Cybersecurity threats are evolving. Are you keeping up?
Microsoft’s latest Digital Defense Report states that individuals and companies now face 600 million digital attacks daily. Expected to cost the world over $12 trillion this year alone, according to market research Forrester, cybersecurity threats persists as a major concern for IT leaders. Those numbers don’t account for the AI tools that can launch system attacks, or the organized cybercrime networks that bring together different groups of ne’er-do-wells. With hundreds of new threats appearing every minute according to cybersecurity software provider McAfee, it’s more important than ever for IT pros to be aware of how to spot, prevent and respond to digital dangers effectively in turn.
Per IT services provider PurpleSec, the average cost of a ransomware attack is now upwards of $5 million. If you work in cybersecurity, the practice is no longer so much about stopping hackers from gaining access to your networks. Rather, it’s about dealing with a complex ecosystem of threat actors who are committed to launching constantly-changing forms of attacks that can cripple a business in seconds.
From convoluted ransomware-as-a-service intrusions to advanced AI-powered phishing scams, staying current with the landscape of cybersecurity threats is critical for keeping your business and its sensitive data secure.
The new shape of ransomware and service-based attacks
Ransomware attacks are becoming increasingly sophisticated. On the one hand, criminals continue to invent and capitalize on increasingly creative ways to break into a system, encrypt your files, and demand a ransom before they’ll unlock access. More pressingly, IT pros are now seeing a marked shift among cybercriminals towards the use of off-the-shelf ransomware-as-a-service (RaaS) solutions that are driving a huge jump in attack volume and frequency.
These templated tools allow even those with minimal technical skills to target and launch sophisticated ransomware attacks. They come with everything a dubious actor needs to infiltrate your company’s network, take its files hostage, and demand a bounty to decrypt them
How you can respond
- Use smart defense tools: Invest in advanced cybersecurity software suites that continually scan for unusual behavior like file encryptions or transfers and prevent or shut down digital attacks before they escalate. Options include solutions like ExtraHop’s network detection and response (NDR) tools, Splunk’s security information and event management (SIEM) monitoring suite, and Fortinet’s Secure Access Service Edge solutions. Always-on, AI-powered solutions offer the most protection because they can intelligently establish and identify baseline states for network accounts and activities, spot suspicious behaviors, and proactively stop threats.
- Make regular backups: Actively make a point to archive any files, data and systems that you use frequently, and store those backups in a secure location. You’ll also want to routinely test the integrity of these archives and any associated restoration processes to make sure that everything functions as planned. Providers like Rubrik, Microsoft Azure, and Cohesity can assist in efforts to maintain operating archives and patch any holes in your security systems that you encounter.
- Conduct routine user training: Educate team members across your organization on how to get better at identifying possible phishing attempts and how to spot concerning behavior on your networks (suspicious network activity, errors, file names, etc.). Run simulated cyberattacks to test and enhance colleagues’ skills, encourage coworkers to embrace multi-factor authentication and establish formal reporting and response procedures if problems are encountered.
The future of phishing, social engineering and con artistry
The practice of phishing, social engineering, or otherwise conning someone into parting with sensitive information is as old as computing itself. Advanced AI and deepfake tools now allow cybercriminals to impersonate both people and companies with uncanny accuracy. Now, almost anyone can generate hyper-realistic phishing emails, videos, or even entire websites that mimic the language, tone, and writing style of a known colleague, client, or trusted entity.
Certain programs can even analyze targets’ social media accounts to learn their preferences, contacts and behavioral cues, and then tailor phishing attempts based on prompts that the target is most likely to respond to. As deepfake videos, voice cloning solutions, and AI agents (lifelike virtual assistants capable of making decisions autonomously) become more commonplace, we’ll soon see phishing attempts that are practically indistinguishable from legitimate communication.
How you can respond
- Deploy and use multi-factor authentication (MFA): Instituting MFA safeguards (authenticator apps, one-time use email codes, security questions, etc.) should be your first line of defense. Even if an attacker does manage to steal someone’s login credentials, multiple layers of failsafes can help prevent unauthorized access. Providers like Okta, Ping Identity and RSA can help.
- Run hands-on simulations: Employ routine hands-on tests and simulations within your organization that allow employees to role-play their way through real world scenarios and learn through hands-on activity how to spot a fake email or website. As you test their skills, you can update and improve your strategies for dealing with incidents.
- Leverage AI-based safeguards: Implement smart software tools such as those provided by Graphus, Mimecast, and Cofense across your email and VoIP networks. Such AI-powered solutions use advanced behavioral analysis tools and predictive technology to detect and filter out phishing attempts before they reach anyone’s extension or inbox. Automated tools can leverage millions of data points to spot suspicious patterns and learn over time to get smarter.
Supply chain attacks
When your supply chain consists of an extensive network of suppliers, parts and providers working together, its digital defenses are only as strong as their weakest link. As such, cybercriminals are increasingly targeting not just your business directly, but also the third-party vendors, service providers, or software tools that your business relies on.
Under this scenario, criminals might infiltrate a trusted partner’s system to gain access to your network. Or they could exploit a vulnerability in your IT infrastructure’s toolset, cloud network or an online application. These types of issues are generally hard to detect because the attacker is operating tangentially, and within the trusted boundaries of your network.
How you can respond
- Vet your vendors: Do thorough security assessments of all third-party vendors and service providers, including reviewing the policies, people and practices that each supplier employs. Make sure that providers adhere to and stay current with your cybersecurity practices and standards as well.
- Segment your network: Design your IT infrastructure in modular fashion. By cordoning off each into fixed zones, you can better isolate critical systems, apps and sources of data from other parts of your network. That helps reduce the risk of concerns spreading in case an attacker gains access through an outside vendor or otherwise.
- Adopt zero trust architecture: Embrace a zero trust security model and approach to thinking, which effectively encourages you to verify every user, device, and application, regardless of whether they are situated inside or outside the network. Technology providers like Crowdstrike, Darktrace and IBM offer numerous verification and authentication tools that can help. You’ll want to look for AI-powered applications that can not only operate 24/7 and actively scan for threats. You’ll also want to pick automated tools that can ingest activity, network and application logs to establish baselines for what constitutes normal system, application and network behavior – then spot and stop any anomalies.
Advanced persistent threats (APTs)
Advanced persistent threats may be state-sponsored, or the work of organized crime groups, and they’re some of the most sophisticated and stealthy forms of cyberattack that you may encounter. They’re designed to be slow, subtle and methodical to avoid detection. The goal is to infiltrate a system (usually through social engineering or exploiting one or more vulnerable endpoints) and then remain undetected, poking around for months or years. During this time, cybercriminals quietly work to compromise your systems, subvert functionality and slowly steal sensitive data.
How you can respond
- Leverage strong endpoint protection: Use endpoint security solutions from providers like IBM Security, Sophos and Symantec can help you encrypt endpoints and data. Such tools constantly monitor for and detect unusual activity, and can flag, quarantine or shut down any potential threats before they escalate.
- Keep your systems and software current: Automatically and regularly patch and update your systems and software, run vulnerability assessments, and engage in penetration testing to proactively identify and address any weaknesses. Tools such as NinjaOne’s Patch Management and Automox’s online patching platform can help your applications stay up to date.
- Incident response planning: Institute and routinely test out a coordinated incident response plan, then revise it as needed based on results.
Risk associated with remote and hybrid work
The shift to cloud and hybrid services in recent years has increased the range of vulnerabilities that cybersecurity pros must defend. Remote work has also introduced the possibility for added vulnerabilities like network misconfigurations, haphazard security protocols and weak access controls that expose your company’s data. With more than 97% of employees now using the same devices for work and personal activities according to CyberArk, cybercriminals have a larger selection of potential entry points they can exploit if you don’t properly secure them.
How you can respond
- Harden your cybersecurity defenses: Use AI-powered and automated tools such as Palo Alto Networks’ Prisma AIRS and Trellix’s security platform to continuously monitor and assess your cloud security setups, apps and configurations. These solutions can leverage predictive tech to anticipate threats and monitor IT assets at a speed and scale that traditional solutions can’t match. Using them you can set monitoring programs to detect abnormal traffic patterns from connected accounts and devices.
- Employ strong encryption: Be certain that any sensitive data is encrypted both in transit and at rest, regardless of wherever this information resides in the cloud.
- Actively manage devices: Implement a company-wide system for managing and securing your firm’s connected devices, and make sure that they’re kept up to date with the latest security upgrades and patches.
Defending against a world of new IT challenges
The shape of modern security threats is only becoming more sophisticated, more intelligent and (unfortunately) more difficult to detect going forward. For IT leaders, employing smart security practices and governance policies coupled with AI and automation tools can help you fight back.
The trick to staying one step ahead of digital dangers isn’t just about applying the most effective technologies where possible. It’s also about making cybersecurity everyone’s responsibility, and adopting a comprehensive, layered approach to learning, growing and adapting over time.
By regularly taking time to simulate and role-play your way through real-world scenarios, updating your software and security policies, and regularly retraining your staff, defending an organization is doable. The more you do, the better equipped you’ll be to deal with whatever IT concerns that tomorrow brings.
