1 minute read
PREPARING FOR A QUANTUM WORLD
2023 is set to feature an astonishing landscape of change for organisations across the Middle East. Organisations will start to prepare for a quantum world in 2023. During 2022, guidelines and standards were made available for quantum-resistant algorithms, and this means organisations need to start thinking about things like post-quantum cryptography challenges.
While it’s a way off, regulatory groups like NIST and ENISA are urging organisations to start their programmes now to make sure they are prepared.
Our collective attitudes towards the industrial metaverse will begin to shift in 2023. Instead of being seen as something esoteric, we will see wider recognition that its key components—the digital shop floor, used interchangeably as a digital twin by some in combination with supply chain automation and optimisation through AI, ML models—are real and relevant, bringing new cybersecurity challenges with it. And with this new attitude toward the industrial metaverse comes the opportunity to drive a deep technological shift as a business change initiative.
Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorise you to access their accounts.
Multi-Factor Authentication has long been touted as a solution to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA.
Attacks involving data encryption and theft of confidential information are on the rise. There is a growing trend that we believe will intensify in 2023, where we have two extremes. On one side, we have the infamous Ransomware-as-a-Service, in which attackers focus on both encryption and theft of sensitive data.
On the other side, we have extortion groups, like LAPSUS$ and RansomHouse, which breach companies only to exfiltrate sensitive data, without encrypting any files. We believe 2023 will be filled with attacks sourced from RaaS groups and from extortion groups, perhaps even intensifying an Extortion-as-a-Service model.
There has been a significant increase in software supply chain attacks in recent years. As we discover more vulnerabilities in application source code, especially among open-source software, we expect this type of attack to continue growing. This calls to attention a need for organisations to strengthen their measures and strategies for software supply chain security. ë