The year is already in full swing, but I keep coming back to the question of the cybersecurity trends organizations will have to brace themselves for this year. Instead of gazing into my own crystal ball, however, I would like to take a look at trends identified by various analysts and experts and the types of cybersecurity attacks enterprises might be facing.
Let's start by taking a look at the identified threats. Across all reports, we see that they can be broken down into five threat types:
What can organizations do to counter these risks? How should businesses navigate the situation? Or are we left defenseless?
No, not at all. We have valuable tools at our disposal and implementing them will definitely pay off. When I say “pay off”, I mean that taking action will contribute to reducing the risks and the damage amounts.
To protect against ransomware attacks, and specifically against human-operated ransomware, enterprises should rely on state-of-the-art EDR/XDR solutions. This also includes verifying that the AI-supported automated attack response functions are enabled. This is indispensable to ensure that an organization will benefit from the latest innovations as well as swiftly respond to an attack, should it occur.
In addition, the systematic implementation of a zero-trust architecture is an important tool for mitigating the effects of malware attacks. Of course, it cannot 100% protect against an attack, but it does protect an organization against potentially catastrophic consequences, such as the full encryption of all their systems. As always, the journey is the reward: zero-trust technologies are constantly evolving, and an organization’s architecture and implementation should be continuously reviewed and further developed.
MFA attacks have increasingly come into focus over the past year. The only way forward, in my view, is to systematically add phishing-resistant MFA components (e.g., number matching procedures and/or Azure AD certificate-based authentication). Even better would be to check if switching to a fully passwordless login procedure is a possibility. And while you are working on this, also verify at the same time that the principle of least privilege is still applied and that privileged accounts, in particular, are protected—for example through just-in-time access as well as dedicated systems for the corresponding administrative tasks (jump servers and/or dedicated secure workstations).
It goes without saying that the exposure to supply chain risks can only be partially mitigated by technical measures. When collaborating across organizational structures, organizations should ensure that their own resources are optimally protected. This begins with simple aspects such as a proper guest user lifecycle management in cloud-based collaboration solutions such as Teams.
In addition, it is best practice for many organizations to monitor vendors—based on their respective cybersecurity risk rating—through governance and compliance requirements as well as vendor security audits (usually based on standardized questionnaires). I believe that this approach is not always ideal. It is a considerable challenge for small companies to properly complete an ISO 27001 questionnaire checklist, and they usually cannot present a comprehensive ISMS policy. I believe it would be better, if large enterprises, who are often also dependent on smaller vendors, would assist them with specific cybersecurity guidelines and their implementation. This could significantly improve supply chain security.
Even large enterprise can affected by the shortage of skilled labor. Therefore, they need to leverage tools that provide the highest possible degree of automation. They should also review, which services really need to be provided in-house and which services can be outsourced to specialized providers.
Last but not least, the question arises, what safeguard CISOs can implement to protect themselves against potential new risks from generative AI (such as those on which ChatGPT is based). On the one hand, we can expect that security providers will gradually incorporate these technologies into their tools. But an organization can also proactively protect themselves by systematically using passwordless authentication to guard against the risk of user name and password attacks as well as attacks on the corresponding MFA tools. In this case, it wouldn’t matter whether or not an attacker adds generative AI components to their password generation tools to make the attack even more efficient and effective, because passwordless authentication completely eliminates the user name/password attack vector.
We see that we definitely are not defenseless against these attack trends. But it is important to take action or, even better, to keep taking action and systematically keep updating security architectures and tools to counter the latest attack trends.
