The good news? Cybersecurity is undergoing constant evolution. Organizations across EMEA are honing their capabilities to detect and respond to cyberattacks. In 2023, ransomware intrusions in EMEA were detected in just 8 days, a substantial improvement from the 33 days it took in 2022.
Which, unfortunately, brings us to the bad news: cybercriminals are also evolving. Hacker groups, once characterized by disparate individuals operating from basements, have transformed into highly sophisticated and well-funded organizations. Their tactics, techniques and procedures (TTPs) are evolving at a pace that now presents a formidable challenge to traditional security measures.
The takedowns of groups we have seen in recent months by international authorities have underlined the progress made in knowledge sharing and cooperation between countries and law enforcement. However, this case also reveals the agility of cybercriminals, who can quickly reconvene and reappear elsewhere.
Therefore, it is vital that organizations also continually evolve, creating a robust cybersecurity posture to protect themselves from this increasingly sophisticated threat landscape.
General Director of Mandiant Consulting EMEA at Google Cloud.
Proactive threat detection through technology
Evolving threats mean pressure is increasing on cybersecurity teams to keep pace. Proactivity is more vital than ever.
Threats range from exploits to ransomware, from custom malware to sophisticated phishing scams. All of which is increasing. This year, exploits continued to dominate as the top intrusion method, closely followed by phishing campaigns. The substantial commitment of time and resources to discovering these vulnerabilities underscores their undeniable value to threat actors. This emphasizes the need for organizations to periodically reevaluate and adjust their defense strategies.
Proactive detection should be performed to eliminate any potential hidden gaps within a network. Investigations could include proactive device scanning, reviewing network logs, and applying malware signatures to device images.
One area of ​​cybersecurity where Generation AI has enormous potential is proactive threat hunting. Mandiant Red teams have been leveraging Gen AI to assist in the development of custom tools and improve their understanding of various platforms and their security aspects. Organizations can use red teaming to simulate realistic attack scenarios and help improve the overall security of their environments.
Building a cyber culture
The uncomfortable truth is that all organizations are at risk of attack. Mandiant tracks more than 4,000 threat groups, 719 of which were recently tracked in 2023, as well as 626 new malware families.
However, those with particularly sensitive data are even more attractive to attackers. Last year, Mandiant was called upon to respond to intrusions most commonly in organizations in financial services (17.3%), business and professional services (13.3%), high technology (12.4%), retail and hospitality ( 8.6%), healthcare (8.1%), and government (8.1%).
It’s clear why: data from these sources has more value to threat actors and is therefore more vulnerable to attacks.
Creating a cyber culture can help protect sensitive information by limiting the risk of a breach. It is increasingly common for attackers to exploit trusted relationships and communications using techniques such as conversation hijacking or posing as internal users. Teaching staff what signs to look out for provides a basic, but important, layer of cybersecurity.
Especially considering that stolen credentials, which pose a serious security risk to organizations, were the fourth most notable initial intrusion vector in 2023. Although there is evidence that education works. In 2023, 10% of intrusions began with evidence of stolen credentials, compared to 14% seen in 2022.
Improve preparation
We have seen notable improvements in dwell time in recent years. Dwell time describes the number of days an attacker remains in a system from compromise to detection, and in 2023 the global average dwell time is 10 days, up from 16 days in 2022.
This is a testament to how proactive cybersecurity can limit the damage caused by a breach. Encouraging this type of preparedness within teams is key to ensuring that those teams are prepared to respond to threats with a solid, organized and clear strategy when the time comes.
Employing tactics such as regular exercises to test security equipment, ongoing reviews of incident response plans, and adopting an attitude of least privilege can ensure that the effects of a cyberattack are limited.
It is also vital to consider the possibility of involving teams other than cybersecurity experts. Involving external groups, such as communications, legal, and other relevant teams, in practical exercises can help test incident response plans and ensure there are no weak links in your response process.
Implementing positive change
The more prepared a company culture is, the better placed it will be to respond when the worst happens. It is a basic, but true, principle of cybersecurity.
As malicious actors leverage greater resources to create increasingly complex and dangerous cyberattacks, it is vital that organizations are aware and respond accordingly. New technologies, regular process reviews, and a vigilant, cyber-aware culture will go some way to protecting sensitive data.
And, as international authorities begin to work increasingly together, we will be able to develop more robust responses to mitigate the formidable challenge before us.
We have presented the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
