Cybercrime is on the rise. With digital transformations being a major concern for businesses globally, the attack surface grows exponentially. And, if recent events have taught us anything, it’s that people will always try to take things that don’t belong to them.
The fact is that cybercrime is more organised than we think. With a staggering rise in Ransomware-as-a-Service (RaaS), Hackers-as-a-Service (HaaS) and Access-as-a-Service (AaaS) lowering the bar for entry, it’s never been easier. Gone are the hoodie-wearing loners huddled in basements mining data for cash. Now, it’s men in suits who, for all intents and purposes, operate like legitimate businesses. With more systems requiring ever increasing access to data in order to function, new vulnerabilities spring up daily that must be continuously beaten down like whack-a-mole.
As The Art of War states: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat”. So, as 2022 draws to a close, we must study the expected cybersecurity trends in order to best prepare ourselves for what may lie ahead.
Ransomware and malware on the up
There is a reason that ransomware has stood the test of time, because it exploits the best vulnerability there is – human error. All it takes is one inadvertent click on the wrong link or connecting to unsecured WiFi, and an entire system can be compromised in seconds. The EU Agency on CyberSecurities annual Enisa Threat Landscape Report found that ransomware and attacks against availability rank the highest during the reporting period, with phishing being the most common vector for initial access.
Another report found that 55% of financial institutions were hit by ransomware within the last year, a 62% increase on the previous year. According to the same research, financial institutions received some of the lowest payouts from insurance companies following breaches, meaning it really is important to launch a good counter-defence to cyberattacks.
A way to safeguard against ransomware attacks is by using regular backups, both in-cloud and on premises, allowing quick recovery of data – though this can’t defend against the very real possibility of having your data leaked on the dark web or threat actors exploiting other vulnerabilities.
Software supply chains under threat
Another major attack vector is supply chains, where attackers aim to target businesses on a mass scale through compromising third-party products. A recent incident was the SolarWinds Breach, where hackers were able to hide malicious code within an update to an IT monitoring system that was used by more than 30,000 public and private organisations, including the US Government.
This is an extremely vulnerable area as many developers use modular-build software packages that come from many different sources, any of which could be compromised. “The problem is continually getting worse, with enterprises more and more reliant on outside providers,” says Steve Zalewski, deputy CISO at Levi Strauss. “What we need is an international chain of trust […] where we can all agree on a global set of tools and practices.”
One such solution could be the use of an SBOM (Software Bill of Materials), which staff can use to help them identify if malicious software has been entered into a system. This solution, however, only works if the people managing the system understand the components within well enough to identify discrepancies.
War on talent in cybersecurity
Unfortunately, weaknesses can be introduced to a system just by plain old ignorance. Nevertheless, another major problem facing businesses is the lack of available talent, leaving them unable to manage their cybersecurity needs in-house. This can be exacerbated by a lack of clear direction during the hiring process.
Hiring managers should know what skills they need to hire, where to find them, the appropriate remuneration, and above all else, have good and timely communication. This requires an adequate understanding of the needs of the business, so ensuring hiring managers are briefed correctly before even posting a job vacancy is essential.
Lack of understanding can leach out to other staff, who may not be trained on how to identify potential attack vectors. A fact that became especially apparent during the pandemic, when remote working forced many staff into managing their own system security: Hack-for-Hire groups like to attack “soft targets who may not […] have made security one of their top priorities”, according to Pierre Delcher, Senior Security Researcher at Kaspersky’s GReAT. It’s therefore important that all staff understand basic security procedures.
Upskilling current staff is a great way to approach this, since it is cheaper than leveraging salaries to attract talent and has the added bonus of keeping employees engaged. Staff are more likely to stay with a company where they feel they have forward momentum, which is attractive to other potential employees.
Many businesses looking to digitally transform their operations will need to mount a strong defence when it comes to cybersecurity, meaning it’s more critical than ever to curate an IT team who will know the best way to implement this.
Zero Trust models are in fashion
One such defence could be a zero-trust model, which has become a popular alternative to password protection. It’s stated in the latest Verizon Data Breach Report, that 80% of data breaches are the result of poor or reused passwords. In a zero-trust model, users are treated as potential threat actors and must verify their right to access data every time.
The traditional ‘Castle and Moat’ model using a heavily guarded firewall is great, but once breached, it leaves the entire system vulnerable. The idea of zero-trust is to establish roadblocks that prevent bad actors from moving laterally within the system. You might breach one wall, but there will always be another one blocking access to the rest of the system. Giving the organisation more time to detect and defend against an attack.
According to a study published by Teramind in 2021, organisations with fully deployed zero-trust architecture saved 43% on data breach costs. It’s also the simplest and most effective way to manage the security of remote workers. Zero trust can take many forms, including multi-factor authentication, continuous validation, smart monitoring (AI), least privilege, and micro-segmentation.
The role of AI in cyber defence
In addition to smart monitoring, there are lots of other ways that AI can be implemented to help keep data safe. Correctly deployed AI is the well-trained guard dog whose keen ear will detect and alert you to any unknown visitors in the vicinity.
The AI is trained to perform cognitive functions like tracking suspicious activity in a bank’s systems, such as an employee trying to view files they normally wouldn’t, or a credit card used outside of the customer’s usual daily routine. Anything outside of the norm will be flagged to allow for intervention.
These are all things that can be done by a human, but the scale required to provide this service 24/7 around the globe would be almost impossible. AI can be left running indefinitely, constantly monitoring for suspicious behaviour and ready to raise the alarm. According to the Teramind study, organisations using AI and security automation were able to detect and contain data breaches 27% faster.