Sophisticated cyber attacks present security leaders with stressful, career-defining challenges as the constantly changing business landscape creates new opportunities and new risks. Getting out ahead of these risks can feel like an increasingly daunting task, but it’s one that Chief Information Security Officers (CISOs) must undertake if they are to protect their organization’s critical data assets and IT systems.
With 2023 under way, it’s clear that CISOs will need to prioritize addressing several key risks in their cybersecurity strategies this year, including:
1. The rise of Ransomware as a Service.
Traditionally the preserve of large criminal organizations, there has been a decisive shift, with smaller organizations beginning to dominate the space. This is largely the result of the increased availability  of Ransomware as a Service (RaaS) toolkits that enable relatively unskilled threat actors to launch effective attacks. “The majority of threat actors today use RaaS,” says Kristan Ruona, Hitachi Vantara’s Senior Solution Marketing Manager, Data Protection and Cyber Resiliency. “This is leading to an increase in the number of ransomware incidents, while at the same time hindering the fight against ransomware because even if [RaaS] developers get caught, [their] affiliates can still carry on with their criminal activity – and vice versa.” RaaS means that CISOs are coming under fire from a greater number of attackers using a wide array of tactics.
2. Supply-chain vulnerabilities.
The days when enterprises needed only to consider their own technology and assets are long gone. An increasing number of attacks result from vulnerabilities within businesses’ supply chains. The consequences can be catastrophic, as evidenced by the SolarWinds hack, which affected thousands of businesses downstream, including the US government. Despite the danger, figures from the UK’s Department for Digital, Culture, Media & Sport (DCMS) suggest that just 13% of businesses review the risks  posed by their immediate suppliers, and the proportion for the wider supply chain is nearly half that figure (7%).
3. Increasing volume and variety of attacks.
Could 2023 be one of the worst years yet for malware? Increasing geopolitical tension could lead to an uptick in cyber attacks being introduced by nation states, or groups linked to nation states, to either bring down IT systems or exfiltrate data for corporate espionage. Meanwhile, AI is providing criminals with a range of new tools to make phishing and social engineering attacks more effective by mimicking the style of friends, family, and colleagues in attacks. Given that phishing volumes are increasing rapidly, it’s also more likely than ever that malware will be introduced to corporate systems.
4. Increase in zero-day attacks.
As businesses integrate increasing amounts of software in their businesses, the potential for zero-day exploits increases. This is because the more software you have on the market, the greater the potential for software with flaws that criminals can exploit.
Across all these trends, the key takeaway is that adaptation is crucial to an effective threat posture. CISOs need to put in place a cyber-resilience capability that can respond to changing threats no matter where these are focused on the hybrid IT estate.
What’s needed now is complete and flexible protection and resilience. For Hitachi Vantara, protection against security threats means augmenting current systems, building layer upon layer of protection that integrates with existing protection. The aim should be to not only prepare and backup for recovery, but also to ensure that business-critical applications can continue to operate throughout an attack.
Ruona adds: “Data Protection and Cyber Resiliency Solutions from Hitachi Vantara provide the fast and cost-effective protection and recovery tools needed to complement existing data protection and keep businesses operating in the face of ransomware attacks and disasters. “Designed specifically with hybrid cloud storage environments in mind, solutions translate into efficiency, savings, and ease-of-planning.”
Hitachi Vantara’s vision for enterprise security is one which promises to allay the worst of CISOs’ fears around cyberattacks and ensure they can continue to leverage cloud-based operating models with confidence. For more information on Hitachi Vantara’s approach to ransomware threat mitigation.