Cybersecurity challenges

Cybersecurity challenges

Share post

Even if the beginning of the year went largely without spectacular cyber attacks, Sergej Epp from Palo Alto Networks expects anything but a decrease in risks and threats in terms of cyber security. Essentially, he sees eight growing challenges, but also gives advice on possible solutions to most of the upcoming tasks.

With the rise and risk of supply chain attacks, factors such as cyber resilience, vulnerability assessments and the level of cyber insurance will become part of the selection criteria for doing business. Recommendation for action: Companies should classify their suppliers based on their risk situation and assess whether they are cyber-insurable or not. An important part of supplier selection should focus on their reliance on open source code - expect the review process to become more sophisticated.

Coordinated kinetic attacks

Cyberspace has always been a battleground for many nation states. In 2023, we will see an increase in coordinated activities targeting critical infrastructure, both in cyberspace and in the physical environment. In the private sector, the security of physical users from coordinated attacks that abuse IoT or OT systems will be a key concern. Action: Autonomous security fusion centers that combine cyber and physical elements can act as an early warning system to detect and respond to these attacks. Likewise, the combination of cyber and physical security teams can help coordinate responses.

Social and ecological responsibility

With digital activities expected to account for seven percent of greenhouse gas emissions by 2025, companies are turning to digital transformation as a lever to reduce their emissions. Recommendation for action: Like the CIOs, the CISOs will also specify sustainability goals in their roadmaps and must generally participate in their company's social (CSR) and ecological responsibility strategy. Cybersecurity is a game changer that not only keeps critical infrastructure secure, but also gives businesses the confidence to adopt new technologies that help achieve sustainability goals.

The EU regulatory framework

With a revised NIS (v2) and the forthcoming Cyber ​​Resilience Act (CRA), both critical infrastructure and digital supply chains need to plan for an evolving regulatory framework in the European Union. Action: As more companies integrate digital elements into their supply chain, CISOs must work to turn evolving regulation into a future competitive advantage by considering establishing dedicated safety committees.

Ransomware & Stealth Stealers

Attackers are increasingly using stealth software and techniques to steal data without victims noticing. Unlike the ransomware business model, which demands payment, the stolen data or crypto wallets are directly sold or used while the threat actor remains hidden. Action: Attack surface management and attack detection capabilities against the organization's critical digital assets will increase significantly.

The year of consolidation

With tightening budgets and economic uncertainty, one of the key CISO metrics for the coming year will be to consolidate security resources and stop sourcing from multiple vendors to reduce risk and save costs. Policy Advice The shift in focus to converged platforms for SASE, XDR, cloud and within the SOC will be critical. Taking this a step further, security teams should align these efforts with overall business value metrics, ensuring a level of protection that commensurates with the risk appetite of the board.

Security in the cloud

The need for low-latency use cases (IoT, robots), optimal usability and regulatory concerns, such as B. data localization, will require that the data processing functions are located close to the user accessing the service. Cloud-based security services must be able to scale across an infrastructure that is increasingly dispersed and localized. Best Practice: Secure Access Service Edge (SASE) will provide the best user experience and operational performance to enable future digital growth, paving the way for viable edge computing.

Employee data gets CxOs in trouble

Driven by the transition to hybrid work practices, employee monitoring has ramped up to maintain and increase employee productivity. But where should companies draw the line? Collecting data like recording keystrokes, desktop snapshots, or even tracking employee movements can violate privacy laws like GDPR. Best Practice: When it comes to collecting data, CISOs need to put themselves in the employee's mind and ask two questions: "How much is too much?" and "What if the employee wants their data back?"

More at PaloAltoNetworks.de

 


About Palo Alto Networks

Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.


 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Companies spend 10 billion euros on cybersecurity

Germany is arming itself against cyber attacks and is investing more than ever in IT and cyber security. In the current year the ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more