Be proactive. Get protected.

Is there anyone who still thinks hackers are disenfranchised youths holed up in their bedrooms wearing hoodies? Cyber crime is increasingly sophisticated, and the priority for global companies must be staying one step ahead of the bad actors.

If proactive, preventative action is the answer, then it follows that CEOs of large enterprises must now look at cybercrime as a business risk, rather than an operational one.

To test that theory, I put some questions to AT&T’s own Chief Security Officer Bill O’Hern.

What’s your take on cyberattacks in 2023?

Unfortunately, criminals are more organized, and they are tiering their attacks. One group will work on initial access. Another will develop malware. A third will run the operation, whether it’s distributed denial of service, ransomware, extortion, etc.

What do companies need to do to protect not just their data, but their reputation?

Companies should be following guidelines from trusted organizations, such as NIST, to employ proper technology and personnel training/awareness.?I also think corporate boards need to become more engaged with cybersecurity and the company’s posture.?If you want to protect your reputation, you need to have a program in place that demonstrates good security hygiene and practice.

What are the biggest risks for 2023, and how can we mitigate against them?

I still believe that credential theft is the largest risk – phishing and smishing for legitimate credentials to gain access.?Any number of attacks will then follow.?Companies should strongly consider moving toward non-phishable multi-factor authentication (MFA). I also think this year we’ll see more nation-states working together, for good and bad. Some will join to protect themselves, while others will coordinate attacks. I hope we’ll continue to see the U.S. and other countries develop stronger security policies.