As technology rapidly evolves, so do cyberattacks. Therefore, the biggest challenge for the print industry this year is to understand how their business is being targeted and information exploited so businesses can work at pace to deliver ground-breaking innovation to reduce the threat and deter attackers.
For instance, ransomware is a well-established technique used by cyber criminals that continues to evolve with new technology. In 2024, we will see the nature of ransomware become more diversified as criminals move down the value chain to smaller enterprises. Businesses can also expect the ‘dwell time’ of attacks to reduce dramatically, as attackers want to stay under the radar. This is because smaller organisations are easier to target, as they don’t have the robust resources or cyber resilience in place to establish a proper cybersecurity team or defence mechanisms.
It is suspected that virtually every company will be impacted in some way in 2024 as ransomware criminals start to impact the smaller companies that make up the supply chain of the largest companies. Companies need to understand who is in their supply chain and how they can insulate themselves from this risk. This can be achieved by a combination of diversification/removal of single points of failure as well as rolling training and assessments out to key critical parts of the value chain.
What measures should be taken in print security in 2024?
Despite the evolution of cyberattacks, businesses remain dangerously behind in the uptake of security technology. Many businesses still rely on outdated legacy infrastructure that provides limited protection and, in some cases, is without any authentication or authorisation process.
So, the first step towards robust cyber hygiene is to become familiar with the cyber premise of your business and establish a foundational understanding of information security. By implementing the basics, businesses can protect their data from the free reign of cybercriminals. Simple measures include isolating printers from open networks, which makes it more difficult for criminals to redirect the print route, with valuable information sent to their own devices.
Additionally, organisations should use different authentication methods for different data types. Businesses must know which assets require the most protection and isolate sensitive data from other vulnerabilities. Put simply, you wouldn’t use the same key to unlock a storage cupboard, which also unlocks your safe. So, this same approach must be taken with cybersecurity.
How do you see regulation and policy around security changing in 2024?
We’re already seeing crucial regulations taking place. For instance, the security industry has an encouraging outlook on 2024 with the PSTI (The Product Security and Telecommunications Infrastructure) act, set to come into effect in April. This policy will enforce minimum security requirements for consumer IoT products and aims to improve the transparency of products that are compliant under the act. This PSTI will also act as a preface to the developing Cyber Resilience Act (CRA) that is expected to be implemented in 2027. As a leader in information security, Canon is directly involved in developing the CRA and is committed to advocating for increased industry action.
As a result, Canon believes new regulations and policies for the technology sector must be developed with security at its core. As we will witness with the PSTI and the CRA, businesses will soon be able to make more informed decisions about the tools they are using and what protections are available. As regulation becomes stronger, we expect to see more vendors step into their duty of care and design products with not just innovation in mind but security and accessibility as well.
Looking towards the new year, Canon is taking its own measures to improve its cybersecurity offering. At Canon, we continue to focus on expanding our toolkit so that we can provide our partners with an all-inclusive security offering. With the ISO 27001 certification in information security, Canon is dedicated to covering all aspects of information security, from policy compliance to proactive risk management and integrated defences – covering all basis for a robust and resilient workflow.
Looking into 2024 and beyond, what emerging technologies will impact the cybersecurity industry?
Artificial Intelligence (AI) will continue to dominate conversation in 2024 and will have its own implications for the security industry. Fortunately, AI has not yet transformed the nature of cybercrime, with most criminals using the same tried and true approaches. Therefore, the advantage of AI technology, for now, remains on the side of the defenders. AI driven capabilities can help businesses identify and mitigate risks and automate the process of recovery and repair. However, it is important that with this new technology, businesses do not neglect the basics of a strong security infrastructure. Processes such as multi-factor authentication, patching and perimeter assessments remain crucial in responding to imminent cyberthreats.
When it comes to security and cyber hygiene, it is important to remain agile to emerging technologies. In the coming years, conversations around quantum computing will continue to develop. So, businesses will need to pre-empt the transformative effect that quantum computers will have on information security. By establishing a forward-thinking plan for their data that includes quantum-safe algorithms and encryption, businesses can be on the front foot of their protection and stay vigilant to the rapidly changing landscape.
In light of these developments, the stakes of cyber insurance are also much higher. Businesses should consider the full extent to which their current policies protect them from emerging threats and future technologies. As the lines of responsibility become more nuanced, and the terms of cover differ from case to case, the true value of cyber insurance will be found in well-rounded services, such as breach investigations and ongoing risk management.
What are three pieces of security advice for businesses in 2024?
Looking forward to 2024, it is essential that all businesses prioritise cyber hygiene. Action should be made immediately to implement basic defences such as multi-factor authentication, and reviewing the logs that are already generated.
Additionally, for businesses of any size, simplicity is key for a good cyber defence. Start by investigating your cyber footprint and understanding what your business looks like to an attacker. Don’t forget the suppliers and up and down stream suppliers who may also be targeted. By establishing a strong plan that covers all basis, and sticking to it, businesses can be proactive in preventing cyberattacks.
Finally, investing in the security skills of your workforce, and ensuring all employees are familiar with the business’s defence is crucial. Once trained in cybersecurity, employees can act as your best line of defence as they will learn to mitigate risks when they arise.
