Written by Ian Thomas
There have always been bugs in the machine and now more than ever, some of these glitches are actually threat actors after your data, your money, your vote. Ransomware continues to increase with attackers even giving up on the hassle of encrypting your systems. They are doing so in favour of quietly copying your data and threatening to destroy your reputation, your brand or your employee’s faith by releasing anything of impact, from industrial secrets to personal data.
Ransomware-as-a-Service continues to grow with services for hire and even helpdesks available on the dark web. Cybercrime has risen to become the world’s third-largest economy after the US and China, according to the World Economic Forum (WEF). Based on data from Cybersecurity Ventures, it is projected to cost the world $8 trillion in 2023 and $10.5 trillion by 2025. 90% of CISOs reported experiencing some form of attack last year, with almost half reporting more than one attack. Worryingly five in six paid the ransom, totalling over £100,000 in half the cases. Understandably then that the highest-ranking success criteria for Boards against their cyber security spend is the ability to get insurance.
The rise of AI and automation has introduced a change to the entry level for attackers to generate malicious code bases and to create compelling social engineering messaging to increase success rates. This isn’t going away anytime soon.
So, there’s no wonder that in 2023 we saw a shift in mindset from Protection (ever higher walls and deeper moats) to one of Resilience – how do I minimise the impact of the attack when, not if, it comes? Resilience means having security hygiene, good response plans, strong monitoring, up to date intelligence and critically a good understanding of where you might be vulnerable. The average attacker could be in your systems for nine months before they ask you for a ‘contribution’.
Looking forward into 2024, how do we improve our resilience? Here are six areas to think about as you make your plans for the new year.
Understanding and addressing risks associated with the Network and Information Systems Directive 2 (NIS2) is imperative. At its core, NIS2 mandates rigorous cybersecurity measures for operators of essential and critical services, and digital service providers. If we fall short of managing NIS2-related risks, the potential for significant consequences increases, including penalties, operational disruptions and reputational damage. It is important that we prioritise NIS2 compliance by implementing robust cybersecurity best practices, conducting thorough risk assessments and ensure our resilience to threats in an evolving cybersecurity landscape. By being proactive and demonstrating a commitment to adhering to cybersecurity best practices, we can manage NIS2 risks and, in turn, reinforce trust with our customers, adhere to regulations and improve the resilience of our businesses, in an evolving digital landscape. Insurers are increasingly looking for evidence of these measures when assessing risk, premiums and even if they are prepared to insure.
2. Artificial Intelligence
AI generally has accelerated and the overall pace of technology evolution will continue at a faster rate throughout 2024. We are going to see new attack vectors and tradecraft appear over 2024 that has not been considered yet, as people inevitably leverage new technologies in different ways.
The innovation which comes with AI to simplify and speed up processes or access knowledge from the web which helps us every day, is also helping the criminals and threat actors speed up and simplify their activities, devise elaborate social engineering and create new vectors.
70% of CISOs believe AI gives the advantage to attackers over defenders, yet 35% are already experimenting with it for cyber defence. So, it’s not all bad news. Automation, Machine Learning and AI are being integrated into security solutions, reducing time to detection and time to response. Which improves the response and helps to highlight and categorise vulnerabilities and even predict potential attacks. If you’re not using it already you and your service provider will be in the future.
3. OT/IT Convergence
The transformational convergence of Operational Technology (OT) with Information Technology (IT) in the interests of efficiency, productivity, and profitability, often mean organisations are now embracing Industry 4.0, 5.0, IoT and IIoT infrastructure. This includes Edge devices, wireless networks, cloud application programming interfaces and distributed applications, responsible for collecting, transmitting, and processing IT and OT system data. Sound familiar?
As is commonplace within the Threat Landscape and IT/OT convergence being a relatively new paradigm shift, hackers are specifically targeting environments for whom security weaknesses are likely to be commonplace such as manufacturing, healthcare, energy and utilities. Attackers are leveraging production network vulnerabilities to gain access to corporate networks and vice versa. Increasingly we are recognising a similar approach into environments which would not typically be associated with significant use of Operational Technology. A corporate HQ with smart building infrastructure for example and recent attacks have taken advantage of the ability to move laterally from IoT within BMS and HVAC and even PoS entry points.
4. Zero Trust
Zero Trust is essential to many security strategies in the modern world, where trust should no longer be granted implicitly to users, applications or systems based solely on some property about them. For example, we should not simply trust that something is genuine only because they have the correct credentials. As we are moving towards adopting hybrid cloud environments, as well as hybrid (remote) working for our employees, traditional perimeter-based security approaches are not sufficient. Trust has become more variegated and the fundamental concepts of human trust is inherently flawed in the digital world. In Zero Trust, the core tagline is “Never Trust, Always Verify”. We should adapt to changes holistically: continually verifying, ensuring least privilege access and always assume that attackers are in our networks. This allows us to reduce the impact and chance of more unique attack surfaces and enhance our overall security posture in dynamic threat landscapes.
5. Third Party Risks
With the rise of Industry 4.0 and evolving digital landscapes, it is imperative for us to consider third-party risks. We are increasingly relying on external vendors and partners to improve our service offerings and diversity, but this inherently carries the potential for cybersecurity, operational and compliance risks that can impact business operations. By conducting thorough due diligence to assess the security practices and resilience of our third-party partners, we can ensure that robust practices are adhered to in order to protect our businesses. Aside from just ourselves, by considering third-party risks, we can fulfill regulatory and compliance obligations, instill confidence in our customers and contribute to business continuity and resilience in a holistic manner.
Microsoft security division’s significant growth, now a $20 billion per year business, reflects its commitment and effectiveness in cybersecurity. With even the most hardened of security professionals recognising the effectiveness and quality of the Microsoft security portfolio.
In 2024, Microsoft’s security solutions will continue to stand out for businesses due to their advanced AI integration for real-time threat analysis and insights. The company emphasises comprehensive endpoint protection, crucial in a landscape where many attacks originate from unmanaged devices. Innovative software development practices with a focus on security, robust identity protection measures against sophisticated attacks, and efficient vulnerability response, especially for cloud vulnerabilities, are key aspects. Microsoft’s holistic approach to cybersecurity, leveraging its global scale and experience, makes its solutions particularly effective against a diverse range of sophisticated cyber threats.
Their focus on AI-driven Zero Trust security, the integration of key security solutions across a diverse vendor portfolio, its financial growth and commitment in the security sector, bundling a comprehensive range of security products, and labour saving automation have continued to make it an increasingly preferred choice.
And whilst we’re looking forward what can we expect beyond 2024?
The two biggest challenges facing us are:
The evolution of polymorphic and AI based malware.
This malware learns in real-time, adapting as we defend against it. This requires our defenders to adapt and respond at the same pace, which means the deployment of AI across our security architecture.
To effectively secure our non-IT Systems.
With 70% of Ransomware attacks targeting Manufacturing in the last year, the threat actors are just getting warmed up for full scale assaults on our critical national infrastructure, healthcare, transport, and smart building estates. It’s hard to think of a business which isn’t reliant on some form of Operational Technology. As described earlier, there are the obvious manufacturing, healthcare, energy and utilities of course; but who isn’t using a lift in their office, or a data centre (cloud or otherwise)? And if you don’t, is your supply chain? Or your customers?
The good news is that there are lower cost solutions to undertake discovery, vulnerability assessment and anomaly detection for Operational Technology coming to market in 2024. Security service providers are deploying AI and LLMs into their offerings at pace and at scale to combat the new threats. Defence has always involved thinking like the attacker and now we are teaching our automation to act like the attackers too.
Good news for already overworked CISOs.
If you are interested in finding out more about our cybersecurity solutions, contact us here.