2023 will be the year in cybersecurity to be mindful of internal threats

The proliferation of technologies such as artificial intelligence, automation, and machine learning, coupled with the acceleration of digitalization, has made cybersecurity a higher priority for businesses. Research has shown that the share of security breaches caused by ransomware has increased by 41 percent in 2022.

The spread of digitalization to all levels of the business world and the fact that many business processes can be carried out in the digital environment from cloud platforms have brought about an increase in cyber security vulnerabilities. As the threat surface has grown, attacks have become more complex and difficult to detect. A report on the costs of data breaches found that the share of ransomware breaches increased by 41 percent in 2022, and it took 49 days longer to detect a ransomware breach. Established in 2017 to provide consultancy, service and support services to businesses on information security, InfinitumIT evaluated the 2023 cyber security trends at the 2022-2023 Year-End Vision Meeting held throughout the company.

Emphasizing that four basic headings will shape cyber security in 2023, InfinitumIT Founder Gökhan Yüceler said, “The employees authorized to access the company network, that is, corporate footprints expressed as the attack surface, threats from different inventory types and threats originating from cloud computing 2023' It will be talked about often," he said.

NEARLY ALL CYBER SECURITY PROBLEMS ARE CAUSED BY HUMAN ERRORS

Stating that almost all (95 percent) of cyber security problems are caused by human errors, Gökhan Yüceler said, “The fact that the workforce adopts remote or hybrid working models makes internal threats more risky. Throughout 2022, we observed that internal threats were not adequately audited. 2023 will be a year in which the need for threat intelligence services will increase in order to prevent employee-based threats. Employee-caused threats are becoming more costly and harder to detect. Although virtual private network (VPN) technologies are used for secure remote access, technologies used by cyber attackers and proactive attack methods developed against defensive measures vary. In this case, businesses need to test their network security with regular tests, pay attention to employee awareness and measure the functionality of their cyber security investments. As InfinitumIT, we step in at this point and offer businesses the opportunity to evaluate their cyber security approach from the perspective of a cyber attacker.”

“QUALIFIED STAFF, SUFFICIENT INFRASTRUCTURE AND TECHNOLOGY INVESTMENT IS REQUIRED FOR FULL SECURITY”

Stating that the increase in 2022 also carries clues about how 2023 will pass in terms of ransomware attacks, Gökhan Yüceler concluded his evaluations with the following statements:

“We anticipate that data breaches and distributed denial-of-service (DDoS) attacks as a result of ransomware attacks will also increase in 2023. Businesses with growing digital footprints become vulnerable to attacks, and cybersecurity consulting service is becoming an important need for leaders. Because in order to provide full security in enterprises, qualified personnel, sufficient infrastructure and technology investments and a structure in which processes progress in harmony are required. A weakness in one link of the chain can affect the whole and harm business continuity. As InfinitumIT, with our services such as penetration tests, red team / blue team studies, source code analysis, cyber threat intelligence, security information and event management (SIEM) hardening and forensic computing, we can detect security vulnerabilities in customers' systems before attackers and eliminate these risks early. We offer removal facility. With our solution, which we call Continuous Threat Hunting, we are able to offer long-term solutions to our customers within annual planning. We are able to build a tighter security process with audits and improvements at different frequencies. With our approach advocating that security is a process rather than a product or service, we become a competent, disciplined, passionate and committed business partner in cybersecurity for businesses of all sizes.”