2022: The Year in Review & Looking Forward to 2023

It is crucial to review your security posture and business recovery and continuity plans to ensure your infrastructure is resilient. Prevention is always the best approach to defense. As your first line of defense, your employees need to be educated accordingly so they are cautious whenever they get suspicious emails, SMS messages or phone calls, and can help spot any attack about to happen and escalate that to your IT security department. This, complemented by a dedicated Threat Detection, Prevention and Response (EPP, EDR, and MTD) solution to protect all your endpoints (mobile devices, desktop computers, back-end servers) will offer a great defense against such threats.

With the rise of quantum computing, the security of our communications, using traditional encryption techniques, is at risk. And since this technology is only in the hands of a handful of states, it might not take long before we start seeing some state-sponsored actors break into VPN networks to intercept and listen to supposedly secure communications.

To address that issue and ensure secure communications will remain secure and “quantum-resistant,” a new method of encryption called quantum cryptography, also using the properties of quantum mechanics, is being developed. There are currently two different approaches taken. The first one is a hardware-based approach called Quantum Key Distribution (QKD), relying on physics to provide secure communication without undetected interception, using dedicated communication links; the second one is a software approach called Post-Quantum Cryptography (PQC), relying on mathematics to deliver new cryptographic algorithms able keep communications secure against both conventional and quantum computers, using existing communication protocols and networks.

With costs increasing across the board, and an overrising number of cyberattacks to be expected, corporations will also need to work more efficiently to keep their business running and protected from malicious actors. And this does not necessarily mean spend more, but spend better, and even save costs where they can. One option is remote working, which has been experienced by almost every company during the COVID pandemic, and helps in many situations, like finding the right candidate for a specific position without any geographical limitation. Also make sure internally that the right people are in the right place, which is reviewing everyone’s position, roles and responsibilities and adjusting if needed. Also, it is paramount to keep your corporation secure and safe from attack, so take the opportunity to review all your IT contracts and try to consolidate them, when possible (use more products from less different vendors), as this will translate into a lower cost as well as ease of use.

With mobile devices being used by virtually everyone, for everything, at any time, it is no surprise they will also become the new target for hackers, as they can, from one point, access not only all of our private data, from pictures, emails, instant messages, documents, banking information, credit cards, but also corporate data and documents if used for such purpose.

Corporations need to be prepared for that eventuality and make sure that they can prevent these attacks by first using a Mobile Threat Detection (MTD) on all devices, that will allow to block malware infections, check mobile apps integrity, detect unsecure network connections and prevent phishing attacks (ex: using SMS messages) and this on all personal and corporate-owned devices whenever business data or documents are being processed from and stored on. Second, they to ensure all data stored on these devices is protected using device encryption (hardware if available) and enforce basic security measures like password, biometrics… using a Unified Endpoint Management (UEM) solution. Third, for BYOD devices that belongs to employees, and where corporate aps will reside side by side with private apps, an extra layer of security can be achieved by using a Data Leakage Prevention (DLP) solution that allows to completely isolate that data from the device and rest of apps, like putting it into a separate safe, and so prevent any accidental or intentional data exfiltration.

To illustrate how security posture needs to be adapted as organizations change and mature, ISEC7 has developed the Security Maturity Model which breaks down the various factors upon which cybersecurity is predicated - such as the number of employees, how the environment is deployed, potential attacks and attack vectors, and the type of devices used in the ecosystem, among others. Please feel free to contact the team at ISEC7 for more information on our Security Maturity Model (you can also refer to our first and second blog posts breaking down the components of the Security Maturity Model).

As we have said before, there is no one-size-fits-all solution that will work for every organization. The best solutions are ones that tackle your organization’s specific needs. The team at ISEC7 can perform a security assessment and determine which solutions and products can best address your unique environment, so that you can head into 2023 feeling confident and secure in your infrastructure.

(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group