It’s time to rethink existing technologies, boardrooms, and people
By James Nunn-Price, Accenture’s Security Lead, Growth Markets
2023 is looking to be a challenging year, as enterprises face the resurgence of cyberattacks, which have grown increasingly structured, organised and destructive. Cybercriminals are now evolving their threat tactics, building them to evade even the most sophisticated detection technologies.
As raised in the recent World Economic Forum Global Cybersecurity Outlook 2023 report written in collaboration with Accenture, there is an urgent need for enterprises to head into 2023 with a cybersecurity strategy that can withstand even the worst of disruptions, especially in an era of looming geopolitical and economic uncertainty. This includes revisiting strategies to protect the digital core of existing technologies and people, and reinventing current ways of working as needed to deliver the most resilient cybersecurity enterprises.
Protect the core – Renew and rethink digital identities
Information stealer (infostealer) malware, a malicious software designed to steal victim information was one of the most discussed malware types on the cybercriminal underground in 2022, according to Accenture’s Cyber Threat Intelligence team (ACTI). While more organisations rushed to implement multi-factor authentication to protect against the theft of user credentials, cyberthreat actors have still managed to successfully carry out high-profile breaches.
Threat actors have started thinking out of the box, and in the year ahead, we will continue to see these tactics evolve further. These actors will exploit what is available, utilising social engineering techniques to gain access to corporate networks. This could even be done using less sophisticated methods, such as leveraging a standard user profile and passing them off as employees. Obtaining a baseline understanding of user behaviours and identifying anomalies will be more critical than ever for enterprises, to renew their focus on digital identities, including rethinking their identity fundamentals to implement better and more efficient modes of detection and protection controls.
Secure the new – Strengthening cloud and quantum security
The pandemic saw a tsunami-like move to cloud, which while beneficial, also exposes enterprises to new business risks – especially within the security realm. The cloud is only as secure as you configure it, meaning that enterprises need to start using security as a compass to guide their pathways in the cloud if they want to build up their cyber resilience in the face of evolving threat attacks. We will see more cloud service providers innovate their current security features to meet current compliance standards, and there will be an increased focus on driving easy, natural consumption of cloud security services including the expansion of many cloud-native security services.
There is also the danger of a quantum apocalypse, in which the acceleration of quantum computers is bringing adversaries even closer to a “crack all” reality. Forward-thinking companies are already experimenting with cloud-based and hybrid quantum computing. But the growing danger for enterprises in 2023 would be the adoption of a “steal now, decrypt later” crime mindset, where hackers rely on the idea that even if the stolen information cannot be deciphered today, advances in quantum computing can. Adopting post-quantum encryption algorithms can help enterprises enhance their security resilience.
Drive culture change – Making people a critical infrastructure
As threat actors become more audacious in the scale and scope of their data breaches, enterprise leaders need to ensure that they have the right people guarding the doors of their business – everyone has a role to play, not just the security function. Giving Chief Information Security Officers (CISOs) a seat at the top table and aligning the business with them is the first step to helping enterprises better understand their own business risks and relook at their priorities. Around 70% of cyber champions, or organisations that excel at both cyber resilience and aligning their cybersecurity strategies with their business strategies, have their CISOs report to the CEO and the Board. Moving CISOs away from their siloed roles in cybersecurity and into the boardroom can serve the whole business well.
But CISOs cannot do this alone and will need the support of their A-team to assess and manage cybersecurity risks. Following the tech talent shortage of last year, leaders will need to do more to attract and retain the best cybersecurity talent in 2023. Widening the talent pipeline such as investing in programmes to collaborate with top industry partners to offer mentoring and training programmes is one way enterprises can look to identify untapped sources of talent. Shifting cybersecurity training content to include more customised experiences geared towards the individual employee’s role and business priorities will also be crucial to building a resilient cybersecurity taskforce.
The path to cyber resilience
We are witnessing familiar challenges that we have experienced in the past, such as the ever-constant evolution of cyberattacks and the uptick in their occurrences. However, against the expanding threat landscape, businesses can soar above these challenges by seeking out the best way to run and automate security operations – be it in rethinking existing approaches and tech solutions to cyber challenges, or investing in talent and AI to create an optimised and well-equipped first line of defence against cyber threats.