If 2021 was the year cybersecurity took center stage – ransomware attacks on governments surging 1,885% worldwide, an executive order requiring federal agencies to achieve zero trust security – then 2022 was the year agencies got serious about cleaning things up.
While some organizations have made more cybersecurity progress than others, virtually every agency leader understands the mission-critical importance of strong security. So, if you’re like many government decision-makers, you want to know what to keep on your cybersecurity radar for 2023.
While ransomware and zero trust will remain top of mind, you’ll want to pay close attention to these three trends in the year ahead:
- Synthetic identity fraud will call for innovative solutions. The anonymous nature of cyberspace makes it easy for malicious users to create fake accounts such as social media bots. At the same time, the dark web buying and selling of stolen personally identifiable information (PII) has become big business.
Now these phenomena are coming together with the rise of “synthetic identity.” Synthetic identity fraud combines multiple credentials – some real, some fake – to fabricate a new identity. Fraudsters use synthetic identities to, for example, apply for financial accounts and build a history for what looks like a legitimate identity.
That’s a problem for agencies as they move toward digital identities verified through financial records. Credential verification will involve the online review and exchange of millions of files such as passports, financial statements, and legal documents. The associated websites and content are more than likely to contain malware.
The solution? Remote browser isolation (RBI) and content disarm and reconstruction (CDR). RBI allows users to view websites in an isolated web session so that malicious code is blocked from reaching devices. CDR deconstructs and reconstructs files as they’re transmitted so that content is sanitized and malware-free.
- Insider risk will gain new significance. Societal currents like hyper-partisanship and online misinformation have hardened political identities, even in nonpolitical government organizations. Rapid swings from onsite work to remote work and then back to the office have disoriented and disgruntled employees. These factors are combining to create a perfect storm of insider risk.
But the definition of insider risk is changing. It’s no longer only about unauthorized system access or theft of sensitive data. It can also include negative behavior that affects workplace productivity, safety, and culture.
Such drivers are leading agencies to expand their use of user activity monitoring (UAM). Effective UAM tracks employee use of your network to look for anomalous behavior. It can be combined with behavioral analytics to establish a baseline of typical activity and assign a risk score for each user. As a user’s activity veers from baseline, their risk score increases, alerting security analysts to potential issues.
Agencies will need to build employee risk profiles legally and respectfully. But the technologies and protocols exist to ensure that UAM and behavioral analytics aren’t abused while they bring insider risk under control.
- Multicloud will require cybersecurity unification. An agency’s cybersecurity perimeter used to be the edge of its network. Now it’s the edge of its data. As a consequence, the concept of network-level security will fade away. Instead, security will become a matter of data access and control. Achieving that goal will require agencies to consolidate, unify, and simplify their security capabilities.
Much of this trend is being driven by the multicloud phenomenon. No organization relies on a single cloud today. Cloud now involves XaaS, or “anything as a service”: software, platforms, infrastructure and containers, plus private on-prem clouds. Multicloud is any cloud service that delivers data to an agency’s employees, contractors, or constituencies.
Agencies can no longer cost-effectively secure the data from all these cloud sources by using traditional point solutions. Instead, they need to consolidate their protections on an all-in-one, cloud-native cybersecurity platform.
Unified security should apply to any data accessed through any website, cloud application, or on-prem application. It should also control how employees, contractors, and other stakeholders use agency-issued or personal devices so that no one can bypass security enforcement.
The emergence of synthetic identity fraud, the evolution of insider risk, and the growing prominence of multicloud are three trends that will keep cybersecurity front and center for agencies in 2023. Fortunately, innovative solutions can help organizations stay ahead of their cyber risk.
Visit our website to explore all of Forcepoint’s predictions for 2023.