Five key threats facing cyber teams and how to navigate them

25 September 2023 Consultancy.com.au

Cyber teams face a daunting task. Just as one threat is neutralised and protective measures are put in place, another appears posing different challenges. Michael Bovalino, ANZ Country Manager at LogRhythm, shares how cyber teams can navigate some of the most common threats currently on their plate.

AI-powered threats
During the past 12 months, AI has become arguably the most discussed area of technology within organisations of all sizes. However, when it comes to security, many people are unclear about whether it is a theoretical risk or something that requires urgent attention.

There are three key factors that security teams should consider when it comes to AI-powered cybersecurity threats. The first is how cybercriminals might weaponise the technology to execute more sophisticated attacks.

Five key threats facing cyber teams and how to navigate them

There is little doubt that attackers are already tapping into the power of AI, just as they are already using bots and other forms of automation to accelerate and scale attacks. One example already being seen is the use of AI language models to generate more realistic phishing emails, free of telltale grammar errors and misspellings.

It's clear that AI is a risk area that security teams must take very seriously, however it is important not to do this at the expense of other protective initiatives.

Cloud security threats
The adoption of cloud-based resources and services is now widespread across most industries. While some organisations had early security issues, such as data leakage through unprotected cloud storage containers, most have now increased the sophistication of their security measures.

Despite this, however, cloud security remains far from solved for a number of reasons. One is that multi-cloud environments are becoming more common which makes it difficult to rely solely on cloud provider-specific security tools. Also, many cloud environments have a mix of deployment models, as organisations combine traditional cloud workloads with newer deployment models like containers.

In general, most organisations are approaching cloud security with an appropriate level of urgency. At the same time, it’s important to bring all the various security signals from built-in and third-party cloud security tools together into a unified analytics, detection, and response framework. And as new tools and techniques are added, it’s important to integrate them into this same framework.

Geopolitical threats
Current global tensions are leading to an increase in the number of cyberattacks originating from nation-state actors. Because these attacks target both government and private-sector organisations, it’s critical for security teams to monitor factors such as military actions and economic like sanctions and consider possible responses.

For example, a country targeted by economic sanctions could use these actions as justification for retaliatory cyberattacks targeting the financial sector of its adversary. Similarly, cyberattacks against private-sector transportation, energy, and healthcare infrastructure are a likely by-product of global tensions and conflict.

While nation-states use similar tools and methods as other attackers, adapting security monitoring practices to create a defensive posture when geopolitical cybersecurity threats escalate is vital. Steps should include refining detection methods in response to external threat intelligence.

Ransomware threats
It’s topped the list of concerns for cybersecurity professionals for years, yet the threat of ransomware attack shows no sign of dissipating. As with cloud security, many organisations are now taking a more active approach to prevention and response.

Meanwhile, attackers are also increasing the sophistication of their ransomware tactics. For example, the use of so-called ‘double extortion’. In these attacks, as well as encrypting data, attackers also steal a copy and threaten to make it public unless ransom demands are met.

For these reasons, organisations of all sizes should not let the attention of their security teams wander from the ransomware threat. While the blocking of ransomware delivered via email is now very effective, it is not yet 100% and so constant vigilance is required.

Business email compromise threats
A fifth type of security threat faced by many organisations is business email compromise. These attacks involve a cybercriminal pretending to be a legitimate party requesting payment for an outstanding invoice or a co-worker requesting the transfer of funds.

As with ransomware, continuing to focus on email security practices is a vital protective measure against business email compromise attacks. Increasing security awareness among all staff through regular, formalised training is also recommended.

An evolving landscape

The cyberthreat landscape will continue to evolve as attackers become more sophisticated and make use of rapidly developing tools.

Beyond implementing critical measures like robust password management, threat detection systems, and real-time monitoring for enhanced visibility, a comprehensive cybersecurity strategy should encompass efficient incident response strategies. Prioritising security and safeguarding critical data today requires regular patching, comprehensive backups, and a strong focus on ongoing educational training initiatives.

By adopting these practices, organisations can bolster their defenses, mitigate the risks associated with today’s cyberthreat landscape and reduce the chance of their organisation falling victim.