As cybersecurity prevention tactics continue to evolve and adapt to current trends, we've seen new terms thrown into the mix in conversation such as Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR). In IBM's 2022 Cost of a Data Breach Report, analysis on XDR trends were covered for the first time, highlighting the trend towards modernized cyber security solutions. It noted that out of all the organizations that were interviewed as part of the developmental phase of the report, 44% said they were actively using XDR technology and that they were able to contain a breach almost an entire month quicker than if they had not implemented XDR.

So, while we know that EDR and XDR are both methodologies that help combat cyber threats at an organizational level, there are some key differences between the two:

Digital services are as effective as the data that drives them in a constantly changing business environment. Data is increasing astonishingly, with experts estimating it will double between 2023 and 2026. However, the ability of organizations to process and analyze data to inform strategic business decisions depends on the deployed IT infrastructure and cybersecurity measures implemented to protect it from attacks.

In this regard, here are the top IT and cybersecurity trends companies should look out for in 2023.

IN MEMORIAM: Gary Millward, a cherished member of Sentia’s sales team for over a decade, sadly passed away recently after a long and courageous battle with cancer. Gary was passionate about IT and during his tenure at Sentia, he excelled in designing and delivering high value IT solutions and services to help clients address and solve complex business problems.

Outside of the office, he had a deep passion for boating and spending quality time with his family and beloved dog, Bentley.

He will be fondly remembered as an integral member of Sentia’s family. If desired, memorial donations to the Hospital for Sick Children (Sick Kids) can be made on behalf of his family.  

Cybersecurity experts predict that at least 33 billion records will be compromised by 2023. The number may increase as cybercriminals leverage advanced technologies to develop sophisticated malware and tools for scanning for vulnerabilities in a target network. While most organizations focus on reactive cybersecurity measures to stop an attack after it has started, they overlook that they can stop an attack right at the reconnaissance stage. Reconnaissance is one of the first phases of an attack. Attackers use various tools to understand the target’s networks and systems to determine the possible entry points and exploitable vulnerabilities.

Fileless malware is a malicious activity that infects a system using built-in legitimate and native programs. In contrast to other malware programs like ransomware, attackers don’t need to install a malicious program in the system to execute an attack, which makes it hard to detect and prevent. A traditional anti-malware solution detects malware by matching files against a database of known malicious programs. However, fileless malware payloads reside in the memory only and do not write any files to the hard drive making it difficult for signature-based security solutions to detect it. Thus, cybersecurity experts agree that attackers are ten times more likely to succeed when executing fileless malware attacks than file-based attacks.

The cyber threats landscape in the past few years has redefined how organizations secure and protect critical systems, assets, proprietary assets, and business and customer data. As a result, cyber resilience is not only an exclusive role of the IT and security professionals. Rather it is a company’s shared responsibility to identify and mitigate cybersecurity risks to achieve operational sustainability and strategic viability. In the current volatile IT and digital environment, cyber resilience should comprise measures of how enterprises anticipate, identify, understand, and recover from the impacts of a cyberattack.

It's hard to believe that we are already just a few months shy of 2023. In this mid-year review, we take a quick look at the current state and continued evolution of cybersecurity. The corporate landscape is awash with news of organizations that have fallen victim to costly ransomware attacks, social engineering scams, data breaches and leakages, and malware attacks that have caused costly consequences, such as damaged reputation, huge fines, and disrupted business operations. Therefore, if your company does not want to make headlines tomorrow, it is essential to remain abreast of the mid-year cybersecurity trends and statistics in 2022.

Penetration testing and vulnerability scanning are vital for enhancing an organization’s cybersecurity postures. However, most businesses are confused about differentiating the two services. For example, a vulnerability scanning process looks for existing security weaknesses and vulnerabilities, such as unpatched systems, lacking authentication schemes, misconfigurations, and weak password security, and reports them as potential exposures. On the other hand, a penetration test looks to exploit identified security weaknesses in the organization’s systems and IT network architectures to determine the extent to which an attacker would compromise your assets. Also, a vulnerability scan often utilizes automated software programs and tools, whereas a penetration test is a manual process carried out by a security expert.

Cybersecurity is a top priority for all organizations today. Still, the rapidly changing security landscape introduces unique challenges that require users and cybersecurity professionals to stay informed and adopt best practices. Security awareness training educates employees, third-party partners, contractors, and other relevant stakeholders concerning the current cyber threats, cybersecurity responsibilities, procedures, and policies. It is a critical program that helps inform the necessary threat prevention measures and assists in complying with industry-standard data privacy and security regulations.

Unfortunately, according to Proofpoint’s 2022 State of the Phish Report, only 25% of companies train their employees for two or more hours annually. Yet, a Verizon Data Breach Investigations Report shows that eight out of ten, approximately 82%, data breaches are due to exploitable human vulnerabilities. In addition, untrained and unaware employees account for the largest number of social engineering attacks, stolen credentials incidents, and phishing scams.

Cybersecurity threats have increased twice in the global supply chain, impacting consumers and enterprises. Supply chain attacks have evolved tremendously in recent years, reaching new levels of frequency and sophistication. Nation-state attackers and cybercrime groups target supply chains to carry out extensive espionage and large-scale extortion cyberattacks. According to Gartner, 45% of companies will likely experience software supply chain attacks by 2025, three times more than in 2020. Therefore, it is critical to understand the top supply chain cybersecurity threats and how you can mitigate them.