Cybersecurity in 2023

Issue 1 2023 Cyber Security

Cybersecurity is a problem for everyone, whether you are in IT, security (including physical security), or even a home user. In the article below, Hi-Tech Security Solutions offers two views from industry players on what to look out for in the cyber world in 2023.

Controlling access

By Lee Smyth, Technical Manager, Gallagher Security, South Africa.

Lee Smyth.

The risk of cybercrime continues to be a major challenge. Hackers are increasingly sophisticated, exploiting new technologies. Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information.

With smartphones, computers, and the internet comprising such a fundamental part of modern life, cybersecurity has never been more important.

Data security includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital.

Data security has always been important, but with more people working from home the internal network boundary increases, and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data, and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data.

Why is data security important?

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure, and reputational damage, all too important to ignore. There have been many well-documented examples of cyber breaches over the years. Targets for cybercriminals have included government computer networks and even countries’ health systems – which have seen hospitals and clinics forced to turn away patients after losing access to computers. Another example of a globally orchestrated event was the 2017 WannaCry ransomware cyberattack, which hit more than 200 000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency.

According to a report issued this year by the World Economic Forum, 93% of cybersecurity experts and 86% of business leaders, believe that there is a heightened risk of a ‘catastrophic cyberattack’ and that that threat is due to the geopolitical turbulence in the world. These are prime examples of why data security matters. A cyber breach can have serious ramifications for organisations – both financially and reputationally.

As technology advances, so too does our interconnectivity between devices, networks, and systems. Each new thing connected to your platform or network is a potential vulnerability – your system is only as strong as the weakest device. It is imperative the technology and risk correlate.

It is clear that the IoT now possesses a significant threat. With more and more things connected to the internal network, there are numerous external threats to consider. External threats such as access control systems; building management systems, e.g. lighting and heating control, air conditioning, room booking services, and fire; systems for parking, surveillance, and perimeter; and the list goes on.

Security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the information security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber risk

A cyber breach of your security system could have far-reaching consequences. There are six critical success factors for high-security solutions.

First, encryption and authentication are key. Potential cybersecurity risks can be reduced through end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks, and encryption and authentication must be built into all aspects of a security system.

Second, government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

Third, security systems should be simple to operate, while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

Fourth, it is important that your controllers and readers are secure. Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks.

Fifth, auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

Finally, you need to ensure your system is configured to mitigate security threats. Hardening is the review of every system component looking for possible weaknesses that could enable an attacker.

Gallagher provides hardening guides for its Command Centre, Controller 6000, and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies, and the impacts of legacy hardware.

At Gallagher, our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber threat landscape.

Focusing on the cybersecurity world

By Monique Hart, Lead Solutions Engineer at VMware.

Monique Hart.

What should we expect from the well-funded and highly skilled cyber-criminal organisations in 2023, who are they targeting, and how do we protect ourselves against these sophisticated attacks?

Whatever industry we operate in, no matter the size of an organisation, we are all running in the same race – the race to ensure that we are at the forefront of operating as efficiently as possible against cyberattacks and potential threats. We are undoubtedly facing an expanded threat landscape with advanced technology and cybercrime, all of which we are exposed to daily due to changing work environments, open working options, and the Internet of Things. The list goes on as we evolve and become more connected.

There is no sign of attackers slowing down in the future. According to cyberattack statistics, “Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 at a growth rate of 15% year over year.”

In 2022, 82% of breaches involved the human element, indicating that human error will be at the forefront of exposure to highly skilled cybercrime as cybercriminals start turning to phishing and targeted social engineering to launch their attacks.

High-risk organisations

Healthcare organisations: Due to the large amount of very sensitive patient information they hold, they are a target for cybercriminals, as the data can be used for nefarious activities.

Government/public sector: Many government data breaches are the result of theft for financial gain or espionage. Malicious actors can conduct attacks against government databases to obtain strategic information, such as national security information.

Financial institutions, banks and investment firms: These organisations are another major target for cybercriminals. Organisations such as these hold abundant financial data that can be used to commit either fraud or theft.

Retail businesses: Hold a lot of customer data, such as credit card numbers and contact information. Again, this data can be used for malicious intent, including selling it on the dark web.

Educational institutions: Hold a lot of sensitive data, including student and faculty records, financial information, and research data.

Simplify, secure, and scale

All the information being stored in these different sectors can be very useful to cybercriminals. What becomes important to consider is not just who is targeted, but how? Security is never a single-point solution; various areas in an organisation must be protected, such as the network, endpoints, workloads, devices, data, and applications.

Securing your organisation needs to be a first thought, not an afterthought, which is usually when more significant mistakes get made as not enough time is put into the plan due to panic buying. Educating users is becoming an essential factor in minimising breaches.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Insights from the 2023 Cloud Security Report
News Cyber Security
Increased costs, compliance requirements, hybrid and multi-cloud complexities, reduced visibility, and a lack of skilled practitioners cause organisations to slow or adjust their cloud adoption strategies.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Cyber Security News Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

Veeam finds 93% of cyberattacks target backup storage
Cyber Security
Veeam unveils the results of its 2023 Ransomware Trends Report, showing cyber insurance is becoming too expensive and 21% of organisations are unable to recover their data after paying the ransom.

Cybersecurity providers must first protect themselves
Cyber Security
In a joint advisory released by cybersecurity agencies across the United States, UK, Australia, Canada and New Zealand, managed security service providers (MSSPs) have been warned of a sharp increase in cyberattacks targeting their systems.

Improved security health check tool
Gallagher Access Control & Identity Management Products
Gallagher Security has streamlined its free Security Health Check tool, making it easier than ever to protect against potential system risks and improve business efficiencies.

From the editor's desk: Get Smart
Technews Publishing News
Welcome to the fourth issue of Hi-Tech Security Solutions for 2023, which is also the first issue of Smart Security Solutions. As noted in previous issues, Hi-Tech Security Solutions has been rebranded to Smart Security Solutions.

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.