Photo: © DJC/File
If predictions are correct, then information technology will need take a course that is focused on safeguarding business applications during the course of 2023.In addition, budgets will need to be targeted more carefully. For example, during a time of economic downturn will organisations are likely to reconsider security basics.
Coming up with some predictions for Digital Journal is JP Perez-Etchegoyen, CTOof Onapsis.
The commentator focuses on upcoming cybersecurity trends. Their predictions include the likelihood that attackers will seek out the next Log4j vulnerability and will likely become successful. Moreover, the exploitation of known vulnerabilities will become a leading attack vector. It also stands that threat actors will shift away from ransomware and opt for more discreet methods to monetise.
The exploitation of known vulnerabilities will become a leading attack vector,predicts Perez-Etchegoyen, stating: “While threat actors are constantly on the hunt for new attack vectors, they tend to pay particularly close attention to known vulnerabilities, which provide them with an easy entry point into an enterprise’s network. Research by the Onapsis Research Labs, SAP, and CISA shows that it takes the average organization 97 days to apply a patch, from the time a flaw is identified to the time a patch has been applied, tested, and deployed. At the same time, it takes less than 72 hours for cybercriminals to exploit ERP vulnerabilities after a patch is released.”
This situation is likely to become more complex .Here Perez-Etchegoyen predicts: “Next year, we will continue seeing an increase in exploits against known vulnerabilities, especially those within web-facing applications, as those tend to be very lucrative assets for cybercriminals.”
As to the significance, the analyst says: “Organizations must prepare by equipping themselves with automated vulnerability management tools that can provide them with complete visibility over their IT ecosystem and help them understand each vulnerability’s level of criticality.”
Perez-Etchegoyen also predicts that threat actors will shift away from ransomware and opt for more discreet methods to monetise. He feels: “Ransomware has historically been the primary method of monetizing for threat actors. However, research has revealed a decrease in both ransomware attacks and ransomware payments this past year, suggesting that cybercriminals are evolving their strategies.”
As to what this means, Perez-Etchegoyen elucidates: “Rather than blatantly threatening organizations, threat actors will begin leveraging more discreet techniques to make a profit. Threat groups like Elephant Beetle have proven that cybercriminals can enter business-critical applications and remain undetected for months, even years, while silently siphoning off tens of millions of dollars.”
He concludes: “While ransomware will still be a prominent cyber threat in the coming year, we will see more malicious groups directly targeting ERP applications. Organizations must develop cybersecurity protocols specifically around their business applications to ensure their most critical resources and valuable data are secure.”