As businesses continue to grow online and rely further on digital capabilities, designing your organisation to be ‘secure by default’ is becoming more important than ever.
Almost every credible source will tell you that the volume of cyber attacks is up this year. But this is not a new headline, and as technology and information security professionals we are already primed for it. What is far more interesting is how cyber crime has changed and how we can respond to those changes.
So what did we learn in 2023?
Breaches and attacks
Many of the most high-profile attacks of this year can be traced to simple relatively straightforward attack vectors. The Optus breach, one of the largest in recent history, compromised 10 million records and was, we are told, the result of nothing more than an exposed API. This tells us that basic security controls are not working, and we need to be questioning the validation and efficacy of the designed controls that we have in place. There really is no substitute for testing.
The Police Service of Northern Ireland breach earlier this year, where the details of 10,000 officers and civilians were accidentally published online, has…
