Remaining robust and resilient: A CISOs top six recommendations for 2024
By Yubico’s Chad Thunberg 2023 saw a whirlwind of challenges – both old and new – but we also realised many opportunities to become more secure and stay ahead of evolving information security threats. As expected, it was another challenging year for information security as organisations continued looking for ways to stay ahead of hackers. We saw an increasing amount and complexity of phishing attacks overall, driven by a major trend throughout the year making a significant impact: AI-driven phishing. Phishing remains the most prevalent attack method due to its relatively low cost and high success rate, and the implementation of AI now only furthers this problem. Across the board, we’ve seen a dramatic increase in attacks targeting businesses, governments and consumers using phishing to social engineer individuals to provide their credentials, identity information, and subvert legacy multi-factor authentication (MFA). A major reason for this is highlighted in Yubico’s recent survey which found 91 percent of people still rely solely on a username and password to secure their accounts. In order to be more secure moving forward, collectively we must do better overall and move away from the reliance on passwords and other weak forms of authentication, towards modern, phishing-resistant MFA. In 2023 we also saw many attacks spearheaded by the increased amount of information attackers have about specific vendors in the supply chain and employees within companies. The information enables attackers to provide sophisticated pretext, understand relationships and even communication styles. Due in part to the success and impact that these types of attacks have had, we’ve seen governments in Australia, the U.S., Europe and around the world increase their focus on ways to increase the security of businesses, citizens and the government entities. The U.S. government specifically is showing signs of losing patience with the commercial sector’s inability to keep attackers […]