According to Anton Shipulin, Industrial Cybersecurity Evangelist, Nozomi Networks, often, cybersecurity is an afterthought as traditional cybersecurity solutions can’t keep pace with the growing number of smart devices
Tell us about the cybersecurity trends for 2023.
In 2023, we can expect:
- Hybrid threat tactics – the lines that once categorized diverse types of threat actors have blurred, which could significantly change the threat actor landscape. For example, November’s Continental ransomware attack was launched by hacktivists who used nation-state tactics to cause physical disruption to railroads. Meanwhile, nation-state threat actors have been leveraging cyber-criminal tactics, such as ransomware, to cause disruption in critical environments. It will become increasingly difficult to categorize threat groups based on TTPs and motives, which have aided in attribution efforts in the past.
- Quantum cybersecurity threats – as threat actors use the “store now, decrypt later” (SNDL) technique in preparation for quantum decryption, governments are taking steps to defend against this future threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its post-quantum cryptography initiative on July 6, 2022, to prepare and safeguard critical infrastructure companies during this transition. As CISA rolls out this guidance, more companies will shift their focus to safeguarding their data now to reduce the risks of quantum decryption later.
- The medical device exploits – many medical devices are susceptible to cyberattacks due to the fact that the legacy systems they are using are no longer being manufactured and/or the software no longer supported. Threat actors use scanners and other types of tools to identify and exploit vulnerabilities in these devices and perform manipulative tactics or even launch cyberattacks. Apart from using scanners to exploit vulnerabilities, threat actors can access medical systems used to aggregate device data for broader analysis and monitoring. This manipulation could lead to malfunctions, misreadings, or even overdoses in the automatic release of medication.
- Cyber insurance inflection point – while cyber insurance is an important part of a comprehensive cybersecurity strategy, cybercriminals are conducting reconnaissance on cyber insurance policies and tailoring their ransom requests to match the amount of a cyber insurance payout. This could either cause premiums to significantly increase, or even dry out cyber insurance resources, making it more difficult to file serious claims and receive payouts. Cyber insurance is not a cure for cyberattacks; in fact, it could motivate cybercriminals. Companies should invest in cyber prevention, protection, and remediation as a first line of defense.
What is the theme of your participation at GISEC 2023?
We will demonstrate how our extensive suite of leading OT and IoT security solutions can be leveraged to protect critical infrastructure, industrial networks, and government organizations from cyber threats, all while maximizing operational resilience.
Which products and solutions will you be showcasing at GISEC 2023?
We will be showcasing our entire suite of IT, OT, and IoT solutions, but this year, we are extremely excited to introduce the newest member of our product portfolio, Nozomi Arc, to our GISEC lineup. Nozomi Arc is our first endpoint security sensor for OT that complements Guardian and Vantage deployments with more visibility into a host’s attack surfaces and anomalies, to give a more detailed view of your complete OT/ICS environment. It improves operational resiliency by significantly extending visibility across endpoint attack surfaces, dramatically reducing security threats, and speeding deployments across all assets and sites.
How are you equipped to help companies overcome digital security and privacy challenges?
Often, cybersecurity is an afterthought as traditional cybersecurity solutions can’t keep pace with the growing number of smart devices and vast volumes of sensitive data that are a part of or connected to critical infrastructure. As an example, many of the IoT and OT devices in municipal infrastructure lack even basic cybersecurity features and are essentially not visible to traditional IT cybersecurity programs.
Furthermore, growing compliance requirements and competing compliance frameworks increase pressure to achieve sound technology governance. Failing to protect these environments can result in identity theft, consumer data breach, delay or failure of critical services such as power or transportation, costly ransomware attacks, and safety risks such as compromised water supplies. Protecting customer data and providing reliable city services is paramount in the face of the cyber threats smart cities must confront.
These types of environments need help in various phases of the security lifecycle across all their services and deployments. Bringing these together in a comprehensive platform can deliver new levels of efficiency and automation to cybersecurity teams. Nozomi Networks breakdown the incident lifecycle into three phases that align with various admin tasks and security processes: Anticipate, Diagnose, and Respond.
The first phase of cybersecurity maturity is understanding what is on the network and anticipating where risks may arise, such as known vulnerabilities in unpatched systems and devices. Nozomi Networks provides visibility to all your endpoints with deep data collection that can expose vulnerabilities and highlight where to focus risk management efforts before the attack. Visualizing device connections and traffic patterns can also facilitate incident response and compliance efforts.
Nozomi Networks applies its artificial intelligence/machine learning (AI/ML) engine to deliver industry-leading insights and analytics. Our threat intelligence data stays up to date with signatures and indicators of compromise (IOC) from the latest attacks and ransomware trends.
When it’s time to respond to a security breach or a process control issue, you need actionable intelligence to address the problem with the minimum cost and impact on your operations. Nozomi Networks gives you all the information and insight right at your fingertips to remediate issues, dive into further research, and guide or coordinate an appropriate response.
The Nozomi platform aggregates an enormous amount of data from devices and network traffic across the organization with our elastic cloud offering, Vantage. Making this data available, useful, and accessible from a number of different angles is the power of the platform’s user interface design, alert dashboards, query capabilities, and forensic tools.
Is there a skills gap in the cybersecurity industry? What needs to be done in order to bridge that gap?
Yes, there is a skills gap and proper awareness (and consequently training) is necessary to shrink that gap. Cybersecurity isn’t just limited to professionals already in tech and IT security roles – it is important to break those assumptions around the industry and start educating people. Schoolchildren should know that there is a cybersecurity industry waiting for them when they graduate and the IT curriculum should include cybersecurity education from the very beginning.
Organizations can invest in training courses to upskill and reskill their employees. Governments can hold interactive cybersecurity campaigns for the general population. There are different ways to discover, nurture, and encourage hidden cybersecurity talent in individuals – it is all about providing opportunities to find them.