Welcome to 2023! Whether it’s in our personal lives with New Year resolutions, or in our professional lives with new budgets and annual plans, January is a time of change. We may have been planning this change for several months, but the turning of the calendar flips us from planning mode to execution mode. We at Clare Computer Solutions have got some exciting plans for 2023 and look forward to sharing them with you throughout the year.
With the technology industry being inherently dynamic, it can often be challenging for professionals like yourselves to keep up with the changes that impact your business – after all, you’re focused on your area of expertise. To help you get the year started right, we wanted to share an overview of the key security trends you need to address to protect your business while enabling it to grow.
The Basics Haven’t Changed
The core elements of protecting your business against cybercriminals remain the same:
- Protect against attacks
- Detect when attacks occur
- Remediate after an attack
The standard attacks we confronted in 2022 will be with us again in 2023, including ransomware, phishing attacks, and other malware attacks. Unfortunately, the criminals behind these attacks will continue to improve their “products” – making their attacks more sophisticated and designing them to circumvent last year’s newest protection mechanisms.
Protecting against these updated attacks will require updated security tools. The best solutions will combine hardware and software security features to make it harder for malware to gain a foothold. In addition to making sure you have the latest software, you’ll want to also refresh older hardware that doesn’t include newer hardware security capabilities. Many of these hardware security features are automatically used by the latest versions of Windows to make the PC more resistant to attack, but when running on older hardware Windows can’t utilize these newer security features that you’ve paid for.
Detecting these new attacks will require staying up to date. Security software vendors continue to incorporate artificial intelligence technology to detect new malware variations and attack methods. AI’s ability to detect patterns of general behavior rather than looking for specific known signatures will dramatically improve the ability to detect new, previously unknown attacks. AI will also be integrated into Endpoint Detection and Response (EDR) tools, allowing them to stay ahead of ever-adapting malware and better detect attacks as well as respond automatically to blunt attacks and prevent the attack from spreading.
Remediating security attacks remains the most critical element for business continuity. The unfortunate reality is that 60% of small businesses end up filing for bankruptcy after a cyberattack. If you aren’t investing in post-attack recovery, the odds are stacked against you. The good news is that advances in backup and restoration technology have made it much easier to protect your business and turn what could be a bankruptcy event into a minor operational hiccup. A little bit of investment here goes a long way.
The Top Focus for 2023 – Cloud Security
While there are many areas that need extra attention and security in 2023, the top priority for almost every business is cloud security. With more and more of your business depending on cloud services for day-to-day operations, the impact of an attack against your resources in the cloud can be devastating.
Your highest priority should be securing login credentials for cloud services. Those credentials are the “keys to the kingdom” and if compromised, allow attackers access to not only your data but also configurations and settings. We recently discussed one company that learned this the hard way. The attackers gained access to a single Office365 login credential and from that account, they were able to gain access to the domain name registry account and transfer control of the company’s internet domain. Email, website, and other services were cut off and held for a seven-figure ransom.
In today’s environment, it can be difficult to even count the number of different cloud services your company relies on. Email, web presence, video conferencing, collaboration, data backup, accounting, purchasing, and human resources are likely just a few of the cloud services your business relies on for day-to-day operations. Each service has its own login credentials that must be protected.
Do not reuse passwords! When hackers discover one valid password, they will immediately test that password at other sites. When passwords are reused, one stolen password can unlock dozens of services. If passwords are unique, hackers have only gained access to one cloud account – helping you to limit the damage.
Humans are not good at remembering complex, unique passwords…but computers are great at this. Use password managers to ensure unique, hard-to-crack passwords are consistently used throughout your company. These not only ensure better security, they also make the login process easier for your employees. Modern password managers will also check databases of breaches and let you know when one of your passwords has been posted to the dark net and prompt you to change it.
Use a quality multi-factor authentication (MFA) solution. In October, we discussed several key features MFA implementations must have to defend against attackers. Not all MFA implementations are the same, so it’s important to do some research. If your cloud service doesn’t offer these latest features, consider switching to a different service or implementing extra security procedures to protect your business.
Most importantly, train your employees. Help them understand the importance of credential security. Teach them how to use password managers effectively to increase both productivity and security. Educate them on the latest phishing methods, MFA Bombing, and other efforts to trick employees into helping the attackers. Ensure they know how to quickly report suspicious behavior or even accidental compromises. The sooner your employees notify IT, the more options IT has to minimize the impact.
Make 2023 the Year of Action
The good news for 2023 is that the tools and resources to manage and mitigate security risks to your business are available. Rather than having to deploy brand-new solutions, most of these tools and resources are improvements to existing products. If you’ve been upgrading your security technology annually, your actions in 2023 will be familiar and straightforward.
If you’ve allowed your security solutions to lag the past few years while you focused on your response to the pandemic, now is the time to close the gap. Make it your New Year resolution to perform a security risk assessment as soon as possible. Once you’ve identified the highest risk areas, put a plan in place to address those areas immediately while also addressing the other areas over the course of the year.
Either way, you have invested a tremendous amount of time, effort, and resources to build your business up to where it is today. Make sure you invest in 2023 to protect what you’ve built up and ensure it’s still there in 2024.