FEATURE : CYBERSECURITY
report , we have found that while ransomware attacks have always been a significant concern for businesses , over the past several months they ’ ve become more prevalent and costlier – both in terms of downtime and damages . Also , phishing tactics are now far more sophisticated and have evolved to target the weak links found at the Edges of business networks . Many attackers are also using Machine Learning to rapidly craft , test and distribute messages with increasingly realistic visual content that triggers emotional distress in recipients ,” he said .
Israel Barak , CISO , Cybereason , agreed with Panel on the changing threat landscape and said : “ Multi-stage ransomware attacks are rising significantly , with multiple attackers executing ransomware operations involving data theft , the stealing of user credentials and lateral movement across the victim ’ s network to compromise as many endpoints as possible .”
Barak said Cybereason is seeing ransomware capabilities deployed early in hacking operations but not immediately
MULTI-STAGE RANSOMWARE ATTACKS ARE RISING SIGNIFICANTLY , WITH MULTIPLE ATTACKERS EXECUTING RANSOMWARE OPERATIONS INVOLVING DATA THEFT , THE STEALING OF USER CREDENTIALS AND LATERAL MOVEMENT ACROSS THE VICTIM ’ S NETWORK TO COMPROMISE AS MANY ENDPOINTS AS POSSIBLE . detonated . “ In these cases , the ransomware is detonated only after preliminary stages of the attack are finished across all compromised endpoints to achieve maximum impact on the victim .
Beyond ransomware , mobile phones are becoming a focal point for nation states and rogue hacking groups . Traditionally , attackers have been targeting mobile phones for taking data , performing surveillance on the users , and its location services . Recently , we have seen the transition by attackers to using the mobile phone as the penetration vector into the organisational network . That being said , there hasn ’ t been an influx of new techniques introduced into the industry for penetration – we primarily see phishing emails at the top of most threat actors ’ lists ,” he said .
With the changing threat landscape , industry experts agree that CIOs face challenges when implementing their cybersecurity strategies .
According to Cathy MacLeod , Head of Professional Services , DRS , the availability of technical skill comes top of mind and the ability to upskill resources . “ Protection of the company ’ s data and governance thereof and this includes retention and classification of data . The cost of this compliance can be crippling and the ability to keep up with the ever-changing regulatory requirements puts a heavy financial commitment on companies ,” he said . “ I would also add here that automated systems need to have priority as the CIO needs to balance security and accessibility for employees to complete their primary functions . Also , on the COVID-19 disruptions , organisations are rushing to increase cloud adoption in its various forms , but it is important that they do not do this without first considering their cloud-security posture .”
Morey Haber , CTO and CISO , BeyondTrust , said CIOs have been facing a variety of challenges throughout the year . Haber said depending on their vertical and geographical location , these can vary from regional data privacy laws to nation state cyberattacks .
Haber said in 2020 however , COVID-19 changed the top priority for every CIO worldwide and that priority created splinter use cases that have become a paramount concern for every security and IT professional regardless of their individual specialisation .
52 INTELLIGENTCIO www . intelligentcio . com