Summary
ล่าสุด ทาง Digicert ได้คาดการณ์ เทรนด์ที่จะเกิดขึ้นในเเวดวง Cyber Security ในปี 2023 และโลกอนาคตไว้ดังนี้Prediction #1: Quantum Computing Will Force Crypto-AgilityPrediction #2: Matter Will Become a Household StandardPrediction #3: Code Signing Will Prompt A Race to the CloudPrediction #4: Software Supply Chain Attacks Will Make 2023 the Year of the SBOMPrediction #5: Physical SIMs Will be Replaced by eSIM and iSIM TechnologyPrediction #6: DNS will continue to grow in importancePrediction #7: Criminals Will Exploit Zero TrustPrediction #8: Ransomware threat will continue to rise in Asia
By DigiCert experts Dr. Avesta Hojjati, Dean Coclin, Mike Nelson, Srinivas Kumar, Stephen Davidson, Steve Job and Tim Hollebeek — DigiCert, Inc., a leading global provider of digital trust, released its annual forecast of cybersecurity trends emerging for the new year and beyond. These projections are based on shifts in technology, threat actor habits, culture and decades of combined experience. “Without a secure supply chain and proper security infrastructure, mission-critical data lies vulnerable. India has faced more than 18 million cyber attacks in just the first quarter of 2022. This must raise alarm for all of us especially as the country is pushing for increased digitization in the coming year,” said Sarabjeet Khurana, Country Manager, India & SAARC, DigiCert. “These predictions should allow individuals and businesses of all scales and sizes, to prepare for their upcoming technology needs. To ensure success in the era of digital trust, a planned approach to resiliency is of essence.”
“These predictions come on the heels of our 2022 State of Digital Trust Survey that found that almost half of consumers in APAC (42%) have stopped doing business with a company after losing trust in that company’s digital security,” said Hojjati, VP of Research and Development at DigiCert. “The more CISOs and other IT staff understand the security implications of evolving technologies and threats, the better prepared they are to make the right investments for their business to ensure digital trust.” Prediction #1: Quantum Computing Will Force Crypto-Agility — Cracking a 2048-bit encryption would take an unfathomable amount of time with current technology. But a capable quantum computer could conceivably do it in months. We predict an increased focus on the need to be crypto-agile as quantum computers pose a signifcant future threat for secure online interactions. Crytographic-agility will be a competitive advantage in the very near future. Prediction #2: Matter Will Become a Household Standard — Matter is a smart home standard and common language for smart home devices which are secure and trusted to communicate and connect seamlessly. With IoT driving growth in Industry 4.0 and the advent of 5G technology in the country, the India IoT market is projected to reach a value of USD 1,527 Million by 2027. DigiCert predicts the Matter logo will become the symbol that consumers look for in smart home technology. With increased connectivity with the Internet-of-Things (IoT), Matter will become key to achieving secure, reliable, and seamless use of smart home devices. Prediction #3: Code Signing Will Prompt A Race to the Cloud — OV code signing certificates are changing. They will soon be issued on physical security hardware in a similar way to how EV code signing certificates are issued. We predict that these changes will mean customers move to cloud signing in large numbers, instead of dealing with replacing their hardware token. We also expect all code signing will be cloud-based in the future, as customers will prefer cloud over having to keep track of a hardware key. Prediction #4: Software Supply Chain Attacks Will Make 2023 the Year of the SBOM — 66% of Indian businesses fell prey to supply chain attacks in 2022. As threats become increasingly sophisticated, we predict the SBOM will be widely adopted in 2023. An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions and extensions. While most of the requirements are taking place at the federal level now, expect the SBOM to spread to commercial markets soon to secure software. All of this means software producers will be required to get more involved in the process of ensuring their products are secure — and visibility will be key to that. Prediction #5: Physical SIMs Will be Replaced by eSIM and iSIM Technology — While eSIMs are available in India, iSIM technology will also revolutionise how we use our smartphones and similar devices. We predict the next generation of smartphones will remove traditional SIM hardware functionality and move to eSIM and iSIM as the root of trust. The introduction of the integrated SIM (iSIM), which does not require a separate processor, is smaller, and does not take up much room on hardware such as mobile phones. Prediction #6: DNS will continue to grow in importance — Infrastructure as code will continue its growth as being a best practice for organizations of all sizes. DNS services that have high uptime, fast speeds and fast DNS propagation will be crucial for organizations to have as a toolset. With over 55% of the population having access to broadband networks, well-defined APIs, SDKs and integrations will be highly vital to the success of Indian organizations’ efforts to be productive and reliable. Prediction #7: Criminals Will Exploit Zero Trust — Adversaries will deploy new technologies as well to increase their success rate in future attacks. Technologies such as Artificial Intelligence and Adversarial Machine Learning could potentially be deployed by a properly versed attacker to find weaknesses in an improperly deployed zero trust framework. There is a clear shift towards the adoption of Zero Trust in India, where close to 30% of organizations have implemented or are considering implementation of zero-trust strategies at the workplace . With growing concern of data security due to the new normal of hybrid-work mode, it has become a priority for organizations globally to have Zero Trust. As zero trust becomes the standard security approach for IT systems, we predict adversaries will change their attack approach to be able to overcome zero trust frameworks. Prediction #8: Ransomware threat will continue to rise in Asia – The threat of Ransomware continues to rise globally, with Asia-Pacific countries being the most vulnerable due to the region’s rapid digitalization and increasing connectivity as seen from its adoption of 5G network. 70% of Indian organisations have been hit by ransomware attacks in last three years. Recent high-profile attacks on Indian entities, especially that of All India Institute Of Medical Science (AIIMS) which left the premier medical hospital crippled due to lack of data highlight how hackers continue to exploit upcoming technologies As we predict for ransomware attacks to become more sophisticated, it is crucial to remain vigilant and well-equipped to counter them.
สรุป
อย่ารอให้ข้ามปี ถ้าองค์กรคุณยังไม่มีแผนปรับปรุงโครงสร้างเทคโนโลยีสำหรับปีที่จะมาถึง ตอนนี้คือเวลาที่เหมาะที่สุด ให้รีบลงมือทำได้เลย เพราะ Year-End Technology Infrastructure Review ส่งผลดีทั้ง productivity, low cost, การสรุปว่าปีที่ผ่านมาเราใช้เทคโนโลยีได้คุ้มค่ามากน้อยขนาดไหน จะช่วยให้คุณตัดสินใจเรื่องสำคัญอีกหลายเรื่องได้ง่ายยิ่งขึ้น เริ่มได้เลย เช็คลิสต์มีตามนี้ • Technology Policies • Disaster Recovery Planning • IT Issues & Pain Points • Privileged Access & Orphaned Accounts • IT Upgrade & Transformation Plans for the New Year • Cloud Use & Shadow IT • Customer-Facing Technology English SummaryWhen the year is coming to a close, it’s the perfect time to plan for the future.
Most businesses begin the year with the hope of growing and improving operations.
Much of how a business operates depends on technology.
So, it makes sense to look to your IT for areas of optimization.
Considerations When Reviewing Your Technology at Year-End.• Technology Policies• Disaster Recovery Planning• IT Issues & Pain Points• Privileged Access & Orphaned Accounts• IT Upgrade & Transformation Plans for the New Year• Cloud Use & Shadow IT• Customer-Facing Technology
When the year is coming to a close, it’s the perfect time to plan for the future. Most businesses begin the year with the hope of growing and improving operations. Much of how a business operates depends on technology. So, it makes sense to look to your IT for areas of optimization.
A year-end technology review provides an opportunity to look at several areas of your IT. The goal is to take time to focus on improvements you can make to boost your bottom line. As well as what tactics to take to reduce the risk of a costly cyberattack. Small businesses that make smart use of technology are well ahead of their peers. Here are some of the ways they excel: • Earn 2x more revenue per employee • Experience year-over-year revenue growth nearly 4x as high • Had an average employee growth rate over 6x as high The bottom line is that companies that use technology well, do better. They are also more secure. According to IBM, businesses that have an incident response plan reduce the costs of a data breach by 61%. Using security AI and automation can lower costs by 70%.
This year-end, take some time to do a technology review with your IT team or managed IT provider. This will set you up for success and security in the coming year. Considerations When Reviewing Your Technology at Year-End.The goal of a year-end technology review is to look at all areas of your IT infrastructure. Security, efficiency, and bottom-line considerations will be the key drivers for future initiatives. Technology Policies When technology policies get outdated, people stop following them. Review all your policies to see if any of them need updating to reflect new conditions. For example, if you now have some staff working from home, make sure your device use policy reflects this. When you update policies, let your employees know. This gives them a refresher on important information. They may have forgotten certain things since onboarding. Disaster Recovery Planning When is the last time your company did an incident response drill? Is there a list of steps for employees to follow in the case of a natural disaster or cyberattack?Take time to look at disaster recovery planning for the new year. You should also put dates in place for preparedness drills and training in the coming months. IT Issues & Pain Points You don’t want to go through a big IT upgrade without considering employee pain points. Otherwise, you might miss some golden opportunities to improve staff productivity and wellbeing. Survey your employees on how they use technology. Ask questions about their favorite and least favorite apps. Ask what struggles they face. Let them tell you how they feel improved technology would make their jobs better. This, in turn, benefits your business. It can also help you target the most impactful improvements. Privileged Access & Orphaned Accounts Do an audit of your privileged accounts as part of your year-end review. Over time, permissions can be misappropriated. This leaves your network at a higher risk of a major attack. You should ensure that only those that need them have admin-level permissions. The fewer privileged accounts you have in your business tools, the lower your risk. Compromised privileged accounts password open the door to major damage.
Conditional
Access เข้าถึงระบบแบบมีเงื่อนไข
เพื่อความปลอดภัยของคุณและองค์กร
สรุป81% ของความสูญเสียที่เกิดจากโลกไซเบอร์
มีสาเหตุมาจากการขโมยพาสเวิร์ด หรือตั้งพาสเวิร์ดที่เดาง่ายเกินไป เราจึงขอแนะนำ Conditional
Access หรือการเข้าถึงระบบแบบมีเงื่อนไข เพื่อความปลอดภัยของคุณและองค์กร เพราะคุณจะได้ประโยชน์ดังนี้·
Improves Security ·
Automates the Access Management
Process ·
Allows Restriction of Certain
Activities ·
Improves the User Login
Experience ·
Enforces the Rule of Least
Privilege SummaryEighty-one percent of security incidents
happen due to stolen or weak passwords. Access and identity management have become a
priority for many organizations. This is largely due to the rise of the
cloud. What Is Conditional Access? Conditional access is a method of controlling
user access. You can think of it as several “if/then”
statements, meaning “if” this thing is present, “then” do this. The Benefits of Implementing Conditional
Access for Identity Management ·
Improves Security ·
Automates the Access Management
Process ·
Allows Restriction of Certain
Activities ·
Improves the User Login
Experience
·
Enforces the Rule of Least
Privilege
It seems that nearly as
long as passwords have been around, they’ve been a major source of security
concern. Eighty-one percent of security incidents happen due to stolen or weak
passwords. Additionally, employees continue to neglect the basics of good cyber
hygiene. For example, 61% of workers use the same password for multiple
platforms. And 43% have shared their passwords with others. These factors are
why compromised credentials are the main cause of data breaches.Access and identity
management have become a priority for many organizations. This is largely due
to the rise of the cloud. As well as the practice of people needing to only
enter a username and password to access systems. Once a cybercriminal gets a
hold of an employee’s login, they can access the account and any data that it
contains. This is especially problematic when it’s an account like Microsoft
365 or Google Workspace. These accounts can access things like cloud storage
and user email.Below, we’ll explain what
conditional access is. As well as how it works with multi-factor authentication
(MFA). We’ll also review the advantages of moving to a conditional access
process.What Is Conditional
Access?Conditional access is also
known as contextual access. It is a method of controlling user access. You can
think of it as several “if/then” statements, meaning “if” this thing is
present, “then” do this. For example, conditional access allows you to set a
rule that would state the following. “If a user is logging in from outside the
country, require a one-time-passcode.”Conditional access allows
you to add many conditions to the process of user access to a system. It is
typically used with MFA. This is to improve access security without
unnecessarily inconveniencing users.Some of the most common
contextual factors used include:
IP address
Geographic location
Time of day
The device used
Role or group the
user belongs to
Conditional access can be
set up in Azure Active Directory. It can also be set up in another identity and
access management tool. It’s helpful to get the assistance of your IT partner.
We can help with setup and the conditions that would make the most sense for
your business.The Benefits of
Implementing Conditional Access for Identity ManagementImproves
SecurityUsing conditional access
improves security. It allows you more flexibility in challenging user
legitimacy. It doesn’t just grant access to anyone with a username and
password. Instead, the user needs to meet certain requirements. Contextual
access could block any login attempts from countries where no employees are. It
could also present an extra verification question when employees use an
unrecognized device.Automates
the Access Management ProcessOnce the if/then
statements are set up, the system takes over. It automates the monitoring for
contextual factors and takes the appropriate actions. This reduces the burden
on administrative IT teams. It also ensures that no one is falling between the
cracks. Automated processes are more accurate and reliable than manual
processes. Automation removes the human error component. This helps ensure that
each condition is being verified for every single login.Allows Restriction of Certain
ActivitiesConditional access isn’t
only for keeping unauthorized users out of your accounts. You can use it in other
ways. One of these is to restrict the activities that legitimate users can do.
For example, you could restrict access to data or settings based on a user’s
role in the system. You can also use conditions in combination. Such as,
lowering permissions to view-only. You could trigger this if a user holds a
certain role and is logging in from an unknown device.Improves the User Login
ExperienceStudies show that as many
as 67% of businesses don’t use multi-factor authentication. This is despite the
fact that it’s one of the most effective methods to stop credential breaches.
One of the biggest reasons it is not used is because of the inconvenience
factor for employees. They may complain that it interferes with productivity.
Or say that it makes it harder for them to use their business applications.
Using conditional access with MFA can improve the user experience. For example,
you can require MFA only if users are off the premises. You can put in place
extra challenge questions on a role or context-based basis. This keeps all
users from being inconvenienced.Enforces
the Rule of Least PrivilegeUsing the rule of least
privilege is a security best practice. It means only granting the lowest level
of access in a system as necessary for a user to do their work. Once you have
roles set up in your identity management system, you can base access on those
roles. Conditional access simplifies the process of restricting access to data
or functions. You can base this on job needs. It streamlines identity
management. This is because it contains all functions in the same system for
access and MFA rules. Everything stays together, making management simpler.
Get Help Implementing
Conditional Access Today!
Once conditional access is
set up, the automated system takes over. It improves your security and reduces
the risk of an account breach. Contact us today for a free consultation to
enhance your cybersecurity.
จัดการนโยบาย BYOD
ให้ให้พนักงานนำอุปกรณ์ส่วนตัวมาใช้ในที่ทำงานได้ปลอดภัยและลงตัว
สรุปแนวทางการจัดการเรื่อง
BYOD (Bring Your Own Device) ที่เปิดโอกาสให้พนักงานใช้มือถือหรือเครื่องส่วนตัวในเรื่องงานได้
ภายใต้กรอบของความปลอดภัยและไม่ก้าวก่ายความเป็นส่วนตัวของพนักงาน 1. Define Your BYOD
Policy 2. Keep Your Policy
“Evergreen” 3. Use VoIP Apps for
Business Calls 4. Create Restrictions
on Saved Company Data 5. Require Device
Updates 6. Include BYOD in Your
Offboarding Process
SummaryMobile devices make up about 60% of the
endpoints in a company network. But they’re often neglected when it comes to
strong cybersecurity measures.
This is especially true with employee-owned
mobile devices. You can run BYOD securely if you have some
best practices in place.
1. Define Your BYOD
Policy 2. Keep Your Policy
“Evergreen” 3. Use VoIP Apps for
Business Calls 4. Create Restrictions
on Saved Company Data 5. Require Device
Updates 6. Include BYOD in Your
Offboarding Process
BYOD (bring your own device) is a
concept that took hold after the invention of the smartphone. When phones got
smarter, software developers began creating apps for those phones. Over time,
mobile device use has overtaken desktop use at work. According to Microsoft,
mobile devices make up about 60% of the endpoints in a company network. They also handle about 80% of the
workload. But they’re often neglected when it comes to strong cybersecurity
measures. This is especially true with employee-owned mobile devices. BYOD
differs from corporate-owned mobile use programs. Instead of using company
tools, employees are using their personal devices for work. Many businesses
find this the most economical way to keep their teams productive.
Purchasing phones and wireless plans for staff is often out of
reach financially. It can also be a pain for employees to carry around two
devices, personal and work. It’s estimated that 83% of
companies have a BYOD policy. You can run BYOD securely if you have
some best practices in place. Too often, business owners don’t know all the
devices connecting to business data. Or which ones may have data stored on
them. Here are some tips to overcome the security and challenges of BYOD. These
should help you enjoy a win-win situation for employees and the business.
DEFINE
YOUR BYOD POLICY
If there are no defined rules for BYOD, then you can’t expect the
process to be secure. Employees may leave business data unprotected. Or they
may connect to public Wi-Fi and then enter their business email password,
exposing it. You need a policy if you allow employees to access business data
from personal devices. This policy protects the company from unnecessary risk.
It can also lay out specifics that reduce potential problems—for example,
detailing the compensation for employees that use personal devices for work.
KEEP YOUR
POLICY “EVERGREEN”
A policy becomes less relevant to employees as soon as it becomes
outdated. Someone may look at your BYOD policy and note that one directive is
old. Because of that, they may think they should ignore the entire policy. Make
sure that you keep your BYOD policy “evergreen.” This means updating it
regularly if any changes impact those policies.
USE VOIP
APPS FOR BUSINESS CALLS
Before the pandemic, 65% of employees gave their phone numbers to
customers. This often happens due to the need to connect with a client when
away from an office phone. Clients also may save a personal number for a staff
member. For example, when the employee calls the customer from their device.
Customers having an employee’s number is a problem for everyone. Employees may
leave the company and no longer answer those calls. You can avoid the issue by
using a business VoIP phone system. These services have mobile apps that
employees can use. VoIP mobile apps allow employees to make and receive calls
through a business number.
CREATE
RESTRICTIONS ON SAVED COMPANY DATA
Remote work has exasperated the security issue with BYOD. While
BYOD may have meant mobile devices in the past, it now means computers too.
Remote employees often will use their PCs when working outside the office. No
matter the device type, you should maintain control of business data. It’s a
good idea to restrict the types of data that staff can store on personal
devices. You should also ensure that it’s backed up from those devices.
REQUIRE
DEVICE UPDATES
When employee devices are not updated or patched, they invite a
data breach. Any endpoint connected to your network can enable a breach. This
includes those owned by employees. It can be tricky to ensure that a device
owned by an employee is kept updated. Therefore, many businesses turn to
endpoint management solutions. An endpoint device manager can push through
automated updates. It also allows you to protect business data without
intruding on employee privacy. The monitoring and management capabilities of
these tools improve security. This includes the ability to safelist devices.
Safelists can block devices not added to the endpoint manager.
INCLUDE
BYOD IN YOUR OFFBOARDING PROCESS
If an employee leaves your company, you must clean their digital
trail. For example, is the employee still receiving work email on their phone?
Do they have access to company data through persistent logins? Are any saved
company passwords on their device? These are all questions to ask when
offboarding a former staff member. You should also copy and remove any company
files on their device. Additionally, ensure that you deauthorize their
device(s) from your network.
LET US HELP YOU EXPLORE ENDPOINT SECURITY SOLUTIONS
.png "Microsoft Visio")
.png "VMware")
