your organization’s cybersecurity. For example, you may have an access control policy, a remote access policy, a vendor management policy, an insider threat program, and others. For more types of cybersecurity policies and their descriptions, read our post on 10 must-have information security policies for every organization.
Incident Response Planning Guidelines for 2023
2. Secure your perimeter and IoT connections
Present-day organizations’ perimeters extend far behind firewalls and DMZs, as remote work, cloud environments, and IoT devices significantly extend the attack surface. IoT is a rising trend — the IoT market is expected to grow to about $567 billion in 2027 from around $384 billion in 2021.
Security cameras, doorbells, smart door locks, heating systems, and office equipment — many of these are connected to the internet and can be used as potential attack vectors. A compromised printer, for instance, can allow malicious actors to view all printed or scanned documents.
Consider securing your perimeter by protecting your border routers and establishing screened subnets. To reduce data security risks, you can also separate sensitive data from your corporate network and limit access to such data.
You can combine conventional protection measures such as firewalls and VPNs with the zero trust model to protect yourself. Based on the concept never trust, always verify, zero trust requires users and devices in your organization to be continually validated to prevent unauthorized access.
3. Employ a people-centric security approach
A technology-centric approach to cybersecurity isn’t enough to ensure all-around protection, since hackers often use people as entry points. According to Verizon’s 2022 Data Breach Investigations Report, 82% of breaches involve a human element.
A people-centric approach can help you reduce the chance of human-connected risks. In people-centric security, an important perimeter is the workers themselves. Educating and monitoring employees are the main things to consider for a secure people-centric environment.
To make your organization’s cybersecurity people-centric, consider the following measures:
People-centric security for remote workers
4. Control access to sensitive data
Granting employees many privileges by default allows them to access sensitive data even if they don’t need to. Such an approach increases the risk of insider threats and allows hackers to access sensitive data as soon as they compromise an employee’s account.
Using the principle of least privilege is a much better solution. It means assigning each user the fewest access rights possible and elevating privileges only if necessary. If access to sensitive data is not needed, corresponding privileges should be revoked.
In addition to the principle of least privilege and the zero trust model, a just-in-time approach to access management brings even more granularity to controlling user privileges. This approach means providing employees access by request for a specific time and a valid reason.
Your organization can also combine these access management techniques.
Consider paying special attention to remote access to your infrastructure. Securing your remote workforce requires a combination of measures, such as improving visibility over remote employees’ actions and properly configuring your networks. Learn how to avoid common mistakes in securing remote access to your organization in our article on the top 10 mistakes of security officers in protecting remote workplaces.
5. Manage passwords wisely
Employee credentials give cybercriminals direct access to your sensitive data and valuable business information. Brute force attacks, social engineering, and other methods can be used to compromise your employees’ credentials without your employees knowing.
Organizations often use specialized password management [PDF] tools to prevent such attacks. Such solutions can give you control over your employees’ credentials, reducing the risk of account compromise.
Give preference to password management tools that provide passwordless authentication, one-time passwords, and password encryption capabilities.
If you still trust employees to manage their own passwords, consider adding the following recommendations to your cybersecurity policy:
- Use a different password for each account
- Have separate accounts for personal and business use
- Create lengthy passwords with special symbols, numbers, and capital letters
- Use mnemonics or other tactics to remember long passwords
- Use password managers and generators
- Never share credentials with other employees
- Change passwords at least once every three months
6. Monitor the activity of privileged and third-party users
Privileged users and third parties with access to your infrastructure have all the means to steal your sensitive data and go unnoticed. Even if these users don’t act maliciously, they can unintentionally cause cybersecurity breaches.
To reduce the risks posed by privileged users and third parties, consider the following measures:
The most useful way to protect your sensitive data is by monitoring the activity of privileged and third-party users in your organization’s IT environment. User activity monitoring (UAM) can help you increase visibility, detect malicious activity, and collect evidence for forensic investigations.
A UAM solution provides useful insights into who does what in your organization. UAM tools track users’ actions in the form of screenshots and information such as visited websites, typed keystrokes, and opened applications.
Third-Party Monitoring Best Practices
7. Manage supply chain risks
Your organization’s vendors, partners, subcontractors, suppliers, and other third parties with access to your organization’s resources may be susceptible to supply chain attacks.
There was an astonishing 742% average yearly increase in software supply chain attacks from 2019 through 2022 according to the 8th Annual State of the Supply Chain Report.
In a supply chain attack, cybercriminals infiltrate or disrupt one of your suppliers and use that to escalate the attack further down the supply chain, which may affect your organization. During the Solarwinds hack, cybercriminals managed to access the networks and data of thousands of organizations by inserting malware inside a Solarwinds software update.
Some of the fundamental practices for handling supply chain risks are:
To address supply chain risks, you need to think beyond merely managing your third-party risks and develop a comprehensive strategy of cyber supply chain risk management (C-SCRM). C-SCRM can help you enhance business continuity and improve supply chain visibility.
NIST Special Publication SP 800-161r1 and NIST Key Practices in Cyber SCRM can help you create your own C-SCRM program.
8. Enhance your data protection and management
How you manage your business data is critical to your organization’s privacy and security.
You may start by documenting information management processes in a data management policy. Consider describing how data is collected, processed, and stored, who has access to it, where it’s stored, and when it must be deleted.
It’s also vital to outline your data protection measures in a data protection policy. Consider building your data protection measures around the key principles of information security:
- Confidentiality — protect information from unauthorized access
- Integrity — make sure unauthorized users can’t modify data at any stage of the data lifecycle
- Availability — ensure authorized users always have access to data they need
Gartner outlines four key data cybersecurity techniques you can use to implement these principles:
You can also use insider risk management and data loss prevention solutions to manage data security risks. Managed file transfer platforms can help you securely exchange data with third parties.
10 Data Security Best Practices: Simple Steps to Protect Your Data
9. Employ biometric security
Biometrics ensure fast authentication, safe access management, and precise employee identification. Biometrics are a reliable way to verify users’ identities before providing access to valuable assets, which is vital for your organization’s security. That’s why the biometrics market is growing rapidly:
Biometrics provide for more reliable authentication than passwords, which is why they are often used for multi-factor authentication (MFA). However, authentication isn’t the only use for biometrics. Security officers can apply various biometrics-driven tools to detect compromised privileged accounts in real time.
Behavioral biometrics is especially useful for ensuring secure user activity, as it allows you to analyze the unique ways users interact with input devices. Security officers can get notified if abnormal behavior is detected so they can react immediately.
User and entity behavior analytics (UEBA) systems that analyze user activity employ the following behavioral biometrics factors:
- Keystroke dynamics — monitors typing speed and the tendency to make typical mistakes in certain words to create user behavior profiles
- Mouse dynamics — tracks the time between clicks and the speed, rhythm, and style of cursor movement
10. Use multi-factor authentication
Multi-factor authentication helps you protect sensitive data by adding an extra layer of security. With MFA activated, malicious actors cannot log in even if they possess your password. They would still need other authentication factors, such as your mobile phone, fingerprint, voice, or a security token.
While seemingly basic, MFA is among the best cybersecurity protection methods and is mandated by most cybersecurity requirements, including General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and SWIFT Customer Security Programme (CSP). Tech giants like Google and Twitter push their users to adopt MFA.
As an added benefit, MFA allows you to distinguish among users of shared accounts, improving your access control capabilities.
Two-Factor Authentication: Categories, Methods, and Tasks
11. Conduct regular cybersecurity audits
Conducting audits regularly helps you assess the state of your organization’s cybersecurity and adjust it if needed. During audits, you can detect:
- Сybersecurity vulnerabilities
- Сompliance gaps
- Suspicious activity of your employees, privileged users, and third-party vendors
The quality of an audit depends on the completeness of data from different sources: audit logs, session records, and metadata. Here’s why you need an audit trail:
Detailed security logs of UAM solutions can provide you with information about both end users’ and privileged users’ actions, including activity metadata, screenshots, and other helpful details. This information helps you conduct root cause analysis for security events and identify weak points in your cybersecurity.
If you decide to deploy a UAM solution, pay attention to those that offer reporting on certain types of actions, incidents, users, etc. Reports help to significantly speed up and simplify your audits.
For audits to be productive, it’s vital to track any changes in the requirements of cybersecurity standards, laws, and regulations that are relevant to your company.
We have a set of posts on how to reach cybersecurity compliance in the following organizations: educational and healthcare institutions, government organizations, banks, law firms, and other organizations at risk of data breaches.
12. Simplify your technology infrastructure
Deploying and maintaining a large number of tools is expensive and time-consuming. Moreso, resource-demanding software can slow down your organization’s workflows.
Consider having one or a few comprehensive solutions that contain all the necessary functionality. This way, you’ll streamline and simplify your security infrastructure.
If you want to reduce your costs and your response times as well, be sure your solution integrates all the tools you need.
Simplify and enhance your security infrastructure with Ekran System
Ekran System is an all-in-one insider risk management platform that offers a holistic and people-centric approach to your organization’s cybersecurity.
You can implement most of the mentioned cybersecurity best practices with the following Ekran System capabilities:
User activity monitoring. Monitor and record all user activity in your infrastructure in a video format. View live and recorded user sessions, create an audit trail, and collect cybersecurity evidence.
Privileged access management. Control access for all regular, privileged, and third-party users connecting to your IT system. Verify user identities with two-factor authentication. Create a request and approval workflow.
Password management. Take full control over your employees’ password management. Securely authenticate users and provide them with one-time passwords. Protect user credentials and secrets with encryption.
Auditing and reporting. Conduct cybersecurity audits. Schedule and generate ad hoc customizable reports on user activity. Export user sessions for forensic investigators.
Automated incident response. Receive notifications about suspicious user activity. Manually and automatically respond to cybersecurity events. Detect account compromise and insider threats with Ekran System’s AI-powered UEBA module.
You can deploy Ekran System on-premises, in the cloud, and in hybrid environments. Ekran System supports most operating systems, including Windows, macOS, Linux, and Citrix.
Ekran System can also be integrated with your security information and event management (SIEM) system, helping you collect all security data in one place and see the full cybersecurity picture.
Conclusion
In 2023, we anticipate the development of cloud security, the spreading use of the zero trust model, an increase in cybersecurity compliance requirements, and a rise in threat detection and response tools.
To manage new risks of supply chains, OT and IoT, remote work, and the cloud, consider implementing the best practices for cybersecurity we described in this article.
Start a free 30-day trial of Ekran System to see how it can benefit your organization’s security.
Share:
