Because AI is built into many security tools and the external perimeter controls have gotten much better lately, a lot of what ransomware groups are doing now is just bribing employees, says Zach Fleming, Head of Red Teaming, Integrity360, which offers cyber risk and testing services. He believes that’s going to increase, particularly given the current economy. He says: “Ways of working with threat actors are becoming harder to detect, with insider threats pretending to accidentally slip up in providing attackers access to systems and/or information. If you’re a disgruntled employee and you work in a company as a helpdesk engineer, they’ll send you an email where you’ll deliberately click on a link where you’ll give them credentials to access a company portal. And then, if they’re successful in extorting the company, they’ll pay that employee up to 70 per cent of whatever the extortion amount was.
“If you’re that insider threat actor/employee, it’s a high reward and its low risk – you can’t go to prison for being bad at spotting a phishing email. And now, for an extra 10pc fee, they’ll start washing the money through legitimate shell companies. That’s becoming rampant – a couple of ransomware groups have started doing it, and we’re picking up on it quickly.”
Hospitals will accelerate their deployment of zero trust architectures to defend against increased cyber attacks and expanded attack vectors, he adds. “Hospitals initially will focus on improved identity management, authentication, continuous verification, and fine-grained access controls. Integrated zero trust solutions should quickly gain ground in this market as hospitals try to upgrade their networks to support modern care delivery.”
In the United States, the federal regulator the Securities and Exchange Commission’s (SEC) new rules on reporting data breaches will have a profound impact on how all businesses not only manage cybersecurity, but how they are perceived by the public, says the US-based authentication standards group FIDO Alliance’s Andrew Shikiar, Executive Director and CMO. He says: “Businesses will be required to report all material breaches whenever they occur, alongside their approach to cybersecurity risk management, strategy, and governance every year. This will bring an unprecedented level of scrutiny on businesses. Those guilty of ‘cyber-washing’ how seriously they take cybersecurity and the protection of sensitive and personal data will have nowhere to hide their dirty laundry.
“While many will chafe at such regulations, this higher level of scrutiny will improve cybersecurity practices in the long term. With auditors, stakeholders, investors and the wider public able to judge how serious and how responsible businesses are when it comes to protecting themselves and their data, it will become a key ongoing concern in the boardroom. Cybersecurity will no longer be the sole domain of the CISO or even the CTO, it will become a priority for the entire C-suite.”
The world has reached a tipping point where need for continuous alignment of cybersecurity, business strategy and operation is indispensable, says Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group. He says: “With the adoption of generative AI as a business tool, in addition to cybersecurity attacks, the risk of intellectual property and commercial data loss grows exponentially. The risk of breaching industry regulations such as HIPPA [Health Insurance Portability and Accountability Act in the United States], GDPR [European data protection] and a host of similar country-specific data protection legislations is greatly increased too. ‘Named’ expertise in and responsibility for active security governance at the board level will become a strategic priority.”
Raj Samani, SVP Chief Scientist at Rapid7, sees the cloud as continuing to be a critical cyber battleground. “And in the coming year, an emerging concern will likely be the misuse of commercial cloud service providers (CSPs). That’s because cybercriminals are no longer relying on known command-and-control servers; instead, they’re turning to commercial CSPs for cover to host malicious content. It’s a clever trend, and it comes back to the game of hide-and-seek, with attackers exploiting the cloud’s anonymity and legitimacy, and blending their activities with legitimate services. Combatting this threat requires more innovative solutions, such as those leveraging AI and advanced automation techniques — as well as heightened vigilance — in the cloud. Organisations need advanced risk scoring across cloud environments, so security teams get complete visibility that eliminates blind spots and enables them to effectively prioritise remediation actions.”
