Skip to main content

The Cyber Threat Landscape for 2023 - Threat Analysis

The Cyber Threat Landscape for 2023 - Threat Analysis

14th March 2023

A recent paper issued by Gartner has gone some way to predict Cybersecurity Focus for 2023. I think this is a brave call to effectively "predict" future Threat trends in the ever fluid Cybersecurity industry, so I have thoroughly examined the article and have gone some to analyse their Threat profile. My findings are that Gartner are more in touch with the current and developing Threat landscape than may of their peers who have not gone far enough to explain the omni-present threat facing businesses as we sweep into 2023.

The Gartner paper - Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. Constructed brilliantly by lead Deepti Gopal with Leigh McMullen opens with the fact that Organisations in the past have developed their cybersecurity program to address the ebbs and flows of regulatory changes, business decisions, and customer demands and threats. Modern cybersecurity leaders will use a human-centric design to strengthen their program and optimize human potential.

Predicts 2023 outlines the Key Findings of the report and then goes on to outline the Recommendations from the Findings.

Key Findings
  • Burnout has made its way into the cybersecurity industry, but little is being done to address the attrition that it causes.
  • Insider threat management is not a focus area for most organizations unless they are highly regulated.
  • Digital risk protection services (DRPS) are becoming more relevant today as the human element continues to be an effective vector for malicious actors.
  • The cybersecurity industry has taken limited action to reduce cybersecurity process friction and improve user experience. 
  • Poor strategic implementation of topics like Zero Trust stops organizations from developing a positive security culture.

Recommendations

To design a human-centric cybersecurity program:
  • Use human error as a key indicator of cybersecurity-process-related fatigue within the organisation, as stress and burnout have a direct impact on the quality of decision making.
  • Develop an insider risk management program with the support of senior leadership, but also include the human resources and legal teams.
  • Augment human-centric decision making using an artificial intelligence (AI) recommendation engine that can detect deepfakes and misinformation.
  • Evaluate the human factors impacting cybersecurity control effectiveness in addition to the technology when designing and implementing controls.
  • Exercise caution when discussing zero trust outside of the security team. Misinterpretations of the meaning can damage employee trust in and acceptance of the security program. Learn More /...

Iain Fraser - Geopolitical & Cybersecurity Journalist

With thanks to Deepti Gopal, Leigh McMullen, Andrew Walls, Richard Addiscott, Paul Furtado, Craig Porter, Oscar Isaka, Charlie Winckless
Labels:
Location: Gibraltar

Comments

Post a Comment

Popular posts from this blog

CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...
Post a Comment
Learn More »

EUROPOL: International operation closes down Piilopuoti dark web marketplace

EUROPOL: International operation closes down Piilopuoti dark web marketplace  Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar - PRWire Channel IainFraser.net/PRWire Thursday 21st September 2023 In a significant victory against dark web criminals, the Finnish Customs (Tulli), together with European partners, has successfully taken down the dark web marketplace ‘Piilopuoti’.  Drugs and other illegal commodities were sold in large quantities on this Finnish-language platform which had been operating on the Onion Router (Tor) network since May 2022.  This successful action by the Finnish Customs was supported, among others, by the German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinÄ—s policijos biuras). Europol’s European Cybercrime Centre coordinated the international activity and provided operational support and technical expertise.  The investigation is still ongoing as law enforcement worldwi...
Post a Comment
Learn More »

CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...
Post a Comment
Learn More »