The good news? Cybersecurity is constantly evolving. Organizations across EMEA are strengthening their capabilities to detect and respond to cyberattacks. In 2023, ransomware intrusions in EMEA were detected in just 8 days, a substantial improvement from the 33 days needed in 2022.
Which unfortunately brings us to some bad news: cybercriminals are also evolving. Hacker groups, once characterized by disparate individuals operating from underground locations, have transformed into highly sophisticated and well-funded organizations. Their tactics, techniques and procedures (TTP) are evolving at a pace that now poses a formidable challenge to traditional security measures.
The takedowns of groups we have witnessed in recent months by international authorities have highlighted the progress made in knowledge sharing and cooperation between countries and law enforcement. However, this case also exposes the agility of cybercriminals, who can quickly regroup and reappear elsewhere.
It is therefore essential that organizations continually evolve, implementing a robust cybersecurity strategy to protect against this increasingly sophisticated threat landscape.
Managing Director of Mandiant Consulting EMEA at Google Cloud.
Proactive threat detection using technology
Evolving threats mean pressure is increasing on cybersecurity teams to keep pace. Proactivity is more vital than ever.
Threats range from exploits and ransomware to custom malware and sophisticated phishing scams. All of this is on the rise. This year, exploits continued to dominate as the primary intrusion method, followed closely by phishing campaigns. The considerable commitment of time and resources to uncover these vulnerabilities highlights their undeniable value to threat actors. This highlights the need for organizations to regularly reassess and refine their defense strategies.
Proactive detection should be undertaken to eliminate any potential breaches hidden within a network. Investigations may include proactively scanning devices, reviewing network logs, and applying malware signatures to device images.
One area of cybersecurity where AI generation holds enormous potential is proactive threat hunting. Mandiant Red Teams leveraged Gen AI to help them develop custom tools and improve their understanding of various platforms and their security aspects. Organizations can use red teams to simulate realistic attack scenarios and help improve the overall security of their environments.
Building a culture of cyber awareness
The uncomfortable truth is that all organizations are vulnerable to attacks. Mandiant tracks more than 4,000 threat groups, of which 719 were newly detected in 2023, as well as 626 new malware families.
However, those with particularly sensitive data are even more attractive to attackers. Over the past year, Mandiant was called to respond to intrusions most often in financial services (17.3%), business and professional services (13.3%), and high-tech (12%) organizations. .4%), retail and hospitality (8.6%), healthcare (8.1%). %) and the government (8.1%).
The reason is clear: data from these sources is worth more to threat actors, and they are therefore more vulnerable to targeting.
Creating a culture of cybersecurity can help protect sensitive information by limiting the risk of a breach. It is increasingly common for attackers to exploit trusted relationships and communications using techniques such as hijacking conversations or impersonating internal users. Teaching staff what signs to look out for provides a basic but important level of cybersecurity.
Especially considering that stolen credentials – which pose a serious security risk to organizations – were the fourth most notable initial intrusion vector in 2023. Although there is evidence that education works. In 2023, 10% of intrusions began with proof of stolen credentials, compared to 14% observed in 2022.
Improve preparation
We have seen notable improvements in dwell time over the past few years. Downtime describes the number of days an attacker remains on a system from compromise to detection, and in 2023 the global median downtime is 10 days, up from 16 days in 2022.
This is a testament to how proactive cybersecurity can limit the damage caused by a breach. Encouraging this type of preparation within teams is essential to ensure those teams are ready to respond to threats with a solid, organized and clear strategy when the time comes.
Using tactics such as regular exercises to test security teams, ongoing reviews of incident response plans, and adopting a least-privilege attitude can ensure the effects of a cyberattack are limited.
It’s also essential to consider involving teams outside of your cybersecurity experts. Engaging outside groups such as communications, legal, and other relevant teams in simulation exercises can help test incident response plans and ensure there are no weak links in your process response.
Implement positive change
The more prepared a company culture is, the better it is able to respond when the worst happens. This is a fundamental – but true – principle of cybersecurity.
As malicious actors leverage greater resources to create ever more complex and dangerous cyberattacks, it is critical that organizations listen and respond accordingly. New technologies, regular process reviews, and a culture that is vigilant and aware of cyberattacks will go some way to protecting sensitive data.
And, as international authorities begin to work together, we can develop stronger responses to mitigate the formidable challenge that lies ahead.
We have presented the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you’re interested in contributing, find out more here:
