The good news? Cybersecurity is witnessing a steady evolution. Organizations across EMEA are sharpening their abilities to detect and respond to cyber attacks. In 2023, ransomware intrusions in EMEA were detected in just 8 days, a substantial improvement from the 33 days it took in 2022.
Which, unfortunately, brings us to the bad news: cybercriminals are also evolving. Hacker groups, once characterized by disparate individuals operating from basements, have transformed into highly sophisticated and well-funded organizations. Their tactics, techniques, and procedures (TTPs) are evolving at a rate which now presents a formidable challenge to traditional security measures.
The group takedowns we’ve seen in recent months by international authorities have underscored the strides made in knowledge-sharing and cooperation between countries and law enforcement. However, this case also lays bare the agility of cybercriminals, who can promptly reassemble and reappear elsewhere.
It’s therefore vital that organizations are also continually evolving, building a robust cybersecurity posture to protect themselves from this increasingly sophisticated threat landscape.
Managing Director for Mandiant Consulting EMEA at Google Cloud.
Proactive threat detection through technology
Evolving threats means pressure is increasing on cybersecurity teams to keep pace. Proactivity is more vital than ever.
Threats range from exploits to ransomware, custom malware to sophisticated phishing scams. All of which are on the rise. This year, exploits continued to dominate as the top method of intrusion, closely followed by phishing campaigns. The substantial commitment of time and resources towards uncovering these vulnerabilities underscores their undeniable value to threat actors. This emphasizes the need for organizations to regularly reassess and fine-tune their defense strategies.
Proactive detection should be undertaken to root out any potential hidden breaches within a network. Investigations could include proactive scanning of devices, reviewing network logs and applying malware signatures to appliance images.
One area of cybersecurity where Gen AI holds huge potential is in proactive threat hunting. Mandiant Red Teams have been leveraging Gen AI to assist in the development of custom tooling and enhance their understanding of various platforms and their security aspects. Organizations can utilize red teams to simulate realistic attack scenarios and help improve the overall security of their environments.
Building a cyber-aware culture
The uncomfortable truth is that all organizations are at risk of attack. Mandiant tracks more than 4,000 threat groups, 719 of which were newly tracked in 2023, as well as 626 new malware families.
However, those with especially sensitive data are even more attractive to attackers. In the past year, Mandiant were called to respond to intrusions most commonly at financial services organizations (17.3%), business and professional services (13.3%), high tech (12.4%), retail and hospitality (8.6%), healthcare (8.1%), and government (8.1%).
It’s clear why – the data from these sources is worth more to threat actors, and so they are more vulnerable to targeting.
Creating a cyber-aware culture can help to protect sensitive information by limiting the risk of a breach. It’s getting increasingly common that attackers exploit trusted relationships and communications using techniques such as conversation hijacking, or by masquerading as internal users. Teaching staff what signs to watch for provides a basic, but important, layer of cybersecurity.
Especially when considering that stolen credentials - which pose a serious security risk to organizations - were the fourth most notable initial intrusion vector in 2023. Though there’s evidence that education works. In 2023, 10% of intrusions began with evidence of stolen credentials, compared to 14% observed in 2022.
Enhancing preparedness
We’ve seen notable improvements in dwell time over the past few years. Dwell time describes the number of days an attacker is on a system from compromise to detection, and in 2023 the global median dwell time is 10 days, down from 16 days in 2022.
This is a testament to how proactive cybersecurity can limit the harm from a breach. Encouraging this kind of preparedness within teams is key to ensuring that those teams are ready to respond to threats with a robust, organized and clear strategy when the time comes.
Employing tactics such as regular exercises to test security teams, continual reviews of incident response plans, and adopting an attitude of least privilege can ensure that the effects of a cyberattack are limited.
It’s also vital to consider involving teams outside of your cybersecurity experts. Bringing in outside groups such as comms, legal and other relevant teams in tabletop exercises can help to test incident response plans and ensure there is no weak link in your response process.
Implementing positive change
The more prepared a company culture, the better placed it is to respond when the worst happens. It’s a basic - but true - tenet of cybersecurity.
As malicious actors leverage larger resources to create evermore complex and dangerous cyberattacks, it’s vital that organizations keep their fingers on the pulse and respond accordingly. New technologies, regular process reviews and a vigilant, cyber-aware culture will all go some way to protecting sensitive data.
And, as international authorities increasingly start working together, we can build stronger responses to mitigate the formidable challenge at hand.
We've featured the best identity theft protection.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
