The good news? Cyber security is witnessing a steady evolution. Organizations across EMEA are sharpening their capabilities to detect and respond to cyber attacks. In 2023, ransomware intrusions in EMEA were detected in just 8 days, a significant improvement from the 33 days it took in 2022.
Which unfortunately brings us to the bad news: cybercriminals are also evolving. Hacker groups, once characterized by various individuals operating from basements, have transformed into highly sophisticated and well-funded organizations. Their tactics, techniques and procedures (TTPs) are evolving at a rate that now poses a formidable challenge to traditional security measures.
The group takedowns we’ve seen in recent months by international authorities have underscored the progress made in knowledge sharing and cooperation between countries and law enforcement. However, this case also exposes the agility of cybercriminals, who can quickly regroup and re-emerge elsewhere.
It is therefore critical that organizations also continuously evolve and build a robust cyber security posture to protect themselves against this increasingly sophisticated threat landscape.
Managing Director of Mandiant Consulting EMEA at Google Cloud.
Proactive threat detection through technology
Evolving threats mean the pressure is increasing on cyber security teams to keep up. Proactivity is more important than ever.
Threats range from exploits to ransomware, custom malware to sophisticated phishing scams. As all are progressing. This year, exploits continued to dominate as the top method of intrusion, closely followed by phishing campaigns. The significant commitment of time and resources to uncover these vulnerabilities underscores their undeniable value to threat actors. This underscores the need for organizations to regularly reassess and fine-tune their defense strategies.
Proactive detection should be performed to root out any hidden breaches in a network. Investigations may include proactive scanning of devices, review of network logs, and application of malware signatures to device images.
One area of cyber security where Gen AI holds great potential is proactive threat hunting. Mandiant Red Teams have leveraged Gen AI to help develop custom tools and improve their understanding of different platforms and their security aspects. Organizations can use red teams to simulate realistic attack scenarios and help improve the overall security of their environments.
Building a cyber-aware culture
The uncomfortable truth is that all organizations are at risk of attack. Mandiant tracks more than 4,000 threat groups, of which 719 were recently tracked in 2023, as well as 626 new malware families.
But those with particularly sensitive data are even more attractive to attackers. In the past year, Mandiant was called to respond to intrusions that most often occurred in financial services organizations (17.3%), business and professional services (13.3%), high technology (12.4%), retail and hospitality ( 8.6%), healthcare (8.1%). %) and the state (8.1%).
It’s clear why – data from these sources is more valuable to threat actors and therefore more vulnerable to targeting.
Creating a cyber-aware culture can help protect sensitive information by limiting the risk of a breach. It is becoming increasingly common for attackers to exploit trusted relationships and communications using techniques such as conversation hijacking or impersonating internal users. Teaching staff what signs to look out for provides a basic but important layer of cyber security.
Especially when you consider that stolen credentials – which pose a serious security risk to organizations – were the fourth most notable initial intrusion vector in 2023. Although there is evidence that education works. In 2023, 10% of intrusions began with evidence of stolen credentials, compared to 14% observed in 2022.
Improving preparedness
We have seen remarkable improvements in dwell time over the past few years. Dwell time describes the number of days an attacker is on a system from compromise to detection, and in 2023 the global median dwell time is 10 days, down from 16 days in 2022.
This is a testament to how proactive cyber security can limit the damage from a breach. Encouraging this kind of preparedness in teams is key to ensuring that those teams are ready to respond to threats with a robust, organized and clear strategy when the time comes.
Employing tactics such as regular drills to test security teams, ongoing reviews of incident response plans, and adopting a least-privilege posture can ensure that the effects of a cyber attack are limited.
It’s also important to consider involving teams outside of your cybersecurity experts. Involving external groups such as communications, legal and other relevant teams in tabletop exercises can help test incident response plans and ensure there is no weak link in your response process.
Implementing positive change
The more prepared a company culture is, the better equipped it is to respond when the worst happens. It’s a basic – but true – principle of cyber security.
As malicious actors leverage greater resources to create increasingly complex and dangerous cyberattacks, it is critical that organizations keep their fingers on the pulse and respond accordingly. New technologies, regular process reviews and a vigilant, cyber-aware culture will all go some way to protecting sensitive data.
And as international authorities increasingly begin to work together, we can build stronger responses to mitigate the formidable challenge.
We have presented the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in the tech industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, you can read more here:
