IT disaster recovery, cloud computing and information security news

John Stevenson, Senior Product Director at Cyren, looks ahead to 2023 highlighting the cracks in MFA, the skills gap, the emergence of cyber security compliance, and the need for layered email defence.

Cracks in multi-factor authentication  

Phishing will remain an unsolved problem leading to countless account takeover attacks. As businesses enable MFA, phishers will update their tactics to defeat additional verification steps like one-time codes sent to phones or email addresses. So-called strong authentication methods that rely on mobile phones and email accounts (that were never intended to be identities) will be the first to prove insecure for high-risk use cases. Passwordless authentication won’t yet solve these issues due to insufficient lifecycle management solutions and incompatibility with legacy systems.

The skills gap becomes the skills chasm

The shortage of skills and labour in the cyber security space will worsen as businesses reduce their workforces in preparation for the economic downturn. Alert fatigue will increase for security and helpdesk analysts facing a steady stream of high-volume, low-quality alerts. Cyber security leaders will accelerate adoption of solutions that outsource and/or automate investigation and response to alerts. Automating incident response workflows is one of the more promising use cases for artificial intelligence so look for that application of AI/ML to rapidly mature.

Cyber security compliance on the horizon

State and national governments tried to force good cyber hygiene by passing breach disclosure requirements like those found in GDPR, HITECH, and CA1386. In the US, the federal government is telegraphing its intention to require a baseline of cyber security practices by announcing the Cross-Sector Cyber Performance Goals. Cyber insurance issuers are also setting a higher bar for due diligence to avoid a breach. The political divisions within most large Western economies don’t create fertile ground for new comprehensive cyber security legislation in 2023, but look for governments to establish a common risk tolerance for critical industries rather than let these companies decide for themselves which risks are acceptable.”

Layered email defence

Organizations are acutely aware that attackers know the best ways to slip past defences / defenses and lure distracted employees with social engineering emails. The age-old defence in depth approach will evolve beyond email filters and security awareness training to include additional layers of automated detection and response to hunt and eliminate target attacks like spear phishing and business email compromise. Like intrusion detection systems evolving as a response to attacks that got past the network firewalls, and endpoint detection and response evolving as malware authors learned how to evade detection by traditional anti-virus agents.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.