IT security outlook 2023 (part 1)

December 5, 2022

Fran Rosch, ForgeRock: wave of layoffs leads to increased insider security risks

“Even in 2023, third-party security risks to businesses will not simply disappear. Faced with an impending economic downturn, many companies are imposing hiring freezes and in many cases even laying off employees, which will lead to increased security risks. This is because the resulting gaps in staffing levels are often filled by consultants and other outsiders who gain access to company networks and thus to confidential information. However, the degree to which they are trained in security and data protection and integrated into company processes is not comparable to that of permanent employees. If, for example, the end device of an external employee is compromised, it is comparatively easy for malware to penetrate corporate networks and from there to spread to other end devices – thus posing a threat to the entire company. One solution to this challenge is a reliable governance solution that gives companies a better overview of who can access which information from which device and location in the corporate networks. Such a solution, AI and machine-learning powered, is the only way for large enterprises to effectively capture and manage this.”

Oliver Hillegaart, Jamf: IT security must not detract from user experience and productivity

“IT security and data protection are important, but should not be enforced with a sledgehammer at the expense of user experience. Otherwise, these efforts will achieve exactly the opposite. If IT managers in companies restrict the functionality of applications and devices in the name of security to such an extent that they no longer fulfil their purpose – to simplify everyday work – employees will sooner or later look for alternatives, usually in the form of comparatively less protected, private devices. Accordingly, both security and bring-your-own-device (BYOD) policies and offerings must evolve to enable an optimal, end-user-like user experience, for example, through sensible partitioning of private devices. Vendors and corporate IT managers need to work together to find and offer compelling solutions. They need to work on implementing innovative technologies that both protect privacy and promote employee productivity without interfering with their daily work.”

Marcin Kleczynski, Malwarebytes: Cybersecurity staff shortage reaches peak, resulting in serious attacks

“The IT skills shortage has not been a secret for a long time. According to a recent Bitkom study on the labour market for IT professionals, Germany’s companies currently lack 137,000 IT experts, around 10 per cent more than in 2019. In the cybersecurity sector, the staffing gap in Germany has even grown by 52.8 per cent compared to 2021, according to a result of the (ISC)2Cybersecurity Workforce Study 2022. This situation will become even more acute in 2023. I therefore strongly expect that we will see more serious attacks in the coming year, which can be directly linked to the shortage of cybersecurity professionals. This is because overworked, understaffed IT security teams inevitably make mistakes. They are no longer able to respond adequately to the current volume and sophistication of cyber threats. As an industry, we need to be aware of this risk and address it pre-emptively. On the one hand, we need to train new IT security talent to fill the staffing gap as quickly as possible. Secondly, we need new tools and resources to relieve thinly staffed teams. For example, a managed detection and response solution can help companies and managed service providers to continuously monitor, analyse and respond to cyber threats. In-house teams can be augmented by external security experts in this way.”

Marco Meier, RingCentral: Zero trust and E2EE are crucial for security in the UCaaS sector

“Security no longer simply means putting up a firewall that is as impenetrable as possible. In order to keep up with the dynamics – and risks – of technological change and the digital transformation of the working world today, companies must actively work to reduce their attack surfaces for cyber threats. In the area of Unified Communications as a Service (UCaaS), this means relying on a zero-trust model, ideally with end-to-end encryption (E2EE). A corresponding UCaaS communications solution enables companies to identify and fix potential security vulnerabilities faster and easier, implement updates and relieve their IT department. E2EE acts as a powerful security and privacy control by ensuring that unauthorised third parties – including the UCaaS provider itself – cannot access the data stored and used in the communication solution. This creates a self-contained security ecosystem that meets all the requirements of a zero-trust model.”

Helmut Semmelmayer, tenfold Software GmbH: Focus on cyber security: small and medium-sized businesses in focus

“The intensified threat situation of recent years, which has developed as a result of the pandemic-related change in working models, gains additional explosiveness in 2023 due to global conflicts and crises in the energy sector. In addition to the known criminal groups, experts are also observing increased attempts by state actors to penetrate networks and infiltrate critical systems. Against this background, a tightening of legal security standards is likely, especially in the area of public utilities. The protection of essential infrastructures against digital threats continues to gain in importance. In this tense situation, there has long been no way around the issue of secure IT management, even for small and medium-sized businesses. Despite an increasing willingness to invest, many organisations struggle here in their search for suitable systems, as common platforms focus entirely on the requirements of large companies. To ensure that the automation of essential control and management functions related to IT security also succeeds in medium-sized organisations, the selection of properly tailored software solutions is crucial. Systems that can be quickly and seamlessly integrated into business processes offer the best protection.”

Related Articles

“E-wallet”: US banks arm themselves against PayPal

“E-wallet”: US banks arm themselves against PayPal

Joint digital payment system also to compete with providers such as Apple Pay: The largest banks in the USA want to jointly establish an electronic wallet to take on competitors such as Apple Pay (https://www.apple.com/at/apple-pay/) and PayPal...

New law for critical infrastructures

New law for critical infrastructures

KÖTTER Security calls for greater consideration of private security service providers Acts of sabotage against railway lines and cyber-attacks on public institutions have recently brought security for critical infrastructures (CRITIS) back into the public focus....

Walking stick 2.0 for the visually impaired finds muesli

Walking stick 2.0 for the visually impaired finds muesli

An intelligent walking stick developed by researchers at the University of Colorado Boulder (https://www.colorado.edu) is designed to make life easier for blind and visually impaired people. It is equipped with a camera and software that can evaluate images. In...