{"id":593482,"date":"2023-01-03T05:49:29","date_gmt":"2023-01-03T11:49:29","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/03\/cyber-security-professionals-share-their-biggest-lessons-of-2022\/"},"modified":"2023-01-03T05:49:29","modified_gmt":"2023-01-03T11:49:29","slug":"cyber-security-professionals-share-their-biggest-lessons-of-2022","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/03\/cyber-security-professionals-share-their-biggest-lessons-of-2022\/","title":{"rendered":"Cyber security professionals share their biggest lessons of 2022"},"content":{"rendered":"
\n

The past 12 months have been a trying time for cyber security professionals globally. Most notably, they\u2019ve had to contend with a rise in cyber attacks linked to the war in Ukraine<\/a>.\u00a0<\/p>\n

At the same time, a global recession has resulted in mass layoffs across the technology industry. Consequently, cyber security departments are increasingly understaffed and burned out.\u00a0<\/p>\n

With a new year just around the corner, many cyber security professionals are reflecting on the challenges they\u2019ve faced over the past year and coming up with lessons on how to improve in 2023.<\/p>\n

Jake Moore, global cyber security advisor at ESET<\/a>, believes events such as the war in Ukraine and mass layoffs offer the biggest learning opportunities for cyber security professionals.\u00a0<\/p>\n

\u201cFor 2022, I think the majority of infosec professionals have noticed that resilience is not just a term used in cyber security, but also a term used to describe the ups and downs across the whole industry as a whole,\u201d he says. \u201cFrom working together trying to mitigate the impact of a cyber war coming out of Russia<\/a>, right through to tech layoffs across multiple organisations including the all-important security departments.\u201d<\/p>\n

He says cyber security professionals, many of whom work for overstretched departments, have displayed \u201ca remarkable level of resilience\u201d in the face of increased uncertainty and constantly evolving cyber attacks.<\/p>\n

With this in mind, his biggest lesson is to \u201cexpect the unexpected more than ever\u201d. \u201cNothing in this industry can ever be predicated, but learning is key to the future of its success,\u201d he says.<\/p>\n

\n

<\/i>Don\u2019t always trust popular cloud apps\u00a0<\/h3>\n

People must remember that popular cloud apps aren\u2019t always trustworthy and can be breached by cyber criminals, according to Netskope<\/a> EMEA chief information security officer Neil Thacker.\u00a0<\/p>\n

In 2022, he saw many instances of cyber criminals using apps such as OneDrive, GoogleDrive, GitHub, Box and Dropbox<\/a> to distribute malware and command-and-control<\/a> (C2) services.\u00a0<\/p>\n

\u201cToo many organisations continue to allow direct access to these services, without providing any form of inline security control to identify when these are being used and if it is for malicious purposes,\u201d he says.<\/p>\n

\u201cThe lesson to be learned here is that traffic both to and from cloud apps [software as a service] and cloud infrastructure [infrastructure as a service] must be secured and inspected to identify this type of attack vector and mitigate the risks.\u201d<\/p>\n<\/section>\n

\n

<\/i>Phishing goes beyond email\u00a0<\/h3>\n

Another lesson from Thacker is that organisations shouldn\u2019t just rely on simulation exercises and email security to mitigate phishing attacks. He says these two methods aren\u2019t effective enough on their own.\u00a0<\/p>\n

This is because cyber criminals are increasingly using genuine cloud app links to direct employees to spoofed login pages, tricking them into entering their user names, passwords and MFA information. Cyber criminals even convince many employees to provide access to data through \u201cimposter apps\u201d.<\/p>\n

\u201cThe lesson learned here is that phishing is no longer an issue confined to email security,\u201d says Thacker. \u201cSearch engines, social media and blog sites, along with legitimate services such as Google Docs and Microsoft OneDrive<\/a>, are all platforms being used in phishing campaigns.\u00a0<\/p>\n

\u201cIt\u2019s therefore crucial that user education begins at the initial click point and happens \u2018just in time\u2019. Phishing simulations and email security can be used to enforce the messaging on how to spot and report phishing attacks, but are not all-encompassing when it comes to training and counteracting new phishing methods in 2022 and beyond.\u201d<\/p>\n<\/section>\n

\n

<\/i>Invest in modern network and security architectures<\/h3>\n

Over the past year, Thacker has also noticed that large numbers of organisations have accelerated network security and transformation projects in response to \u201chigh inflation, scarce talent and global supply chain disruptions\u201d.<\/p>\n

\u201cThe triple squeeze [inflation, talent shortages and supply chain issues] in 2022 has meant organisations have been pushed to consolidate and converge their legacy network and security equipment to find efficiencies,\u201d he says<\/p>\n

\u201cAs companies prepare for a global recession, and the additional risks that come with economic challenges, it\u2019s important to be able to scale up, or scale down network and security spend.\u201d<\/p>\n

Thacker says the lesson to learn here is that organisations can aid network and security transformation initiatives through the use of modern network and security architectures, such as Secure Access Service Edge<\/a> (SASE).<\/p>\n

\u201cThis can include reducing risk, improving productivity among employees and driving cost efficiencies during a particularly uncertain economic environment,\u201d he adds.<\/p>\n<\/section>\n

\n

<\/i>Get the basics right<\/h3>\n

Threat actors are constantly devising new, sophisticated ways of launching cyber attacks on organisations and individuals, and perhaps this has led many cyber security professionals to \u201cfocus on cool vulnerabilities\u201d, according to Forrester<\/a> senior analyst Tope Olufon.<\/p>\n

But he believes this shouldn\u2019t come at the expense of cyber security basics such as asset management, patch management and audits. His biggest lesson of 2022 is that getting the basics right is the \u201cbedrock of effective cyber risk management\u201d.<\/p>\n

He also encourages cyber security professionals to increase their understanding of new technologies, while sentiment, culture and personality need to play an even bigger role in security design.\u00a0<\/p>\n

Olufon also recommends that security professionals work more with their peers in the IT department and other people throughout the business. \u201cJamie the network engineer likely has context you do not, and listening will make your life easier,\u201d he says.<\/p>\n<\/section>\n

\n

<\/i>Privacy is essential<\/h3>\n

Privacy has always been a crucial part of cyber security, but Rebecca Harper, head of cyber security analysis at compliance specialist ISMS.online<\/a>, believes it\u2019s the \u201conly future of information security\u201d.<\/p>\n

\u201cWith numerous countries adopting stricter data privacy regulations, the move towards a privacy-first approach is quickly becoming a necessity,\u201d she says. \u201cFor example, Google is phasing out third-party cookies<\/a> in 2023, while Apple has developed privacy protection features since App Tracking Transparency in iOS 14.5.\u201d<\/p>\n

In 2023, she expects privacy legislation to have an even bigger impact on the information security strategies of businesses and governments across the globe.\u00a0<\/p>\n

Harper\u2019s lesson is that privacy is \u201cessential for re-building consumer trust\u201d. \u201cAs the demand for privacy intensifies, so do the consequences of violating privacy<\/a>,\u201d she says. \u201cNot only are there fines from new laws, but brand perception \u2013 and therefore potential sales \u2013 are at risk every time privacy is violated.\u201d<\/p>\n<\/section>\n

\n

<\/i>Tackling burnout<\/h3>\n

Considering that cyber attacks are always increasing in number and complexity, it\u2019s understandable how IT security professionals can feel stressed and burned out.<\/p>\n

Rick Hemsley, cyber security leader at EY<\/a>, says business leaders need to understand the pressure faced by cyber security professionals<\/a> and the impact this can have on their daily lives.\u00a0<\/p>\n

\u201cTeams need to be able to not just track and measure threats, which is leading to cases of stress and burnout, but instead have the tools to proactively spot and manage them,\u201d he says.<\/p>\n

Hemsley also believes the best security leaders will take steps to better understand and improve the operating models of their departments.\u00a0<\/p>\n

\u201cThey are thinking about how their teams are structured, what are appropriate staffing levels, talent development, and how they deliver in-house, co-source and outsource,\u201d he says.\u00a0<\/p>\n

\u201cThese security leaders are also starting to have more data-driven conversations with the C-suite and stakeholders, using threat intelligence aligning it with business strategy, which is allowing them to instead become a catalyst for trusted change.\u201d<\/p>\n

Hemsley argues that for businesses looking to innovate sustainably and quickly, they must put cyber security at the heart of all digital transformation initiatives. He explains that \u201cthe opening of this new dialogue between the IT teams and the C-suite will be critical moving forward\u201d.<\/p>\n<\/section>\n

\n

<\/i>Improving cyber resilience\u00a0<\/h3>\n

As the cyber attack surface grows, there\u2019s an increased need for organisations to shore up their IT security defences and improve their resilience to cyber attacks.<\/p>\n

Ant\u00f3nio Vasconcelos, technology strategist at SentinelOne<\/a>, says organisations must be able to contain, minimise, mitigate and recover from cyber attacks efficiently.\u00a0<\/p>\n

\u201cThis resilience includes protecting your most valuable assets, like personal identifying information and IP, reducing supply chain disruption, and managing damage to your reputation.\u201d<\/p>\n

But Vasconcelos warns businesses that they can\u2019t simply buy cyber resilience. Instead, this is something they must earn.\u00a0<\/p>\n

\u201cAlthough it will mean different things to different organisations, a few core principles hold true,\u201d he says. \u201cThis includes segregating and segmenting higher-value assets from common ones, adopting a least privilege principle or always verify before trust protocol, and breaking the silos of compartmentalised security.<\/p>\n

\u201cFrameworks like ZTNA and XDR<\/a> are accelerators and enablers for organisations to walk the right path to achieve the cyber resilience they need to tackle threats today and tomorrow.\u201d<\/p>\n

The year 2022 has been challenging for the entire cyber security industry, and as the Ukraine war and global economic turmoil show no signs of slowing down any time soon, it\u2019s clear that 2023 will pose similar challenges for cyber security professionals. Hopefully, however, these lessons can help them strengthen their defences going forward.<\/p>\n<\/section>\n<\/section>\n

Read More<\/a>
\n Elroy Stoval<\/p>\n","protected":false},"excerpt":{"rendered":"

The past 12 months have been a trying time for cyber security professionals globally. Most notably, they\u2019ve had to contend with a rise in cyber attacks linked to the war in Ukraine.\u00a0 At the same time, a global recession has resulted in mass layoffs across the technology industry. Consequently, cyber security departments are increasingly understaffed<\/p>\n","protected":false},"author":1,"featured_media":593483,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24748,20,46],"tags":[],"class_list":{"0":"post-593482","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber","8":"category-security","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=593482"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593482\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/593483"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=593482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=593482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=593482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}