The Increasing Sophistication of Cyber Criminals

The digital age has brought undeniable benefits, enhanced communications and connectivity, unprecedented access to information and increased efficiency and productivity, to name a few. It has also opened a Pandora's box of security challenges such as nation-state and organized crime exploitation of cybersecurity vulnerabilities, sextortion, romance fraud and of course ransomware. Cyberattacks are no longer the realm of script-kiddies; today's threat actors are cunning adversaries wielding an ever-more sophisticated arsenal. This rise in complexity demands an ever shifting of cybersecurity defensive strategy.

There is no denying the sheer volume of cyberattacks is on the rise. According to Check Point Research, global cyberattacks per week on corporate networks saw a staggering 38% increase in 2022 compared to the previous year [1]. But beyond the sheer numbers, it is the growing sophistication that creates an ever increasingly complex cybersecurity estate.

Here is a glimpse into how cyberattacks are becoming more intricate:

• Evolving Tactics: Attackers are constantly innovating. Phishing emails, once easily identifiable, now mimic legitimate sources with near-perfect precision, making them more believable and dangerous [2], which segways nicely into the second bullet point.
• AI and Automation: Cybercriminals are leveraging artificial intelligence (AI) and machine learning (ML) to automate tasks, identify vulnerabilities, and personalize attacks, making them more targeted and impactful [3].
• Supply Chain Attacks: Cyber criminals are increasingly targeting industry supply chains, compromising legitimate suppliers to gain access to unsuspecting users' systems [4].
• Internet of Things (IoT) Infiltration: The proliferation of internet-connected devices (IoT) creates a vast attack surface. Insecure IoT devices can become an attack and intelligence platform into a network(s).

These are just a few examples of the ever-growing list of challenges being created by increasingly sophisticated attacks. The implications can be severe or even fatal for businesses. Businesses face not only financial losses but also reputational damage and operational disruptions. [5] Critical infrastructure, such as healthcare, financial, energy, transportation, and communications, is also increasingly vulnerable.

How do we combat this rising tide of sophisticated cyberattacks?

• Get the Basics Right First: Having an endless array of the latest technology will do little good if you do not have your policies, processes, and procedures, evaluated, trained and in working order.
• Zero Trust Security: This is a security model that emphasizes the principle of "never trust, always verify."? Unlike the now antiquated Defence in Depth which focuses on layered defences, Zero Trust assumes all users and devices are potential threats and requires continuous verification before granting access to resources.
• Security Awareness Training: Empowering employees to identify and avoid phishing attempts and other social engineering tactics is a vital line of defence. This is greatly enhanced by a no blame culture.
• Continuous Monitoring: Security teams need to constantly monitor systems for suspicious activity and have incident response plans in place. This loops back to training, as all levels of the business must understand their role in an incident and have practiced it.
• Investing in Security Technologies: Staying ahead of the curve requires utilizing current security solutions, including AI-powered threat detection and endpoint security tools.
• Cut out the Deadwood: In cybersecurity, technical debt is fatal. The estate must be current enough to be maintained, an unpatched hull is a sinking ship.
• Collaboration is Key: Information sharing between businesses, government agencies, and cybersecurity experts is essential to tracking and tackling emerging threats and develop effective countermeasures.

The fight against cyber enabled fraud is a marathon, not a sprint. By acknowledging the increasing sophistication of cyberattacks and implementing robust defences, organizations can build resilience and protect themselves in this ever-evolving threat landscape.

Citations:

[1] Check Point Research. (2023, January 5). Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks. https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/ [2] Microsoft. (2020, September 29). Microsoft report shows increasing sophistication of cyber threats. https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/ [3] IBM Security. (2023, July 18). IBM X-Force Threat Intelligence Index 2023. https://www.ibm.com/reports/threat-intelligence [4] Crowdstrike. (2023, April 12). Supply Chain Attacks: A Growing Threat Landscape. https://www.crowdstrike.com/cybersecurity-101/cyberattacks/supply-chain-attacks/ [5] Harvard Business Review. (2023, May 4). The Devastating Business Impacts of a Cyber Breach. https://cybersecurityventures.com/60-percent-of-small-companies-close-within-6-months-of-being-hacked/