Cybersecurity is headed for a subtle, but important, evolution
Review the current cybersecurity trends and learn how these risks are becoming more complex.
At first glance, the state of cybersecurity hardly seems particularly new as we enter 2023: Threat actors are still using the same kind of ransomware vectors to attack, and we’re still talking about the same need for education and controls. But look beneath the surface, and it quickly becomes evident that targeted companies are facing greater incident complexity than ever before. For organizations looking to stay on top of this evolution, here are some trends our cyber services team members are closely monitoring.
In the U.S., there is greater incident complexity, including a rise in class actions and a shift in the way threat actors use stolen data.
It’s no longer just about locking people out of files — cyber extortion with data exfiltration is also driving class actions in the U.S. Threat actors don’t need to manipulate data; they can just steal and distribute. They’ve also made accessing this data easier; traditionally available only on the dark web, stolen data is now searchable on publicly accessible websites.
With concerns about data now spurring plaintiffs to action, U.S. class actions have ticked up — at much smaller notified populations — and will continue to do so. Plaintiffs have started filing data breach class actions for significantly smaller potential class sizes. While this is less of an issue elsewhere in the world, global companies must be aware of this trend and its potential impact on their U.S. operations.
Another emerging trend in the U.S. is the filing of multiple class actions by different plaintiffs’ counsel for the same breach. This is driving up attorneys’ fees for settlements, and as more new plaintiffs’ attorneys enter the data breach class action space, it can be harder to settle.
Organizations must get smarter about educating employees to spot fraudulent instruction tactics, for example, spoofed emails or domain names.
Current trends indicate that fraudulent instruction is a prevalent issue to watch. This trend continues to be higher than we would expect it to be, especially when it comes to small businesses. Risk management behavior will be key to stemming this tide. It can’t simply be the job of a cyber-services team or an IT team to deal with the potential for a breach. Everyone must be involved.
Organizations of all sizes need to take a proactive approach to reduce these risks, including establishing processes to verify payment requests, continuously training employees, improving logging practices, and investing in identity and access management.
As threat actors bring new sophistication to their techniques, companies can no longer count on the default configuration of off-the-shelf IT solutions and tools like PaaS or SaaS.
Technology providers respond to changes in the threat landscape by frequently adding or enhancing security functionalities, but those features are often not turned on by default. Organizations must stay on top of security enhancements in the products they use, so they can enable and properly configure these security features. If users just stick with the default configuration, they will be left unprotected.
The success or failure of a threat actor comes down to security hygiene. If an organization makes it harder for threat actors at every step, they might eventually give up and move on to target less-protected victims. At a minimum, organizations should have basic controls in place to block commonly used initial attack vectors, including phishing, stolen credentials, and other exposed vulnerabilities. After this important first step, robust controls that lessen privilege escalation, lateral movement, and exfiltration are ideal.
Watch for social engineering and spear phishing, bypassing MFA, targeting managed service providers, and compromising cloud environments to emerge as areas of vulnerability.
Threat actors are accelerating the use of techniques that gained traction in 2022, among them multifactor authentication (MFA) bypass and exploitation of MFA fatigue. Reorienting the way employees are trained around this type of evolved risk, explaining “we know this is burdensome but here’s why it’s important” may be helpful. On the technical side, organizations must adjust configurations to make MFA solutions more secure.
With 45% of incidents now cloud-based, we are also seeing more compromise of cloud environments. Organizations can’t simply assume their cloud services provider is handling their cloud environment securely. Minimum security requirements should be established, used when vetting managed service providers and included in contracts.
Forewarned is forearmed.
From tactics to consequences, cybersecurity is undergoing a subtle but important evolution, and organizations must be prepared. As bad actors continue to identify and exploit vulnerabilities, the tools many organizations count on are not sufficient by default anymore, nor are the same instructions given to team for years. In the event of a breach, your organization’s vulnerabilities are greater than ever, and the costs could be higher. Proactive policies and procedures are essential when it comes to protecting your organization today against yesterday’s risks in tomorrow’s cyber world.
Russ Cohen is head of U.S. cyber services for Beazley.
Opinions expressed here are the author’s own.
Related: