SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

The challenges in maintaining effective cybersecurity

Tue, 18th Jun 2024

An expected rapid increase in ransomware attacks and the exploitation of zero-day vulnerabilities by cybercriminals is likely to make 2024 the most challenging year yet for IT security teams.

Around the world, organisations of all sizes are facing increasingly sophisticated attacks and many are finding that their defences are providing insufficient protection.
According to Check Point's 2024 Cyber Security Report, last year there were more than 5000 public extorted victims reported around the world. This represented an alarming 90% increase from the previous year.

The report found several of the largest ransomware attacks that occurred during 2023 involved the use of zero-day vulnerabilities. Details of these vulnerabilities are purchased by cybercriminals on the dark web and used before protective patching can be undertaken by targeted organisations.

An expanding attack surface
The next 12 months are also likely to see growing numbers of exploits aimed at edge devices. With remote and hybrid working now common, larger numbers of staff are working outside their organisation's protective firewall, making them easier to target.  Indeed, while working remotely and connected to their organisation's network with access to sensitive data and financial records, their devices are often not covered by the organisation's defences, allowing, in turn, unprotected access by criminals. 

Research shows cybercriminals are attacking edge devices either as part of a sophisticated exfiltration infrastructure or as entry points to an organisation's broader IT infrastructure. In some cases, compromised edge devices are being used to construct bot nets that are used to launch denial-of-service attacks.

Unless they are patched in a timely manner and constantly monitored, edge devices will remain a security blind spot for many organisations. This needs to be taken into consideration when IT defences are being reviewed.

The challenge of cloud security
An ongoing increase in the use of cloud-based platforms and resources is also contributing to the overall rise in cyberattacks.  The Check Point 2024 Cloud Security Report exposed a critical surge in cloud security incidents, marking a significant increase from 24% in 2023 to 61% in 2024 (a 154% increase), highlighting the escalating complexity and frequency of cloud threats.

At the same time, the survey found that while most organisations continue to prioritise threat detection and monitoring, focusing on known vulnerabilities and patterns of malicious behaviour, only a mere 21% emphasise prevention. This is particularly alarming as companies struggle to keep pace with rapid technological advancements. All this despite growing numbers of organisations adopting multi-factor authentication (MFA) to increase security.

Cybercriminals have developed strategies to circumvent MFA. These include exploiting stolen access tokens from already authenticated sessions. Rather than using traditional man-in-the-middle tactics, the majority of recent attacks have involved recovering tokens directly from third-party or cloud service providers.

In some cases, cybercriminals are also targeting cloud-based collaboration platforms, such as Microsoft Teams to undertake social engineering campaigns. The aim is to trick staff into revealing their security credentials, thereby allowing the attacker to gain access to IT resources. 

Meeting regulatory obligations may not be enough
Many organisations have worked hard in recent years to make themselves compliant with regulatory requirements around their levels of cyber security protection. However, while this is to be encouraged, those organisations also must remember that they could still fall victim to a cyberattack.

Being compliant with regulations such as APRA's CPS 234 or the CI SOCI Act cybersecurity requirements is certainly a good step, however organisations also need to have plans and processes in place that will be followed if an attack is successful. Failing to do this can result in significant disruption and potential financial losses.

These plans and processes also need to be tested on a regular basis. All staff need to understand their role should an attack take place, and the steps that will need to be followed in its wake to minimise disruption.

Unfortunately, some senior management teams fail to recognise that cyber risks remain despite the compliance efforts they have undertaken as cyberattacks become more sophisticated in nature. They believe that following a 'tick-the-box' procedure will close any gaps in protection and thwart any cybercriminal attempts to gain access.

Yet high-profile breaches, such as those that occurred at Medibank, Latitude and DP World, show that this is not correct. As a result, companies still need to be ever vigilant and will need to continue to invest in resources and training as well as work closely with their third-party suppliers to ensure a robust cyber security posture is in place and maintained at all times.

Generative AI provides new threat concerns and opportunities

Today, businesses are also now standing on the brink of a transformative era powered by generative AI.  While AI can help businesses do things better and faster at scale, it's also force multiplier for the attackers too.  Nefarious players can test and operate much more efficiently, and as a result, they can create super-targeted campaigns, including phishing, deep fakes to compromise a business or ways to assess an enterprise's defences.   However, AI can also provide a beacon of hope, revolutionising the way we prevent, detect, and respond to cyber threats.  Indeed, AI-powered solutions can offer unparalleled capabilities in threat detection and mitigation, empowering businesses to stay one step ahead of adversaries.

The need for ongoing monitoring
During 2024, it will be important for organisations to constantly monitor and review their cyber security measures to ensure they continue to provide the best possible prevention-first protection in what is a constantly evolving threat landscape.

Many should also consider adopting a Zero Trust strategy to add an additional layer of protection. Zero Trust ensures that only authorised parties can access systems and data and only after confirming their identity.

During 2024, organisations must also carefully examine the security tools they have in place and determine whether they contain any known vulnerabilities. If this is found to be the case, those tools should be immediately patched, updated or replaced accordingly.

At the same time, by adopting a consolidated security architecture and platform and enhancing collaborative security operations, businesses can pre-emptively tackle emerging threats, ensuring a more secure and resilient cloud environment.

Finally, forward-looking organisations should review the way new security tools are assessed and tested. Whilst reports from industry analyst firms can be consulted, for a more detailed, factual approach, cyber alerts and advisories such as the ASD cyber.gov.au should be considered.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X