- Security leaders will increase their focus on cyber resilience. While protecting organizations against cyber threats will always be a core focus area for security programs, we can expect an increased focus on cyber resilience, which expands beyond protection to include recovery and continuity in the event of a cyber incident. It’s not only investing resources in protecting against cyber threats; it’s investing in the people, processes, and technology to mitigate impact and continue operations in the event of a cyber incident.
- Security teams need to protect against increasingly sophisticated spear phishing and social engineering attacks. The sophistication of recent spear phishing and social engineering attacks make attribution of threat actors increasingly difficult, which makes it more challenging for organizations to properly defend against them. Next year, expect to see more sophisticated social engineering attacks utilizing emerging deep-fake and AI technologies.
- Continuing instability across the software supply chain will provide a rich environment for large-scale attacks. We’ve seen major supply chain attacks over the past few years and the software supply chain has only grown in importance. A recent executive order on the security of the software supply chain for government vendors is a step in the right direction. But we need to see more companies focus on strengthening their security practices, from considering a zero-trust approach to further securing infrastructure services (e.g., code signing, PKI, and hardening the release process). Increasing dependencies on third parties will also require more focus on security controls throughout the software supply chain, such as instituting third-party risk assessments, identity and access management, and timely patching.
- Increasing reliance on cloud vendors could expand companies’ attack surfaces. With the flexibility offered by the cloud, more organizations are layering cloud technology into new places and enabling unique use cases with cloud technologies. However, in doing so, they’re also expanding their attack surfaces and will also need to come up with new strategies to deploy cloud security technologies and protection strategies. IT leaders will also need to have a strong process in place to evaluate these vendors and understand the technologies they use on the backend.
1 min read