As organizations around the world continue to face an ever-expanding threat landscape, understanding the latest trends in cybersecurity has never been more crucial.
Ahead of Cyber Security & Cloud Expo EuropeBernard Montel, EMEA Technical Director and Security Strategist at Defensiblehighlights the changes in cybersecurity over the past five years and offers valuable insights into the challenges and trends shaping the industry today.
In the face of increasingly sophisticated threats, Montel’s perspectives on risk management, proactive security measures, and the role of emerging technologies like AI in cybersecurity offer valuable guidance for navigating these turbulent waters.
Cloud Tech: How has the cybersecurity landscape evolved over the past five years?
Bernard Montel: The global pandemic has radically changed the way we work, and for some organizations, this transition has happened virtually overnight. Instead of moving into offices or other work locations, we’ve connected to systems and resources remotely.
From a cybersecurity perspective, this has had a huge impact on how we need to think about security:
- The home network, which had never been secure, suddenly became an extension of the corporate network. Home routers were the only way for employees to access resources and dramatically expanded the threat landscape.
- Using virtual private networks (VPNs) and multi-factor authentication (MFA) was the only way to secure these connections.
- As organizations have moved their resources to the cloud, removing the need for VPNs, it has made life easier for remote workers and provided a layer of security for organizations.
If we had to pick out just one change post-pandemic, it would be the acceleration of cloud services (Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), etc.) The cloud has changed the way we work today by removing the need for physical racks of machines, accessible only remotely. It is no longer necessary to be hard-wired to the corporate network to be secure.
Of course, we still have some on-premises solutions deployed and in use. However, the vast majority of organizations operate a hybrid environment, combining a mix of private and public cloud with on-premises resources.
Today’s new normal means that the “castle” represented by the “enterprise network” is now fragmented, making the attack surface larger and more dynamic than ever.
CT: What are the latest trends in cybersecurity?
BM: Ransomware remains the main threat today. The number of attacks suffered by organizations on a daily basis is increasing and breaches are breaking more and more records in terms of the number of files hacked or the volume of data exfiltrated.
Cloud security is another real challenge for all organizations. The shift to cloud resources is forcing security teams to rethink how they manage security. Additionally, cloud-connected IoT devices are expanding the attack surface even further. The traditional perimeter approach, with the endpoint and/or server at the center of security practices, is nearly useless when it comes to serverless microservices and containers.
Identity has come back to the forefront. 25 years ago, we were talking about the challenge of identity management with the beginning of I&AM. The problem is still very much present, but much more complex: federated identities, MFA, Active Directory and EntraID, combined with all the cloud-based identities with AWS, Azure, GCP… the list goes on.
Artificial intelligence is, like any other technology, another area of interest. Attackers are just beginning to understand the capabilities it offers and, as defenders, it is essential that we also determine how to use this technology.
Harness the power and speed of Generative AI With tools like Google Vertex AI, OpenAI GPT-4, LangChain, and more, it’s possible to return new intelligent insights in minutes. This can be used to accelerate cybersecurity research and development cycles, to look for patterns, and explain what’s found in the simplest possible language. Harnessing the power of AI allows security teams to work faster, search faster, analyze faster, and ultimately make decisions faster.
CT: What should organizations keep in mind today when thinking about their security risks?
BM: It is important to keep in mind that in most cases, this is a known vulnerability that allows malicious actors to gain access to the organization’s infrastructure. Once they have gained access, malicious actors will then seek to further infiltrate the organization to steal data, encrypt files, or conduct other nefarious activities.
Non-malicious configuration errors (e.g. basic human errors, from leaving configurations “default” to a developer pushing code through a high-speed DevOps cycle) are human. However, failing to check for these configuration errors leaves the door wide open for attackers.
It’s often assumed that because an organisation is ‘smaller’ it won’t be targeted by attacks. Nothing could be further from the truth. While it’s usually the big names that grab the headlines, increasingly smaller organisations are also being targeted as malicious actors realise they are part of the supply chain and often open the door, given their interconnected working practices, to larger companies.
Ten years ago, a ransomware attack was very obvious. The computer would be locked and a ransomware request would appear on the screen. Today, attacks are less obvious and can go unnoticed for weeks as malicious actors seek to hide their presence, allowing them to infiltrate the infrastructure for malicious purposes.
Ransomware groups use double extortion methods, which take the encryption tactic and add another sinister element: before those files are encrypted, ransomware groups steal them and threaten to publish them on the dark web if the ransom is not paid. The added pressure of this type of extortion is what has contributed to the success of ransomware.
Organizations need to understand the global context around them—the combination of economic pressures, activism, and geopolitical tensions—to understand the threat landscape. Focusing only on the purely “technological” part is not enough to reduce risk.
The key to reducing risk is a proactive and preventative approach. Gaining visibility into the highest risk areas, what we call exposure management, is absolutely critical to knowing which doors and windows are wide open and need to be closed first. Threat actors move quickly and trying to detect and react to their movements is not effective today.
Defensible will share more of their expertise during the Cyber Security & Cloud Expo Europe. Stop by Tenable booth #144 to learn more about securing your business.
Check out other upcoming enterprise technology events and webinars hosted by TechForge here.
