Cyber extortion continues to be a persistent threat to the cybersecurity landscape. Our latest Cy-Xplorer reveals a significant year-on-year increase in the number of victims in 2024 – 77% year-on-year. While some industries, including manufacturing, healthcare and professional services, found themselves in the firing line most frequently, few industries could consider themselves safe.
While these are sophisticated attacks, in our experience, the best ways to secure an organization against them are less complex and more comprehensive. While many businesses may be looking to AI and large language models (LLMs) as a panacea for all cybersecurity ills, most organizations would benefit from more fundamental changes to their security posture.
Scott Walker, Stuart Kennedy
Social Links Navigation
CSIRT Manager and Senior Security Analyst at Orange Cyberdefense.
AI: A double-edged sword
Generative AI is the technology topic de jour and has already proven to be a powerful tool for both bad actors and cybersecurity professionals. On the threat side, we’ve already seen state-sponsored threat actors often use generative AI to craft more convincing phishing attacks through voice emulation and deepfakes. For cybersecurity professionals, AI can bolster defenses by streamlining threat detection, incident response, and risk management.
Despite the seemingly fast-advancing technology, AI should not be used as a shortcut to robust security protocols. The technology is still nascent, and the economics are still to be worked out. Many organizations have yet to get a handle on AI and where it sits within their technology infrastructure. AI applications can be another attack vector to company servers for bad actors, especially when they don’t adhere to company policies.
This is not to say that AI holds no value for security – far from it – but businesses should not rush into an AI-driven security strategy without first having a strong security posture to build upon. This includes having processes on what systems AI applications are connected to and educating employees on appropriate use cases for AI. In the near term, relying on more classical threat intelligence and pentesting processes will prove the most effective strategies for mitigating risk.
Security starts with culture
It’s always been the case that the weakest link in the security chain has been people, and our latest Security Navigator report reaffirms this point – 37% of cyber incidents in organizations originate internally. As much as we might wish to be able to claim there is a silver bullet to cybersecurity, the truth is that, even in a world of growing cyber threats, no amount of technology will protect your business if your staff aren’t trained in recognizing cyber extortion, social engineering and other cyber threats, and how best to avoid or report them.
Mitigating risks requires integrating security awareness into employees’ daily routines, whether they’re full-time contractors, partners, or suppliers. Continuous training from the likes of CSOs, CIOs, and external experts must solidify this awareness.
There will almost certainly be resistance to these kinds of approaches. Why, after all, should this be the responsibility of your non-cybersecurity employees ? To win over naysayers, security leaders must clearly demonstrate the consequences of inadequate security measures and effectively communicate their security strategy across the organization to secure employee buy-in in every function.
Defining cybersecurity success
While strengthening security posture and mitigating risk should always be the core targets, security teams must have realistic goals and targets for cybersecurity success. While a zero per cent incident rate would be ideal – is it realistic? In a landscape of increasingly sophisticated and varied threats, we’d say it isn’t.
Consider more achievable and appropriate targets for your business. One would be reducing incidents, and tracking and reducing the time between detection, reporting and remediation. Systems being brought down will bring business processes to a screeching halt, so if a system is compromised, how quickly can it be brought back online through backups? Consider what sensitive (and therefore particularly valuable) data the company holds – how can security strategy reduce the risk of unauthorized access to that data in particular?
Increasing resilience is a marathon, not a sprint, and no system is impenetrable. Set realistic milestones and goals based on data sensitivity and business responsibility, then build on that posture over weeks, months and years.
People, process and technology alignment
The idea that one technology, or even a suite of technologies, no matter how advanced, is the recipe for robust cybersecurity is a fanciful and risky position to hold. If internal standards around education and processes slip due to an over-reliance on technology, severe system compromises from bad actors are inevitable.
As the threat landscape evolves, security must not be a static barrier. It, too, must change to meet new threats by aligning well-informed people following strong processes supported by technology.
We’ve featured the best business VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
