printer friendly version

Cybersecurity in 2023

Cybersecurity is a problem for everyone, whether you are in IT, security (including physical security), or even a home user. In the article below, Hi-Tech Security Solutions offers two views from industry players on what to look out for in the cyber world in 2023.

Controlling access

By Lee Smyth, Technical Manager, Gallagher Security, South Africa.

Lee Smyth.

The risk of cybercrime continues to be a major challenge. Hackers are increasingly sophisticated, exploiting new technologies. Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information.

With smartphones, computers, and the internet comprising such a fundamental part of modern life, cybersecurity has never been more important.

Data security includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital.

Data security has always been important, but with more people working from home the internal network boundary increases, and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data, and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data.

Why is data security important?

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure, and reputational damage, all too important to ignore. There have been many well-documented examples of cyber breaches over the years. Targets for cybercriminals have included government computer networks and even countries’ health systems – which have seen hospitals and clinics forced to turn away patients after losing access to computers. Another example of a globally orchestrated event was the 2017 WannaCry ransomware cyberattack, which hit more than 200 000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency.

According to a report issued this year by the World Economic Forum, 93% of cybersecurity experts and 86% of business leaders, believe that there is a heightened risk of a ‘catastrophic cyberattack’ and that that threat is due to the geopolitical turbulence in the world. These are prime examples of why data security matters. A cyber breach can have serious ramifications for organisations – both financially and reputationally.

As technology advances, so too does our interconnectivity between devices, networks, and systems. Each new thing connected to your platform or network is a potential vulnerability – your system is only as strong as the weakest device. It is imperative the technology and risk correlate.

It is clear that the IoT now possesses a significant threat. With more and more things connected to the internal network, there are numerous external threats to consider. External threats such as access control systems; building management systems, e.g. lighting and heating control, air conditioning, room booking services, and fire; systems for parking, surveillance, and perimeter; and the list goes on.

Security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the information security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber risk

A cyber breach of your security system could have far-reaching consequences. There are six critical success factors for high-security solutions.

First, encryption and authentication are key. Potential cybersecurity risks can be reduced through end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks, and encryption and authentication must be built into all aspects of a security system.

Second, government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

Third, security systems should be simple to operate, while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

Fourth, it is important that your controllers and readers are secure. Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks.

Fifth, auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

Finally, you need to ensure your system is configured to mitigate security threats. Hardening is the review of every system component looking for possible weaknesses that could enable an attacker.

Gallagher provides hardening guides for its Command Centre, Controller 6000, and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies, and the impacts of legacy hardware.

At Gallagher, our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber threat landscape.

Focusing on the cybersecurity world

By Monique Hart, Lead Solutions Engineer at VMware.

Monique Hart.

What should we expect from the well-funded and highly skilled cyber-criminal organisations in 2023, who are they targeting, and how do we protect ourselves against these sophisticated attacks?

Whatever industry we operate in, no matter the size of an organisation, we are all running in the same race – the race to ensure that we are at the forefront of operating as efficiently as possible against cyberattacks and potential threats. We are undoubtedly facing an expanded threat landscape with advanced technology and cybercrime, all of which we are exposed to daily due to changing work environments, open working options, and the Internet of Things. The list goes on as we evolve and become more connected.

There is no sign of attackers slowing down in the future. According to cyberattack statistics, “Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 at a growth rate of 15% year over year.”

In 2022, 82% of breaches involved the human element, indicating that human error will be at the forefront of exposure to highly skilled cybercrime as cybercriminals start turning to phishing and targeted social engineering to launch their attacks.

High-risk organisations

• Healthcare organisations: Due to the large amount of very sensitive patient information they hold, they are a target for cybercriminals, as the data can be used for nefarious activities.

• Government/public sector: Many government data breaches are the result of theft for financial gain or espionage. Malicious actors can conduct attacks against government databases to obtain strategic information, such as national security information.

• Financial institutions, banks and investment firms: These organisations are another major target for cybercriminals. Organisations such as these hold abundant financial data that can be used to commit either fraud or theft.

• Retail businesses: Hold a lot of customer data, such as credit card numbers and contact information. Again, this data can be used for malicious intent, including selling it on the dark web.

• Educational institutions: Hold a lot of sensitive data, including student and faculty records, financial information, and research data.

Simplify, secure, and scale

All the information being stored in these different sectors can be very useful to cybercriminals. What becomes important to consider is not just who is targeted, but how? Security is never a single-point solution; various areas in an organisation must be protected, such as the network, endpoints, workloads, devices, data, and applications.

Securing your organisation needs to be a first thought, not an afterthought, which is usually when more significant mistakes get made as not enough time is put into the plan due to panic buying. Educating users is becoming an essential factor in minimising breaches.

Share this article:

Further reading: