Cybersecurity will continue to be a major focus for our customers as they look to bolster their digital defences in 2023.

It’s just around the corner but before we all enjoy our well-deserved Holiday, I thought I would provide some food for thought before 2023 is upon us.


Several factors will influence how customers will look to strengthen their digital defences in 2023, and cybersecurity will remain a top priority. 

  • Ransomware attacks are rising, zero-trust models are becoming more popular, and there are more state-sponsored attacks than ever before because of the ongoing conflict in Ukraine.
  • More companies have now adopted cloud technologies, which has resulted in efficiencies has also resulted in an abundance of data. This plethora of data means risk, including data breaches, compliance, and theft—this is common for small businesses, individuals, and big companies alike.  Consider Data life cycle management as an essential cyber hygiene step. If you don’t need it get rid of it! How many of our customers are aware that collection of PII under New Zealand’s privacy laws require that the retention period of that information be stated and for what purpose that data is being collected.
  • Multiple stage and multiple vector attacks are the new normal.
  • Indirect attacks are increasing where a weakness in a business partner or supplier’s system is exploited to attack the primary target. 

 

Phishing

An oldy but a goody but attackers have become more sophisticated with their methods. They have started investigating potential victims to gather the information that will increase the likelihood that their phishing assaults will be successful as they strive to make them more targeted and effective. One method attacker’s use to test email addresses and see who would react is bait attacks. 


The first of the three steps of a phishing attack is preparing the bait. This involves finding out details about the target, which can be as simple as knowing that they use a particular service or work at a particular business. This is one of the reasons why data breaches where no ‘sensitive’ information is compromised can be so dangerous: if a service leaks a list of just email addresses of its users, criminals will be able to know that all the owners of those email addresses use that service and can target them with emails that pretend to be from that service.


In more sophisticated spear phishing attacks, cyber criminals can harvest details from your web site or social media profiles to build a highly customised spear phishing message that is highly likely to convince you of its genuineness.


According to a recent report, around 35% of the 10,500 firms examined were the subject of at least one bait attack in September 2021, with one of these messages arriving in an average of three different mailboxes per business. Additionally, between August 2020 and July 2021, corporate assaults on infrastructure, transport, financial services, and other organizations accounted for 57% of all ransomware attacks, up from only 18% in their 2020 research.

Filtering technology has improved significantly, and defence based on AI is even more effective. To be able to defend against such assaults, Defender for office makes use of information that has been gathered from a variety of sources, including communication graphs, reputation systems, and network-level analyses. 

 

The Supply Chain 

A supply chain assault occurs when the products, services, or technology a vendor or MSP provides to a client has been hacked, posing a danger to the customer base. This could be in the form of a supplier’s email account being used fraudulently for social engineering purposes or to raise the likelihood of malware infection. More complex attacks can make use of a supplier’s network’s privileged access to breach the target network.


One such example came from the software provider, SolarWinds, who learned of a supply chain assault on one of its software systems in late December. The attackers modified signed versions of the supplier’s software with malware, which they then exploited to infect 18,000 private businesses and government agencies. Once it was installed in the target environment, the virus spread across a greater attack vector.

According to Gartner, by 2025, three times as many firms as in 2021 could face assaults on their software supply chains. This means customers will look to minimise digital supply chain risk and put pressure on suppliers to show security best practices, Get your own house in order first is a message we should all heed. What is your secure score? What is the average secure score of your customers?

I think it’s important that all consider the possibility of what I shall coin a “reverse supply chain attack” where a customer is compromised, and credentials also used on our tenant are leaked. Resulting in a secondary attack against us, then back to our other customers. There is another reason to call it the web.


XDR

By implementing a XDR enforced zero trust architecture, businesses can minimise the effectiveness of individual security events by an average of 90% in the first few years.


The XDR platform approach will become even more crucial as more businesses transfer their activities to cloud infrastructures and multi-cloud environments.  XDR environments are composed of several layers of security controls that cooperate to shield a company from various attacks, including malware, viruses, phishing attacks, and others. XDR can offer better IT security and protection from cyber threats the more levels it has. Think of it as Défense in depth across all your environment with each control/product communicating and correlating alerts. In contrast to conventional point solutions, the objective is to achieve continuous visibility into traffic and behaviour across the whole environment, which results in superior protection. While many vendors have attached XDR “branding” to their products evaluate them on their integration across your customers entire environment. 

Invest

Security is increasingly becoming a specialised area meanwhile all our customers are demanding we provide security. This is having a huge affect on you as partners, as your help desk are now being flooded with calls and alerts that demand much more skilled resources. Triaging these calls and escalating these calls and alerts is a critical factor in designing your security offering. Design your security offering to utilise your current resources and invest to build that resource base. Scale by co-oping some functions to specialist partners or enlist professional services such as Microsoft’s treat hunters. 

Till next month Stay secure, insured, and safe.