As organisations worldwide continue to grapple with an ever-expanding threat landscape, understanding the current cybersecurity trends has never been more crucial.
Ahead of Cyber Security & Cloud Expo Europe, Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, shed light on the shifts in cybersecurity over the past five years and offers valuable insights into the challenges and trends shaping the industry today.
In the face of increasingly sophisticated threats, Montel’s perspectives on risk management, proactive security measures, and the role of emerging technologies like AI in cybersecurity offer invaluable guidance for navigating these turbulent waters.
Cloud Tech: How has the cybersecurity landscape changed in the last five years?”
Bernard Montel: The global pandemic dramatically changed the way we work and for some organisations this transition happened practically overnight. Instead of travelling to offices or other places of work we were connecting to systems and resources remotely.
From a cybersecurity standpoint this has had a massive impact in the way we need to think about security:
- The home network, which had never been secured, suddenly became an extension of the corporate network. Home routers were the only way employees could gain access to resources and expanded the threat landscape significantly.
- The use of Virtual Private Networks (VPNs) and multi-factor authentication (MFA) was the only way to secure these connections.
- As organisations moved resources to the cloud, negating the need for VPNs, it simplified life for remote workers and provided a layer of security for organisations.
If we could retain one single post-pandemic change, it is the acceleration of cloud services (Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), etc.) The cloud has changed the way we work today removing the need for physical racks of machines, accessible only remotely. There is no need to be hardwired to the corporate network to be secure.
Of course we still have some on-prem solutions deployed and used. However, the vast majority of organisations operate a hybrid environment, combining a blend of private and public cloud with on-prem resources.
Today’s new normal means the “castle” represented by the “corporate network,” is now fragmented—with the result that the attack surface has never been so large or more dynamic.
CT: What are the top current cybersecurity trends?
BM: Ransomware is still the top threat today. The number of attacks experienced by organisations daily is growing and breaches are breaking more and more records in terms of number of records breached or volume of data exfiltrated.
Cloud security is another real challenge for all organisations. The move to cloud resources forces security teams to rethink the way they handle security. The traditional perimeter approach, with endpoint and/or server the focus of security practices, is almost useless when we are talking about serverless microservices, and containers.
Identity has returned as the main focus of concern. 25 years ago we talked about the challenge of managing identities with the beginning of I&AM. The problem is still very much evident, but far more complex: federated identities, MFA, Active Directory and EntraID, combined with all the cloud-based identities with AWS, Azure, GCP… the list goes on.
AI is, of course, like in any other technology, another area of focus. Attackers are just beginning to realise the capabilities it offers and, as defenders, it’s vital we also determine how to utilise the technology.
Harnessing the power and speed of generative AI – such as Google Vertex AI, OpenAI GPT-4, LangChain, and many others – it is possible to return new intelligent information in minutes. This can be used to accelerate research and development cycles in cybersecurity, to search for patterns and explain what’s found in the simplest language possible. Harnessing the power of AI enables security teams to work faster, search faster, analyse faster, and ultimately make decisions faster.
CT: What should organisations keep in mind today when thinking of their security risks?
BM: What we need to keep in mind is that, in the majority of instances, it is a known vulnerability that allows threat actors an entry point to the organisation’s infrastructure. Having gained entry threat actors will then look to further infiltrate the organisation to steal data, encrypt stems or other nefarious activities.
Non-malicious misconfigurations – so basic human error, from configurations left ‘by default’ to a developer submitting code through a DevOps high speed cycle – these mistakes are human. However, not checking for these misconfigurations leaves the doors wide open to attackers.
Often there is a belief that, because an organisation is ‘smaller,’ they won’t be a target for attacks. That couldn’t be further from the truth. Yes, typically it is the big names that make the headlines, but increasingly smaller organisations are also targeted as threat actors realise that they are part of the supply chain and often open the door – given the interconnected working practices – to larger companies.
Ten years ago a ransomware attack was really obvious. The computer (PC) was bricked with a ransomware demand displayed on the screen. Today, attacks are less obvious and can go undetected for a few weeks as threat actors look to obfuscate their presence allowing them to creep around infrastructure for nefarious purposes.
Ransomware gangs will employ double extortion methods, that takes both the encryption tactic and adds another sinister element: before those files are encrypted, ransomware groups will steal them and threaten to publish them on the dark web if a ransom is not paid. The added pressure from this type of extortion is what has helped make ransomware so successful.
Organisations need to understand the global context around us — the combination of pressured economy, activism, and geopolitical tensions — to understand the threat landscape. Focusing only on the pure ‘technological’ part is not enough to reduce the risk.
Key to risk reduction is a proactive, preventive approach. Getting visibility into where your biggest areas of risk are, we call this exposure management, is absolutely critical to knowing which doors and windows are wide open and need to be closed first. Threat actors are moving quickly and trying to detect and react to their movement is not efficient today.
