Be part of prime executives in San Francisco on July 11-12, to listen to how leaders are integrating and optimizing AI investments for achievement. Learn More
The character of cyberattacks is altering quick. Generative AI, cloud complexity and geopolitical tensions are among the many newest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of safety decision-makers say their organizations’ delicate knowledge was “doubtlessly compromised or breached prior to now 12 months” alone. That’s a sobering cybersecurity baseline for any CISO to contemplate.
With attackers rapidly weaponizing generative AI, discovering new methods to compromise cloud complexity and exploiting geopolitical tensions to launch extra subtle assaults, it would worsen earlier than it will get higher.
Forrester’s Top Cybersecurity Threats in 2023 report (consumer entry reqd.) offers a stark warning concerning the prime cybersecurity threats this 12 months, together with prescriptive recommendation to CISOs and their groups on countering them. By weaponizing generative AI and utilizing ChatGPT, attackers are fine-tuning their ransomware and social engineering strategies.
Two fronts of the worldwide threatscape
CISOs are below stress to cope with long-established threats, and on the identical time discover themselves unprepared to thwart rising ones. Ransomware and social engineering by enterprise e-mail compromise (BEC) are the longstanding threats CISOs have targeting defending in opposition to for years. But whereas safety groups have invested thousands and thousands of {dollars} in strengthening their tech stacks, endpoints and id administration methods to battle ransomware, breaches proceed to develop.
For one factor, as they search for new methods to extend the dimensions and pace of ransomware payouts, attackers are making provide chains, healthcare suppliers and hospitals prime targets. Any goal that delivers time-sensitive companies and may’t afford to be down for lengthy is a supply for bigger ransomware payouts, as these companies must get again on-line instantly.
Forrester’s predictions and survey outcomes additionally present why a better proportion of breaches will stay unreported as newer threats advance. CISOs and enterprises received’t wish to admit they have been unprepared. Twelve p.c of safety and threat professionals say they’ve skilled six to over 25 breaches prior to now 12 months. The breaches represented on this report derive from BEC, social engineering assaults and ransomware. New, extra deadly assault methods that search to destroy AI-based defenses are coming.
Perimeter-based legacy methods not designed with an AI-based improve path are probably the most susceptible. With a brand new wave of cyberattacks coming that search to capitalize on any given enterprise’ weakest hyperlinks, together with advanced cloud configurations, the hole between reported and precise breaches will develop.
Forrester’s tackle the highest cybersecurity threats this 12 months
With the brand new wave of threats, Forrester anticipates extra deadly assaults, as risk actors scale up their experience in AI to defeat the latest era of cybersecurity defenses. VentureBeat has discovered that is already occurring, with the unsecured gaps between endpoints and id safety being a weak hyperlink attackers concentrate on.
CrowdStrike president Michael Sentonas instructed VentureBeat in a latest interview that the necessity to shut the gaps between endpoint safety and id safety is “one of many greatest challenges individuals wish to cope with at present. The hacking exposé session that George and I did at RSA [2023] was to indicate among the challenges with id and the complexity and why we linked the endpoint with id [and] with the information the consumer is accessing. That’s the important drawback. And in the event you can remedy that, it’s robust, however in the event you can, you remedy an enormous a part of a corporation’s cyber drawback.”
Actual threats to AI deployments emerge
Utilizing generative AI, ChatGPT and the big language fashions supporting them, attackers can scale assaults at ranges of pace and complexity not doable earlier than. Forrester predicts use instances will proceed to proliferate, restricted solely by attackers’ creativity.
One early use case is a method of poisoning knowledge to trigger algorithmic drift, which reduces the detection efficacy of e-mail safety or the income potential of ecommerce advice engines. What had as soon as been a distinct segment matter is now one of the pressing threats to anticipate and counter. Forrester notes that whereas many organizations don’t face an instantaneous threat of this risk, it’s important to know which safety distributors can defend in opposition to an assault on AI fashions and algorithms. Forrester recommends within the report that “if you have to shield your agency’s AI deployments, take into account distributors like HiddenLayer, CalypsoAI and Robust Intelligence.”
Cloud computing complexity is growing
Cloud companies are utilized by 94% of enterprises, and 75% say safety is a prime concern. A full two-thirds of firms have cloud infrastructures. Gartner estimated final 12 months that the cloud shift will have an effect on greater than $1.3 trillion in enterprise IT spending this 12 months and nearly $1.8 trillion in 2025. In comparison with 41% in 2022, by 2025 51% of IT spending will transfer to the public cloud. And cloud applied sciences will account for 65.9% of utility software program spending in 2025, up from 57.7% in 2022.
These predictions amplify how the more and more advanced nature of cloud computing and storage infrastructure poses vital safety dangers. Forrester notes that insecure IaaS infrastructure configurations, malwareless assaults and privilege escalation, and configuration drift are a number of of the various risk surfaces CISOs and their groups want to concentrate on and harden.
The report recommends that enterprises construct resilient, strong cloud governance, and use safety instruments such because the native safety capabilities of IaaS platforms, cloud safety posture administration, and SaaS safety posture administration to detect and remediate threats and breach makes an attempt.
Forrester writes within the report that “infrastructure as code (IaC) scanning can be gaining momentum to detect misconfiguration (e.g., unencrypted storage bucket or weak-password insurance policies) in terraform, helm and Kubernetes manifest information by integrating IaC safety (e.g., Checkmarx’s KICS and Palo Alto Networks’ Bridgecrew) into the continual enchancment/steady deployment pipeline and even earlier throughout coding within the built-in developer surroundings.”
Geopolitical threats loom massive
Forrester cites Russia’s invasion of Ukraine and its relentless cyberattacks on Ukrainian infrastructure as examples of geopolitical cyberattacks with instant world implications. Forrester advises that nation-state actors will proceed to make use of cyberattacks on non-public firms for geopolitical functions like espionage, negotiation leverage, useful resource management and mental property theft to realize technological superiority.
Forrester factors to the continuing diplomatic and commerce tensions between China and the U.S. as a flashpoint that would enhance assaults on enterprises. The report cites how, in late 2022, the U.S. restricted China’s semiconductor chip exports and communications gear imports. China sanctioned U.S. protection contractors in early 2023. Russia faces European commerce bans and export controls. These conflicts could impression non-public firms. North Korea stealing $741 million in cryptocurrency from Japan is one other instance of how geopolitical threats can rapidly destabilize a whole nation’s monetary situation.
Ransomware continues to batter organizations
In response to Forrester, ransomware stays a prime cyber-threat, with attackers demanding double extortion to stop knowledge disclosure. Attackers additionally demand ransom from breached enterprises’ clients to maintain their knowledge non-public, additional damaging an enterprise’s popularity and belief.
Forrester is seeing ransomware assaults that concentrate on important infrastructure and provide chains, the place delays can price thousands and thousands of {dollars}. Attackers know that if they will disrupt a provide chain, their calls for for greater ransomware payouts will likely be rapidly met by enterprises that may’t afford to be down for lengthy.
Most troubling is Forrester’s discovering that between 2016 and 2021, hospital ransomware assaults doubled, endangering lives. Ransomware is a typical tactic North Korea makes use of to fund its espionage and missile growth applications.
In response, over 30 nations shaped the Counter Ransomware Initiative (CRI) in October 2021 to combat world ransomware. Australia is main the International Counter Ransomware Task Force (ICRTF) to deal with ransomware as a part of the CRI technique. Forrester recommends that enterprises too “equally prioritize ransomware protection and subscribe to exterior risk intelligence service suppliers with focused ransomware intelligence like CrowdStrike or Mandiant.”
The report additionally reminds safety and threat administration groups at important infrastructure firms that they should be ready to report cyber-incidents inside 72 hours and ransom funds inside 24 hours to CISA, per the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
BEC social engineering tops ransomware in insurance coverage claims
The FBI’s Crime Complaint Center reported $2.4 billion in BEC social engineering losses to companies in 2021. Fraudulent funds switch claims from BEC assaults topped all kinds of claims in 2022, overtaking ransomware assaults. BEC social engineering assaults make the most of human error. They use phishing to, for instance, steal credentials and misuse accounts.
Forrester notes that BEC social engineering campaigns are transferring into a brand new part, looking for to mix a number of communication channels to persuade victims to take motion. Some campaigns embrace a CAPTCHA course of to extend their legitimacy. The report advises that it’s not sufficient to undertake domain-based message authentication, reporting and conformance (DMARC) for e-mail authentication. Enterprises ought to take a data-driven method to habits change to measure progress, and course-correct with further coaching and applied sciences to scale back the danger of socially-engineered assaults succeeding.
Safety groups want to organize
Forrester’s newest report on cybersecurity threats is a stark warning to organizations worldwide to organize for an period of latest assault methods. Attackers proceed to refine their tradecraft to incorporate new techniques for weaponizing generative AI, exploiting cloud complexity and leveraging geopolitical tensions to launch extra subtle assaults.
Whereas enterprises proceed to fund cybersecurity budgets to include BEC social engineering and ransomware assaults, in addition they want to start out planning how one can predict, determine and act on threats to their AI fashions and algorithms and the information they use. To enhance risk intelligence, safety groups should unify these numerous efforts to cease the following era of cyberattacks.