What do cybersecurity hacks look like in 2022? Holschuh: I think the cybersecurity hack of 2022 involves minimal technology compromise. Social Engineering and Business Email Compromise attacks are on the rise and are very difficult to prevent. The goal is to trick the user into providing information or transferring money to the bad actor. These attacks include creating fake bank accounts, fake invoices, fake phone numbers, impersonated email signatures, and other brand impersonations. Implementing robust training, an awareness program, and additional email filtering systems are your best bet at protecting against this type of attack. Patching a vulnerability or closing a firewall port can’t prevent the attacks. You are relying on the human element, which can be very unpredictable. Mayger: As Jeff mentioned earlier, ransomware will remain in the news. Companies will get hacked because their employees fall prey to phishing and other social engineering exploits. Attackers will find improperly secured networks, unpatched machines, and weak or default passwords. The news headlines will be that these companies aren’t following best practices.
What trends in cybersecurity are worth watching over the next 9 to 12 months? Holschuh: Identities and end-users are two of the most critical components of cybersecurity. The corporate firewall once protected corporate systems. Now, applications are available to any device anywhere. The identity is the primary protection for these always connected systems and their associated data. Many of these systems have APIs and mobile-friendly sites that need authentication protections tailored to their use cases. Finally, end-user training and awareness are as important as ever. I would watch for technologies that provide advanced email curation using AI and natural language processing. Filtering out social engineering attempts, detecting business email compromises, and removing content before it reaches the end-user will help protect against fraudulent financial transactions. What can organizations do to operate in the cloud safely and securely? Mayger: The best advice I can give is to have a cybersecurity program grounded in best practices. NIST and CIS frameworks and other best-practice cybersecurity frameworks provide guidance for a secure network environment, including the cloud. Azzone: I think it’s essential to engage a third-party partner who can help with the journey and provide an outside perspective. From a solutions-based standpoint, I’d say finding the best detection and response solution for your particular workload is invaluable.
Panel of Experts | 31
Powered by FlippingBook