Are our leaders ready to cope with the cybersecurity challenges that will be brought by the accelerated pace of digitization in the years ahead?
Cybersecurity has always had an element of an arms race about it, with this driven to a large extent by the ongoing digital transformation organizations have engaged in over recent years.
With each new technology introduced into the workplace, fresh opportunities have been presented to attackers to break in. This evolving threat has been exacerbated by the changing nature of cybercriminals themselves, who are no longer individual actors or even small and nimble hacking groups but often highly sophisticated organizations that are capable of leveraging tools and capabilities complete with the latest in AI and machine learning technologies.
This has meant that criminals are willing and able to target a much broader spread of companies, with small and medium-sized organizations or government agencies that might previously have believed they could fly under the radar coming under attack.
Upping the pace
Just as the pace of digital transformation is increasing, so too must the investment in cybersecurity. This will involve looking at some of the key areas of cyber threat that will emerge in the years ahead.
One of the key areas of probable development is on-demand access to data platforms. As organizations gain high-speed access to data on everything from our financial transactions to our social media postings to try and better understand our purchasing histories and forecast demand, this creates an ever-expanding database that is often stored on the cloud for easier access.
Given the important role data is playing in the business models of so many businesses today, organizations are making use of technologies such as data lakes to better aggregate information. These huge data repositories are not only increasingly stored on the cloud, but in an attempt to become data-driven, organizations are granting access to a growing number of people, both inside and outside the organization.
Hackers are increasingly looking at this juicy target with relish, with high-profile attacks, such as 2020’s Sunburst attack, showing how attackers are able to infiltrate the software update process to gain access to crucial company data.
The best way to defend against the risks created by on-demand access to data is to establish clear and robust zero-trust capabilities, strong log monitoring, homomorphic encryption, and behavioral analytics so that access to the data is regulated and monitored for unusual activity.
Taking advantage of sophisticated technology
Hacking groups today are also increasingly sophisticated, both in the resources they have available and the methods they’re deploying to attack organizations. This sophistication befits groups that are often multi-billion dollar enterprises complete with the kind of R&D budgets and complex hierarchies seen in legitimate organizations.
As such, it’s increasingly common for hackers to utilize AI and machine learning to significantly shorten the time taken to complete an attack, with these technologies impacting everything from reconnaissance to exploitation. The Emotet malware attack was a good example of a machine-learning-based attack that utilized automated systems to generate a wave of sophisticated phishing emails.
The likes of ransomware-as-a-service have also made the cost of launching a ransomware attack considerably lower than it previously was. The growing maturity of the sector has seen criminal organizations specialize in particular parts of the trade, which has made attacking that much faster and cheaper.
Just as AI is being used by criminal groups, so too can it be used by cybersecurity teams, however. Automation can be extremely effective in developing various defensive capabilities, especially in labor-intensive areas, such as cyber reporting and identity and access management. AI can also help to stay on top of the ever-changing attack patterns.
A losing race?
The talent shortage in the cybersecurity sector is well documented, and the challenges organizations have faced in devoting a sufficient budget to the task during the Covid pandemic have also been well reported. This is not going to get easier as criminal organizations get more sophisticated and the ante is upped.
Similarly, regulatory processes typically grind slowly, so regulators face a seemingly losing battle against a much more nimble and agile opponent in terms of crafting the kinds of regulations that could make a meaningful difference. What regulation is being produced, of course, also creates additional expectations and demands on organizations, so the cybersecurity function is going to have to be beefed up considerably to cope, especially in regulatorily sensitive areas, such as healthcare and financial services, or strategically sensitive areas, such as critical infrastructure services.
This challenging landscape mandates that organizations start to embed security in their technology capabilities as they're designed and built. Areas such as security as code can significantly help organizations to deploy security capabilities effectively and stay clear of any regulatory issues. Similarly, just as ransomware-as-a-service has allowed criminal teams to scale up quickly, there is a growing support infrastructure, especially on the cloud, that gives cybersecurity teams similar agility.
Digital disruption is very much a fact of life for organizations today, with digital transformation occurring as much due to necessity as it is for innovation. This brings with it certain cyber risks that will require organizations to develop security capabilities to ensure this doesn’t leave them unduly vulnerable. This is a relentless challenge and organizations will need to be proactive in tackling it if they want to succeed.
More from Cybernews:
Subscribe to our newsletter