Hackers will get smarter in 2023, but cybersecurity talent will be harder to find: North Bay experts
Smarter hackers and harder-to-find IT personnel with cyber experience are issues that will continue to confront companies in 2023. But there’s good news, say North Bay cybersecurity experts, with improved system safeguards and practices coming into place.
Soni Lampert, CEO, KHL Consulting in Santa Rosa, noted artificial intelligence is one tool coming into place as a early warning system for data breaches.
Still important will be employee education, policies and procedures, as well as quarterly security training, ongoing phish testing and “access to a help desk where staff can get answers in real time,” Lampert said.
Here’s what’s needed as more and more “internet of things” devices are installed in the workplace, she said.
“It is critical to segment IoT devices appropriately and use unique, complex credentials for each service, coupled with multifactor authentication (MFA) whenever possible in addition to disabling features not in use or required for device operation,” Lampert said.
She added businesses also need to verify the credibility of vendors supplying such devices.
Legacy network re-engineering
Hacker targets are not likely to change in 2023, according to Ed Brinskele, CEO of Vir2us Inc. It’s a Petaluma-based provider of an integrated cybersecurity and AI robotic solutions for zero-vulnerability computing environments.
“Some network infrastructures in use today were designed decades ago when the goal at the time was to establish an open environment so everyone could have access to the internet — but not to keep the bad guys out,” Brinskele said. “Cybersecurity was an afterthought.”
He added, with increasing threats, more small/medium-sized firms should consider adopting a “zero trust” security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Cyber champions in C-suite
Whatever changes in 2023, Brinskele said ransomware will most likely continue to be the No. 1 threat. In response, he suggested cultivating expertise and education efforts among cyber champions, including a chief information security officer in the C-suite.
Mandating complex password changes every six months, employing dual factor authentication and biometric voice recognition while inspecting and validating users going in and out of private networks at all levels will continue to be important.
“Tight security in not just important for small firms, 90% of the Fortune 1000 were hacked last year,” Brinskele said.
Better passwords and authentication
For Jason Herrington, vice president of technology with Rinkor Technology Solutions in Santa Rosa, outdated password use and concurred that lack of MFA heads the list of common concerns remaining important in 2023.
“This is easy to overcome by using a password manager with an MFA password generator,” Herrington said.
Along with email scams and phishing attacks, he said, attempts by outsiders impersonating someone within the business organization are on the rise.
“Network managers must stay on top of new security methods to protect and notify staff of potential external threats,” Herrington said.
And even next year, it remains critical to maintain training.
”Everyone may not be enthusiastic about getting up to speed on cybersecurity protection, but even though training can be expensive, its absence is more costly when a loss occurs,” Herrington said.
Business continuity planning
For 2023, Scott Blumin, principal with Scoja Technology services in San Rafael, recommends preparing a risk management business continuity plan.
“Such plans protect valuable assets including staff, data, customers and the firm’s reputation,” Blumin said. “The key is ensuring that everyone at the business is familiar with the plan and their role(s) in it. IT managers should take time to review the plan with staff at least twice a year.”
Handing that off solely to a vendor or managed service provider, isn’t the only answer because the vendor might be obligated only to do what’s in the agreement.
“Every team needs a strategic IT professional or technology program manager serving as a tech quarterback,” Blumin said. “A person who is aligned with company goals and has technology, security, compliance and business knowledge can ensure that the firm’s infrastructure stays up, on time and within budget, while also offering tech improvement suggestions for senior leadership.”