Advancing the frontlines: The new era of cyber security
Cyber security in 2024 and beyond is set to encounter more of the same threats and challenges that have plagued the industry since the advent of ubiquitous internet connectivity – but better (or worse), with greater frequency, ingenuity and malevolence on the part of cyber criminals.
That’s the view of Mohamed Osman, Mint Group Head of MSP, who says the best chance organisations have to counter this will be to adopt three key strategies: Focusing on security basics but with greater intensity and diligence than ever before; making cyber security an integral part of the business rather than a peripheral operation; and promoting and enabling real-time collaboration between businesses, including the sharing of cyber security intelligence such as reports and warnings of threats and attacks.
“The days when cyber security was focused on protecting individual devices from viruses and malware are long gone. In addition, while perimeter protection remains important, this is only one part of a multidirectional approach, which includes data protection, identity management and privacy concerns,” he explains.
Osman points out that the acceleration of digital transformation during the COVID-19 pandemic exposed businesses to a host of cyber security challenges which, although they were not entirely new, became considerably more pervasive. Many organisations were taken by surprise at just how rapidly cyber attackers adapted to exploit the vulnerabilities that arose in the hastily established remote work environment, with a significant increase in phishing, malware and ransomware attacks.
The need to protect apps, as well as identity, data and devices, became increasingly urgent, and yet the environment is changing.
Nevertheless, the nature of the attacks themselves remains depressingly familiar:
- Ransomware attacks: These have become increasingly prevalent. Because of the risk of data being held hostage by attackers, as well as the reputational damage facing the targeted organisation, most victim organisations pay the attackers. For attackers, it’s easy money with little risk, and so attacks continue.
- Zero-day exploits: The continual discovery and exploitation of software vulnerabilities that can lead to data breaches and system compromises before the vulnerabilities have been identified or rectified.
- Social engineering: Closely aligned to phishing, it’s the method used by cyber criminals through the manipulation of targeted texts or e-mails to get the recipients to give up personal information, which can then be exploited to gain unauthorised access to the individual’s personal accounts – or the corporate network.
And now there’s artificial intelligence and machine learning, which is pushing cyber security to a whole new level.
“AI is a double-edged sword in the cyber security arena,” Osman says.
On the one hand, AI is enabling cyber security to become more proactive. Instead of focusing on how to stop an attack that is already well under way on a device, AI enables the proactive identification of threats and a real-time response.
“Instead of wondering whether an attack is taking place, the AI algorithms will analyse the logs and the data sets, and detect anomalies and patterns that could indicate an attack, and determine if a single device or identity is being targeted. This gives us time to go in and determine whether a breach has occurred and take early, appropriate action. If a breach has not occurred, there will be time to strengthen defences against the attack,” Osman explains.
On the other hand, cyber criminals also have access to AI – and have been quick to exploit its capabilities for their own purposes.
“The malicious use of AI for cyber attacks is on the rise. One of the main trends we are likely to see this year and going forward is the use of chatbots like ChatGPT, virtual agents and bots to make malicious attacks far more sophisticated. Gone will be the poor grammar and spelling that made many phishing e-mails relatively easy to identify,” he says.
“How we deal with these threats is going to require ongoing vigilance and ingenuity. We will win some battles – and we will lose others. Essentially, though, we must ensure that we continue to do the basics – but far better than we have done in the past.”
For example, the only way to decrease or limit the impact of zero-day threats is to update and patch software systems as soon as vulnerabilities are identified. However, where a vendor has not yet released such patches, it is imperative to follow the vendor's manual remediation steps until such time that a patch is available. This is time-consuming but a far greater measure to protect your systems and data than leaving vulnerabilities unaddressed.
Additionally, incorporating security orchestration, automation and response (SOAR) solutions, along with intrusion detection systems (IDS) and intrusion prevention systems (IPS), can further enhance your organisation's ability to detect, respond to and mitigate the impact of zero-day threats in a more automated and efficient manner.
Then there’s employee education and cyber security training. This is essential to help protect the organisation against malware, ransomware and phishing attacks.
“It’s essential to implement a zero-trust model, particularly with the rise in AI-based attacks. Employees must be educated to understand that even the most innocent request could conceal malicious intent. At the same time, cyber security policies and procedures must be regularly updated – and these updates relayed to all employees for immediate adoption and implementation, while reminding them of the basics, Don't click on a file in an e-mail if you don't know what it is. Don't take a USB from anywhere and plug it into your laptop, whether it's at home or the office, because with working from home, anything on that USB is easily transferable to an enterprise network. Implement multi-factor authentication (MFA), don’t use guessable passwords, and move away from service accounts, which is a single point of failure to a more modern approach using managed service accounts,” Osman says.
Finally, he believes collaborating with threat intelligence networks can make a significant difference in the war on cyber crime.
In addition, the establishment of security-focused forums in which different organisations – including competitors – come together regularly to share intelligence, could make a difference.
“When we act in silos, we enable cyber criminals to perpetrate the same types of attacks over and over again. Working together, we have a better chance of identifying and thwarting new risks and attacks,” Osman concludes.