Keyword tags:Ā
Cyber Crime & Forensic
Threat detection & defence
Mobile & Wireless
Cloud Security
Identity & Access
Devices & IoT
Cyber Safety
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today released Future/Tense: Trend Micro Security Predictions for 2023. The report warns that threat actors will ramp up attacks, targeting security blind spots in the home office, software supply chain, and cloud in the coming year.
āThe pandemic might be receding, but remote working is here to stay,ā said Jon Clay, Vice President of Threat Intelligence at Trend Micro. āThat means a renewed threat actor focus on unpatched VPNs, connected SOHO devices and back-end cloud infrastructure in 2023. In response, organizations will need to focus on helping overworked security teams by consolidating attack surface management and detection and response to a single, more cost-effective platform.ā
āOrganizations in Southeast Asia will stand to greatly benefit by pivoting to a platform-based approach to security in 2023. This is largely underpinned by the need for greater visibility of the attack surface, which in 2022 stands at just 62%āimpeding an organizationās ability to adequately understand, communicate, and manage cyber risks,ā said Nilesh Jain, Vice President of Southeast Asia & India at Trend Micro.
āA platform-based approach will not only deliver efficiencies and enhanced capabilities for risk management through vendor consolidation, but it will also enable organizations to catch up to advancing threat groups, now and in 2023.ā
According to the report, VPNs represent a particularly attractive target as a single solution could be exploited to target multiple corporate networks. Home routers will also be singled out as theyāre often left unpatched and unmanaged by central IT.
Alongside the threat to hybrid workers, the report anticipates several trends for IT security leaders to watch out for in 2023, including:
A growing supply chain threat from managed service providers (MSPs), which will be selected because they offer access to a large volume of downstream customers, thereby maximizing the ROI of ransomware, data theft and other attacks
āLiving off the cloudā techniques may become the norm for groups attacking cloud infrastructure to stay hidden from conventional security tools. An example could be using a victimās backup solutions to download stolen data into the attackerās storage destination
Connected car threats such as targeting of the cloud APIs which sit between in-vehicle embedded-SIMs (eSIMs) and back-end application servers. In a worst-case scenario (i.e., Tesla API) attacks could be used to gain access to vehicles. The connected car industry could also be impacted by malware lurking in open-source repositories
Ransomware-as-a-service (RaaS) groups may rethink their business as the impact of double extortion fades. Some may focus on the cloud, while others could eschew ransomware altogether and try monetizing other forms of extortion like data theft
Social engineering will be turbo-charged with business email compromise (BEC)-as-a-service offerings and the rise of deepfake-based BEC
Trend Micro recommends organizations mitigate these emerging threats in 2023 via:
Zero trust strategies built on a ānever trust, always verifyā mantra, to minimize damage without sacrificing user productivity
Employee training and awareness raising to turn a weak link in the security chain into an effective line of defense
Consolidating onto a single security platform for all attack surface monitoring and threat detection and response. This will improve a companyās ability to catch suspicious activity across their networks, reduce the burden on security teams and keep defenders sharp
Stress testing IT infrastructures to ensure attack readiness in different scenarios, especially ones where a perimeter gateway has already been breached
A software bill of materials (SBOM) for every application, to accelerate and enhance vulnerability managementāby delivering visibility into code developed in-house, bought from commercial sources, and built from third-party sources
Source: Read More