The year ahead will be challenging; financial services and insurance are among the most attractive industries to hackers, and phishing and ransomware attacks continue to proliferate.
Cyber hackers have had decades to perfect their craft, and their attacks show no signs of relenting. An underbelly of over 100 software-esque companies design Hacker-as-a-Service and Ransomware-as-a-Service products to challenge the cyber industry complex. These attacks will only become more sophisticated as these underground organizations build their own large language models and incorporate AI.
Experts and cybersecurity leaders at Datos Insights Financial Crime and Cybersecurity Forum agreed that malicious actors are becoming more sophisticated. Many are trending towards evasion techniques like living off the land, i.e., using native system administration tools to compromise emails and exploit money. This lack of detectable malware means that cybercriminals can act in their own time, taking CISOs and risk professionals out of the driver’s seat.
Another factor contributing to attacks like phishing and extortion is a culture of shame that exists in many organizations. Cybersecurity should not be a punitive exercise, and this attitude can disincentivize resources from reporting attacks. What’s more, the responsibility for cyber defense does not rest on employees alone, and the ability for an attack to take down an entire organization with one wrong click is a problematic vulnerability.
Cyber leaders agreed that “defense in depth,” or multiple layers of security response, is crucial heading into 2024. This approach requires foundational pieces such as backups and multifactor authentication, plus monitoring, plus preparation. The goal, as one panelist pointed out, is to be able to take a punch.
Yet, as another panelist noted, the approach of defense in depth is also “expense in depth.” Security organizations need to prioritize where to spend and maximize return on investment, given a limited budget. Simplifying operating environments and building a best-of-breed tool stack are sizeable pieces of the puzzle. Resilience will come from broad coverage, not necessarily one tool or a set of tools that can do it all.
Cyberattacks are becoming easier for malicious actors to execute, which means they are becoming more difficult for cybersecurity teams to get ahead of. To discuss ways to skate ahead of the puck and ready organizations against these threats, feel free to reach out to me at [email protected] or Tari Schreider at [email protected].
