2nd Edition

Tracking the trends and news for IT and IT Security

Paul

4 Key Security Trends for 2023

cropped-cdm-logo-2019-1-300x300.png 4 Key Security Trends for 2023>
Cyber Defense Magazine – Jonathan Lee
HEAT attacks Throughout the last year, The Menlo Labs team has been tracking a distinct and notable rise in Highly Evasive Adaptive Threat (HEAT) techniques – a class of cyber threats that have been tailored to evade protective tools such as firewalls, secure web gateways, malware analysis including sandboxing, URL reputation and phishing detection technologies.

Indeed, Menlo Labs identified a 224% increase in 2021, and we’re expecting a similarly alarming increase this year as attackers have further evolved their attack methods. If firms continue to lean heavily on traditional detect and respond security techniques, attackers will find success in HEAT-based endeavours.

Basic security failures … the Uber breach also showed multi-factor authentication (MFA) push notifications to be exploitable, causing widespread concern and a demand for the use of FIDO2 passkeys and hardware tokens in replace of passwords. This is something we might begin to see gather momentum in 2023. However, it will take a lot of work to implement it on a widespread basis, and even then, we foresee attackers simply finding the next weakest link in the chain. Browser-based attacks The third trend we see accelerating through 2023 is browser-based attacks. Undoubtedly the biggest attack surface available for threat actors to exploit today, it is critical that the security sector takes greater steps to protect this space.

Indeed, several vendors are already looking at ways to add security controls directly inside the browser, moving away from traditional methods of improving protection with a separate endpoint agent or via the network edge where firewalls or secure web gateways are used.

One size doesn’t fit all Recent reports from Gartner have suggested that many organisations are pursuing strategies focused on security vendor consolidation, cutting the number of providers they are working with for their security needs. This has been particularly prevalent in more complicated arenas such as secure access service edge (SASE) and extended detection and response (XDR).

The motivation is less cost focused, and more about reducing complexity and improving risk management abilities
Link: https://www.cyberdefensemagazine.com/4-key-security-trends-for-2023/

Categories:

Tags: