The world of cybersecurity is constantly growing at a high speed, more and more even if we take into account the disruptive events that we have been seeing in recent years due to the COVID19 pandemic, which forced millions of people to telecommute, increasing the Internet traffic, the use of both the cloud and connected systems, accelerating digital transformation, etc.
This has caused companies to focus their attention in cybersecurity, which not only caused the acquisition and implementation of new tools, but also a cultural change, an improvement in their organizational processes, and a never-seen-before awareness about the importance in the face of threats via the Internet.
Taking advantage of the fact that last February 7th was the Safer Internet Day all around the world, we present you, with the help of Minsait’s Director of Cybersecurity in Mexico Erik Moreno, what we at Minsait consider to be the trends that will guide the route that businesses will need to do to protect themselves in 2023 and beyond:
Safety in the Metaverse
The Metaverse is in style, since, for what we are promised, we will be able to carry out activities virtually with the same possibilities as in the real world: electronic commerce, work, pay with digital currencies, and interact regardless of distance.
This implies, besides an enormous potential, a number of risks for our security and privacy, these aspects being the most threatened. Therefore, it will be essential to protect ourselves as we do in the physical world, which will be especially important as more and more companies become integrated into the Metaverse. Protecting their businesses, and transactions with virtual currencies will be vital, as well as ensuring that they comply with terms and conditions through the so-called SmartContracts, which ensure their commitment to security.
It is necessary that, throughout this year, the focus of attention be placed on the deficiencies and vulnerabilities of the devices with which the Metaverse is accessed, considering the new risks and threats that may appear. Legislation will also need to advance in this field, providing greater privacy and security to users.
Risks as a guide to security
Throughout this year, it will be very necessary to identify critical information assets, in order to be able to assess the risks to which they may be exposed, taking into account the type of industry in question. Thus, financial institutions will take into account fraud and diversion, while other types of companies will be more focused on the risks for their operations.
This will imply that companies will be forced to improve and strengthen their security strategies, expanding the visibility of their assets while increasing their investment in cybersecurity. In this case, not only the risks associated with the technology itself will be considered, but also those derived from contact with third parties and business partners, as well as the supply chain or risks outside the Internet.
Better protection for digital identity
Everything we do on the Internet is recorded, and our interaction with the web pages we visit, the social networks we participate in, the applications we use or even the electronic purchase portals we use, end up building a digital identity of who we are, that may include sensitive personal data.
In this case, the main threat is that they impersonate us, so it is still essential that users, both inside and outside companies, have training on the best practices for browsing the Internet, managing strong passwords, updating of the software of our equipment, control of our digital identity, etc.
Increasingly, IoT (Internet of Things) devices are found in all kinds of sectors, be they Smart Cities, Healthcare, Transportation, Public Services, Telecommunications, etc. These types of devices are constantly exchanging data, using the cloud for this and communication networks, such as 5G, for their communication.
Here it is clear that data security is paramount, so we have to be very attentive to threats directed both at the devices themselves and at the connection networks they use when working and sharing information. For this year, we believe that the cybersecurity of these devices will be essential, since the proliferation of these IoT devices continues to grow logarithmically, thus increasing the number of potential attack targets.
Cybersecurity Mesh Architecture (CSMA)
Increasingly, digital business assets are distributed across the cloud and in data centers, so traditional fragmented security approaches leave organizations exposed.
The concept of Cybersecurity Mesh Architecture seeks to help enterprises move from node-based to collaborative and flexible security, as a cybersecurity mesh architecture provides a composable approach to creating a scalable and interoperable service.
This contribution from CSMA will be quite significant throughout 2023, especially when migration from traditionally local environments to hybrid or cloud environments is becoming more common, where cybersecurity is vital for the execution of their operations, where IT environments will evolve and expand at all times.
Operational technology in the forefront
As we have been seeing, attacks and threats not only affect information technology, but are expanding to operational technology, which poses a risk to the strategic infrastructure of the company, being critical in sectors such as Electricity, Gas and Oil, Hydropower, Transportation, etc.
Throughout the year, companies will have to adapt their cybersecurity strategies to protect their operational technology based on the analysis of risks, threats and possible vulnerabilities, the result of which will lead to a diagnostic plan for the company’s critical systems. The protection of these systems will be critical so that production cannot be stopped at any time.
For more than ten years, ransomware has been a constant threat. This year is not going to be an exception, since it is becoming more complex and sophisticated, focusing not so much on the common user as such, but on companies and their workers, as well as on services, State agencies and all those organisms whose operation cannot be allowed to stop.
These ransomware attacks range from extorting the perso,n to attacking supply chains, attacks for geopolitical reasons (the case of Ukraine-Russia, for example), or even what is known as «Ransomware as a Service» (RaaS). Throughout the year, ransomware will continue to increase exponentially, demanding larger ransoms from companies and organizations, even without the security of recovering their data.
Having to be using identification passwords on the Internet seems to be beginning to have its days numbered, and the so-called passwordless – Password-free user identification through location factors, biometrics, or email link authentication – is beginning to take off.
Here the future is going to increase biometric detections and the use of adaptive identification through the use of Machine Learning to analyze patterns and behaviors.
As we can see, the trends for this year are evolutions of those we have been having, but even so, it is still interesting to see how the specialization and improvement of these solutions is vital to counteract the advance of cybersecurity threats.