As an industry, we’re still a long way off reducing the impact of ransomware. Initial access points are still pervasive, and increasingly opportunist attackers are always becoming more underhand when it comes to covering their footprints.
However, where things differ from previous years is that attackers are increasingly aware of how they can abuse incorrectly configured or deployed security tools, such as EDR, to aid their malicious agenda.
This is because, there is no such thing as a security Nirvana. Cyber threats, including ransomware, will never be prevented by implementing shiny new products and solutions unless the underlying security issues are addressed.
Therefore, in 2023 I hope organisations shift their mindset away from feeling as though they need the latest tempting tech, and instead focus on consistently achieving the human-centric security basics. These basics include patching, strong passwords, and a detailed security policy.
Work with the good guys
As we approach the end of what has undoubtably been a challenging year, it’s easy to focus on the negatives. However, looking for the silver-linings, I do believe that some organisations are entering 2023 with an increasing level of maturity when it comes to recognising the importance of advancing their strategic security journey. Consequently, I anticipate an unprecedented appreciation for how pen-testing effectively exposes gaps in security, and this in turn will help to reinforce the importance of those all-important security basics.
One of the most frustrating things as a pen-tester is when you return to an organisation a year later and see exactly the same issues as before. There is no value to this for the client. They are not maturing. In fact, they are regressing. Pen-testers are never looking to catch a client out but are on your side and only want to facilitate progress. Therefore, in 2023 I implore organisations to work with pen-testers for the best, year on year result.
2023 Resolution
“If those in the security industry have one New Year’s Resolution, it must be understanding asset management. Asset management is key and the first step towards cyber maturity. How can you expect to protect the assets you have within an organisation without knowing what they are?
In light of our current economic situation, like all others, the security industry faces a squeeze on pricing in 2023. Organisations more than ever will need to spend as little as possible with maximum Return of Investment. Asset management is the first step to achieving an increased ROI. If you don’t then you don’t stand a chance.