In 2023 and beyond, organizations can expect to continue dealing with many of the same threats they face today but with one key difference: expect criminals to leverage technological advancements to optimize the effectiveness of their attacks. You should also expect the adoption of new technologies to support new working practices (remote/hybrid) to play a big part.
Here are a few examples of some of these amplified threats and how you can mitigate them.
Social engineering attacks at scale
We can still (fairly) easily tell when we are interacting with a bot today, but it’s only a matter of time before bots become sophisticated enough to make it difficult for the average person to spot them. This is particularly problematic if they are used to engage and manipulate unsuspecting victims in your organization at scale.
Email spam filters are not enough to defend against this type of attack. One of the most effective ways to respond to this threat is via end-user education and security awareness: simply making sure that people realize that this type of attack exists, the methods used to gain access to credentials and other sensitive content, and how to stay alert and check that they are dealing with a trusted contact and not a criminal or bot. A short, simple infographic on your intranet describing “5 telltale signs of a social engineering attack” can pay dividends.
Monitoring user behavior with behavior analytics tools to detect any anomalous patterns or compromised credentials can offer an additional layer of protection. Are certain employees emailing an unusually large number of files to the same external party? Or are some employees logging into the network from unrecognized IP addresses?
Cybercriminals target employees across different industries to surreptitiously recruit them as insiders, offering them financial enticements to hand over company credentials and access to systems where sensitive information is stored. This approach isn’t new, but it is gaining popularity. A decentralized work environment makes it easier for criminals to target employees through private social channels, as the employee does not feel that they are being watched as closely as they would in a busy office setting.
Aside from monitoring user behavior and threat patterns, it’s important to be aware of and be sensitive about the conditions that could make employees vulnerable to this kind of outreach – for example, the announcement of a massive corporate restructuring or a round of layoffs.
Not every employee affected by a restructuring suddenly becomes a bad guy, but security leaders should work with Human Resources or People Operations and people managers to make them aware of this type of criminal scheme, so that they can take the necessary steps to offer support to employees who could be affected by such organizational or personal matters. This level of employee care and appreciation can make them less vulnerable to this type of cyber recruitment.
Additionally, it’s worth making sure that escalation procedures are well-known and easy to follow. If an employee is approached – by a cybercriminal or someone they know – about sharing their credentials to gain unauthorized access to the company network, what should they do? Contact their manager? The IT department? Whatever the official escalation process is in your organization, make sure it’s clear and well understood: make it easy for employees to do the right thing.
Security gaps in misconfigured cloud applications
As more and more organizations continue to move their systems and applications to the cloud, criminals know that this increases their chances of coming across more systems left exposed due to misconfiguration.
An ounce of prevention is worth a pound of cure. Some of these applications may serve the needs of a specific department or team. Therefore, the focus is more on the business issues the applications may be trying to resolve than the need to integrate and interact with internal systems and endpoints securely. It should be mandated that for any new cloud applications being onboarded or deployed by any department, the security team needs to be brought in early – not after the system has already been selected. The security team can ensure that the application is tested as part of the selection process and meets the requirements of the configuration checklist based on internal security policies.
Another area to pay close attention to is the shared responsibility model. Cloud vendors may promise that their services sit within a secure architecture and have put stringent security measures in place. But this does not guarantee full protection for your data, applications and other assets. Make sure that all parties (users, IT operations, cloud provider) are clear about their roles and responsibilities and the configuration of the cloud application meets the standards set by the company.
Finally, consider putting in place regular risk assessments and audits to validate current permissions across all cloud systems. This will help to reduce the impact from compromised credentials and other potential vulnerabilities.
Small steps can help tamp down new threats
These are just some examples of the threats security teams can expect to spend their time thwarting in 2023. Unfortunately, it’s a matter of “when” and not “if” your organization will be targeted by cybercriminals. Organizations and security teams need to be prepared to minimize cyber risk. In many cases, it takes just a few small steps to make a world of difference in your overall security posture and ability to keep sensitive data safe and out of the hands of cybercriminals.