Monday, January 30, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Free Magazine
The Cyber Express
Ransomware 2023 Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features

Decisions for Managers in 2023: Cyber Security Experts List Pitfalls and Pillars

Industry leaders share their insights on the cybersecurity challenges and opportunities that businesses may encounter in the current year

Editorial by Editorial
January 11, 2023
in Features
0
Cyber Security Experts
587
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

2023 is going to be the year when cyber security becomes a business decision. From CISOs struggling to get tech funds sanctioned, the year will see the board of directors mulling over the possible business losses of not adopting the latest cyber defence processes.

The Cyber Express talked to cyber security experts and aggregated their insights on the possible stumbling blocks and stepping stones that businesses would face this year. which would ease a manager’s cyber decision process.

You might also like

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

Revitalize Your iPhone 5s and Beyond: Apple Unleashes New Updates

Malware-as-a-Service on the Rise, Ransomware Rotates Away from Bitcoin

Cyber defence: Preparation is key

Organizations have been on the defensive against cyberattacks as they become more frequent and complex.
The cyber threat landscape is rapidly evolving due to digital transformation, and organizations must carefully consider the best approach for securing their critical data.

The “more is better” approach is not sustainable due to the vast number of systems that need to be secured. This approach would only be effective if an organization had an unlimited cyber security budget and resources.

Given the current economic climate, businesses are looking to streamline their budgets. To make informed cyber security investments that align with business outcomes, companies should adopt a “risk optimization” model. This will allow them to establish a targeted strategy for their cyber security budget.

The Cyber Express surveyed industry leaders and cyber security experts to gather their insights on the challenges and opportunities that businesses may encounter in the current year, in order to assist managers in making informed cyber decisions. Here is what cyber security experts have predicted for the year to come.

Dr Ian Pratt, Global Head of Security at HP Inc.

Rise in hijacking remote access sessions could result in high-value domain servers and cloud admin portals – or even physical OT environments – being breached

Session hijacking – where an attacker will commandeer a remote access session to access sensitive data and systems – will grow in popularity in 2023. Increased use of features like Windows Defender Credential Guard are forcing attackers to pivot – either capturing users’ passwords to enable lateral movement, or hi-jacking the remote session itself to access sensitive data and systems. The latter is particularly powerful.

By targeting users with elevated rights to data and systems – such as domain, IT, cloud, and system administrators – these attacks are more potent, harder to detect, and more difficult to remove. The user is typically unaware that anything has happened. It takes just milliseconds to inject key sequences and issue commands that create a backdoor for persistent access. And it works even if Privileged Access Management (PAM) systems are being used to employ Multi Factor Authentication (MFA), such as smart cards.

If such an attack connects to Operational Technology (OT) and Industrial Control Systems (ICS) running factories and industrial plants, there could also be a physical impact on operational availability and safety – potentially cutting off access to energy or water for entire areas.

Session hijacking does not rely on exploiting a fixable vulnerability; it is about abusing legitimate and necessary functionality of remote session protocols – like Remote Desktop Protocol (RDP), Independent Computing Architecture (ICA), and Secure Shell (SSH).

Strong isolation is the only way of avoiding these kinds of attacks and break the attack chain. This can be done either through using a physically separate system, like a Privileged Access Workstation (PAW), or virtual separation, via hypervisor-based approaches.”

Tom Van de Wiele

Tom Van de Wiele, Principal Technology & Threat Researcher

Cheaper GPUs means more potential for experimentation and increased crime-as-a-service development

The change of some of the cryptocurrency consensus (e.g. Ethereum making the transition from “proof-of-work” to “proof-of-stake” which is more eco-friendly) and the market being able to catch up with demand has resulted in dropped GPU prices.

This means that more people will have access to powerful GPUs which can then be monetized. We will see increased experimentation as well as ML/AI that will be repurposed to criminal industries e.g. synthetic AI for written works and art.

But also deep-fake generation for video, audio and handwriting; as well as things where ML/AI is already being used for anti-cheat systems for the online gaming world and to devise bypass mechanisms to bypass the detection ML/AI e.g. player pattern analysis.

This means that companies and cyber security experts should slowly but steadily start prioritizing integrity as part of the data assurance equation and start assuming that just because an image, conference call screenshot or even a written e-mail or signature looks legit, doesn’t mean it is.

This means more pressure on PKI implementations or other cryptographic ways of establishing integrity and trust in order to avoid large scale phishing campaigns leveraging these kinds of novel manipulation methods

Year 2038 is closer than we think. Strap in and start preparing

We are slowly starting to see ‘Year 2038’ problems with a few expected but also some unexpected
impacts where technology plays a role. Anything where the year 2038 already plays a role e.g.
calculating of termination dates of contracts, expiry dates of warranty on larger purchases or in
the industrial world, etc.

The first 2038 problems we will see today and in the next few years leading up to 2038 will have to do with planning, tasking, PKI and other systems where future dates have to be used.

The media will make this a frenzy and might potentially blow it out of proportion, which is not necessarily a bad thing. In the case of Y2K, this was positive as it served as an awareness campaign because computers were fairly new to the mainstream population and the impact was limited because of the slow adaption but also because of the awareness.

The issue is that the world runs on C/C++ today far more than it ran on COBOL in 2000, as basically all of our major operating systems, libraries and software ecosystems run on C/C++.

This is not something that will just pass us by. Companies will have to perform a non-cursory review of all software used as part of their core business processes, find out what vendors and manufacturers are doing to start having the dialogue to anticipate any potential problems.

But also to make sure that processes are in place for reviewing the technology used by supporting services and third parties. Business continuity and disaster recovery planning will go up in the threat maps for most organizations, especially for those that have relied on smaller or bespoke software for which obtaining support is cumbersome, expensive or even impossible and for which alternatives will have to be sought and transitioned to.

Read more insights by Tom Van de Wiele in our latest issue. Subscribe now for free

Andy Zollo, Vice President EMEA at Imperva

Organizations will realize bundled cloud security tools aren’t fit for purpose

2023 will be the year we see organizations begin to question whether they are being too trusting of cloud security. They will increasingly realize that the cloud is not secure-by-design and that bundled security tools from cloud providers simply don’t cut it.

Despite initially appearing to be easy to use, enterprises are finding – to their cost – that the one-size-fits-all approach of many cloud services’ security offerings simply cannot fully protect data in the cloud. There will always be differences in circumstances that leave a gaping hole for attackers. Without putting in proper controls to secure the cloud, vulnerabilities and misconfigurations of cloud environments will be one of the biggest risks to data.

Enterprises and cyber security experts will see a thorough security audit as one of the essential steps to adopting any cloud service and ensuring that they have the right security and tools in place to meet their exact needs, instead of blindly trusting their provider. After all, it doesn’t matter how much money you save migrating to the cloud if you increase the risk of a costly breach in the future.

Read more insights by Andy Zollo in our latest issue. Subscribe now for free

Alex Holland

Alex Holland, Senior Malware Analyst at HP Inc.

People may turn to ‘cyber hustling’ in the cybercrime gig economy to make quick cash during the economic downturn

The 2009 recession saw surges in malware and online fraud. Since then, we’ve seen the rise of the cybercrime gig economy, where the shift to platform-based business models has made cybercrime easier, cheaper and more profitable.

Cybercrime tools and mentoring services are readily available at low costs, enticing cyber hustlers – opportunists with relatively low levels of technical skill – to access what they need to turn a profit. As we face another global downturn, easy access to cybercrime tools and know-how could increase the number of attacks we see – especially attacks against home users by opportunistic cyber hustlers.

Home users may get caught in the firing line, as they are easier to compromise than enterprises. Cyber hustlers are likely to use simpler techniques, like scams and phishing – potentially capitalizing on the economic downturn by offering people fast ways to make money, like cryptocurrency and investment scams.

The interconnected nature of the cybercrime gig economy means threat actors can easily monetize attacks. And if they strike gold and compromise a corporate device, they can also sell that access to bigger players, like ransomware gangs. This all feeds into the cybercrime engine, giving organized groups even more reach.

As attacks against users increase, having security baked into people’s PCs from the hardware up – so they can easily prevent, detect, and recover from attacks – will be essential. Our research shows that email is the most common attack vector, particularly for opportunists like cyber hustlers.

Isolating risky activities is an effective way of eliminating entire classes of threats without relying on detection. Threat containment technology ensures that if a user opens a link or attachment and something nasty comes through, the malware can’t infect anything.

This way organizations can reduce their attack surface and protect employees without hindering their workflows.

Andrew Patel, Senior Researcher at WithSecure Intelligence

Social networks will continue to have the same problems they have today

Existing social network companies will continue to inadequately address disinformation, online harassment, and the problem that recommendation mechanisms lead many people towards belief in dangerous conspiracy theories and extremist views.

YouTube will continue to be a vector for advertising scams, pushing harmful disinformation, and delivering malware. WhatsApp will continue to function as a good platform for delivering scams and malware. LinkedIn will continue to be an excellent tool for reconnaissance and social engineering attacks.

Adversarial machine learning attacks will still not be used in 2023

We first wondered whether haveibeentrained.com was using membership inference attack methodology against image generation models.

However, it turned out to be a simple similarity model derived from common training sets and their metadata. I still wouldn’t expect to see mainstream adversarial-machine-learning-attack[1]as-a-service operations in 2023.

Read more insights by Andrew Patel in our latest issue. Subscribe now for free

Read 30+ cyber security experts share security forecast for 2023. Find out what trends and threats to watch out for in the coming year and how to protect yourself and your organization from cyber attacks. Subscribe to our Magazine

The-Cyber-Express-Magazine-January-2023

Latest Issue is Out

Stay ahead of the curve in the world of cybersecurity with the latest predictions from industry experts. In this Issue, we’ve compiled insights and interviews with top experts to give you an exclusive look at the trends and threats expected to shape the field in 2023. 

Subscribe Now! Its FREE

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: cyber security expertsCybersecurity Predictions for 2023Decisions for Managers in 2023
Previous Post

Experian Security Flaw: Slight Tweak to Website URL Exposes User Credit Reports

Next Post

Microsoft Patch Tuesday: 97 vulnerabilities,1 Zero-Day Fixed

Editorial

Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

Related Posts

SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

by Editorial
January 28, 2023
Apple Unleashes New Updates
Features

Revitalize Your iPhone 5s and Beyond: Apple Unleashes New Updates

by Ashish Khaitan
January 24, 2023
Malware-as-a-Service
Features

Malware-as-a-Service on the Rise, Ransomware Rotates Away from Bitcoin

by Editorial
January 21, 2023
Russia-Ukraine Conflict
Cyber Warfare

Russia-Ukraine Conflict: Anonymous Affiliates Target Routers Across Russia

by Chandu Gopalakrishnan
January 18, 2023
Biometric Security
Features

Biometric Security Vital in Post-Quantum Future

by Editorial
January 16, 2023
Next Post
Microsoft Patch Tuesday

Microsoft Patch Tuesday: 97 vulnerabilities,1 Zero-Day Fixed

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Issue is Out. Subscribe Now

Cybersecurity Person of The Year 2023
Download Now

Sign Up For Newsletter

Name*

Recommended

US Ransomware

US Traces Record Ransomware Payments, Interpol Report Confirms Trend

November 2, 2022
LockBit 3.0 Claims to Have Stolen Thales’ Data

LockBit Ransomware Gang Claims to Have Stolen Thales’ Data

November 2, 2022

Categories

  • Appointments
  • Budgets
  • Business News
  • Compliance
  • Cyber Essentials
  • Cyber Warfare
  • Cybersecurity News
  • Dark Web News
  • Data Breach News
  • DDoS Attacks
  • Espionage
  • Features
  • Firewall Daily
  • Gitex2022
  • Governance
  • Hacks
  • How to
  • Interviews
  • Learning & Development
  • Main Story
  • Malware News
  • Mergers & Aquisitions
  • Partnerships
  • Podcast
  • Policy Updates
  • Press Release
  • Ransomware
  • Regulations
  • Research
  • Resources
  • Sponsored Content
  • Startups
  • Vulnerabilities
  • Workforce

Don't miss it

Cyber Security for Water Treatment Plants
Sponsored Content

The Threat is Real: Cyber Security for Water Treatment Plants Demands Attention

January 29, 2023
Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

January 28, 2023
SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

January 27, 2023
How to protect and recover your Facebook and Instagram accounts – a complete guide
Resources

How to protect and recover your Facebook and Instagram accounts – a complete guide

January 27, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

© 2022 The Cyber Express | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.