The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here are five things you need to know this week:
1. Gartner analysts share their 2023 cybersecurity predictions
As 2023 comes to a close, VentureBeat talked with some of the top analysts from Gartner about their 2023 cybersecurity predictions. Here are a few of their predictions for the new year:
- Continued supply chain and geopolitical risks associated with malware, cloud infrastructure, and system integrity-based attacks.
- Unified cybersecurity platforms and architectural patterns will streamline integration, orchestration, and automation for security.
- Zero-trust architecture will be essential for risk management and will risk-optimize the organization’s security posture.
Read more about what Gartner analysts are predicting here.
2. Industry leaders discuss the future of IoT at the annual IoT Expo Global
The annual IoT Tech Expo Global recently took place in London and focused on “Powering the connected world with IoT.” During the two-day event, more than 100 thought leaders presented a new vision for the future of IoT. They explored the latest challenges, opportunities, and innovations, as well as the impact IoT has across industry sectors.
Experts predict there will be 75 billion connected devices by 2030. And when combined with AI, cloud, and intelligent connectivity, IoT can be leveraged to drive and optimize performance, reduce waste and energy, predict disasters and disruptions, and better inform leaders.
For key takeaways from the IoT Tech Expo Global and a look at what IoT leaders believe is on the horizon, read this TechRepublic article.
3. After apparent connections to spyware were revealed, Mozilla and Microsoft drop Trustcor certificates
After a recent investigative report by the Washington Post revealed connections between TrustCor and the spyware vendor Packet Forensics, Microsoft and Mozilla revoked trust for the root certificate authority(CA), which will render TrustCor certificates unusable on both Edge and Firefox.
According to a TechTarget article, “Root CAs wield extensive power in the certificate ecosystem because their public key infrastructure (PKI) forms the foundation of the cryptographic trust chain. They are the most trusted and critical CAs for browser companies. In addition to producing their own certificates, root CAs can use their PKI to sign and validate the certificates of third-party intermediate CAs further down the trust chain.
Read more about the controversy here.
4. Ninety-nine percent of xIoT devices do not comply with industry best practices, according to new research
A new report from Phosphorus Labs found that 99% of xIoT (extended-internet-of-things) device passwords are out of compliance with industry best practices. The report also said that 80% of security teams can’t identify the majority of their xIoT devices.
The company’s chief security officer, Brian Contos, told SC Media that as xIoT vulnerabilities come and go, it’s important to raise the standard around device-level security by hardening devices and reducing their attack surface.
However, the solutions are not so straightforward. Bud Broomhead, CEO at Viakoo, recommends organizations focus on IoT and IoT application data, adding it to discovery and configuration management solutions to support hardening and securing IoT systems.
Discover additional findings from the xIoT Threat & Trend Report.
5. Post-quantum cryptography is crucial to defending against cyberattacks that target today’s data
The security demands of post-quantum computing are on the minds of many industry leaders, including Chung Hyun-chul, CEO of Norma, a South Korean company focused on IoT and quantum security. In a recent interview with LightReading, he discusses the importance of post-quantum cryptography and post-quantum computing security. Hyun-chul shares the following insights into how organizations should prepare for post-quantum’s most pressing security issues:
- To prepare for a post-quantum computer’s ability to break today’s public key cryptographic security, he recommends organizations prepare a roadmap that includes tasks like performing post-quantum risk assessment and verifying how quickly PKI can be migrated into post-quantum cryptography.
- To respond to Harvest Now, Decrypt Later (HNDL) attacks, organizations must assume that their current encrypted data has the potential to be decrypted and take a sequential approach to securing critical information and infrastructure.
Catch up on last week’s headlines here.