Over the next decade, cybersecurity risks will become more difficult to assess and interpret due to the increasing complexity of the threat landscape, the adversary ecosystem and the expanding attack surface.
The European Cybersecurity Agency (ENISA), with the support of the European Commission, has just published its 8th annual report on the state of the cyber threat. Entitled ENISA Threat Landscape 2020 , it identifies and assesses the main cyberthreats for the period January 2019 to April 2020. The ETL 2020 report is comprehensive, partly strategic and partly technical, with relevant information for technical and non-technical readers. . It is divided into 22 sub-reports which deal with different aspects of the cyber year.
Among the findings, ENISA confirms that the outbreak of the pandemic at the start of the year constitutes a new frontier between the old and the new in terms of cyber threats. “Due to the current Covid-19 pandemic, we are entering the decade with a new normal and profound changes in the physical world and cyberspace. With distancing or confinement, the public will tend to use the virtual space to communicate, build relationships and socialize. This new standard will introduce new challenges throughout the digital value chain and, in particular, in the cybersecurity sector ”, summarizes the report.
New cyber risk governance strategies aruba accp
This new situation will only add to the difficulty of protecting oneself, believes the European cybersecurity agency. With increasingly sophisticated, targeted and stealthy cyberattacks, assessing risk becomes a challenge. Indeed, with the increasing diversity and complexity of technologies, there are too many variables to take into account to make cyber risk management effective. Another aggravating factor is the sophistication of the tools, tactics, techniques and procedures used by cybercriminals to carry out their attacks. Malicious actors adapt and adjust them to their victim's environment as needed and collaborate with each other to achieve their goals.
This results in increased difficulty in putting in place an effective cyber risk governance strategy. Thus, defining a defensive position, assessing risk, managing data, applying relevant measures now pose more questions than they answer. “New approaches will be needed over the next decade to move away from silo analysis and move closer to a typical matrix of interconnected factors, variables and conditions,” the report explains. This poses a significant challenge for many organizations attempting to protect their infrastructure, operations, and data from adversaries who are well-resourced and equipped and increasingly trained in cybersecurity guerrilla warfare.
The ten challenges of cybersecurity in the next decade
1.Address systemic and complex risks
Cyber risk is characterized by the speed and extent of its spread as well as by the potential intent of the threat actors. The interconnection of different systems and networks allows attacks to spread quickly and widely, making risks more difficult to assess and mitigate.
2.Generalization of the detection of antagonistic AI
Detecting threats that leverage AI to launch an attack or avoid detection will be a major challenge for the future of cyber defense systems.
3.Reduction of unintentional errors
With the growing number of systems and devices connected to the network, unintentional errors continue to be one of the most exploited vulnerabilities in cybersecurity incidents. New solutions to reduce these errors will make a significant contribution to reducing the number of incidents.
4.Supply chain and third-party threats
The diverse supply chain that characterizes the tech industry today offers new opportunities for threat actors to take advantage of these complex systems and exploit the multiple vulnerabilities introduced by a heterogeneous ecosystem of third-party vendors.
5.Security orchestration and automation
Cyber threat intelligence and behavioral analysis will become increasingly important with the automation of processes and analysis. Investing in automation and orchestration will enable cybersecurity professionals to invest in the design of strong cybersecurity strategies.
6.Reduction of false positives
This long-awaited promise is essential for the future of the cybersecurity industry and for combating the boredom of rising false alarms.
7.Zero-trust security strategies
Faced with increasing pressure on IT systems by new business requirements, such as remote working, the digitalization of the business model and the spread of data, the zero-trust strategy is seen by many decision-makers as the solution. de facto to secure corporate assets.
8.Enterprise cloud configuration errors
As many companies migrate their data to cloud-based solutions, the number of configuration errors will increase, exposing the data to a potential breach. Cloud service providers will tackle the problem by setting up systems that automatically identify these types of errors.
9.Hybrid threats
Cybercriminals are adopting new modus operandi increasing threats in the virtual and physical world. The spread of disinformation or fake news, for example, are key parts of the hybrid threat landscape. EUvsDisinfo is a flagship project of the European External Action Service's Task Force East StratCom, created to address the threat of disinformation.
10.The appeal of the cloud
infrastructure as a target will increase the threat. The growing dependence on public cloud infrastructure will increase the risk of outages. Misconfiguration of cloud resources remains the root cause of attacks in the cloud, but attacks directly targeting cloud service providers are increasingly popular among hackers.
No comments:
Post a Comment