Outsmarting cybercriminal innovation with strategies for enterprise resilience

In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies.

Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition bringing together some of the brightest minds in cybersecurity.

What emerging cybersecurity trends should enterprises be aware of in 2024, and how should they prepare for these new threats?

We observe that threat actors are increasingly utilizing new techniques and technologies to evade security measures and exploit vulnerabilities at an unprecedented rate. The rise of advanced persistent threats (APTs), phishing-as-a-service, ransomware-as-a-service models, and nation-state-sponsored cyber-attacks further compounds the complexity of the threat landscape. Emerging technologies like artificial intelligence and machine learning are now being employed to execute more precise, automated, and sophisticated attacks.

For instance, relying solely on multi-factor authentication (MFA) may not suffice in preventing identity theft for network access. MFA now needs to be supplemented with additional conditional access policies.

New phishing tactics are also being used (e.g quishing) to circumvent the increasing user awareness and bypass e-mail system filters.

It’s crucial for enterprises to adapt swiftly, implementing threat intelligence programs to expedite vulnerability remediation and the deployment of suitable security controls tailored to the dynamic threat environment evolution.

How is the rise of AI and machine learning technologies impacting the cybersecurity landscape, and what new risks and opportunities do they present for enterprises?

In 2023, artificial intelligence (AI) and machine learning (ML) transitioned from mere buzzwords to widely accessible technologies. Cybercriminals now widely use AI to gain insights on the victims’ IT systems, presence of vulnerabilities, circumvent detection methods and launch automated attacks with unprecedented speed, scale and precision.

Traditional approaches to security and incident response are no longer sufficient. Defenders must also leverage AI and ML to predict threats, enhance security posture and automate detection and incident response capabilities.

Supply chain attacks have been on the rise. What steps should enterprises take to secure their supply chain and mitigate the risks of such attacks?

The SolarWinds cybersecurity incident unveiled in 2020 has exposed the massive impact that supply chain attacks might have. Repercussions from this attack continue today, and it will be ever impossible to consider that mitigation is fully implemented. This incident has served as a wakeup call for many organizations regarding the potential consequences of supply chain attacks.

Cybersecurity programs shall consider supply chain attacks as a major source of risk, not only from the risk that is inherited from suppliers but also to the potential downstream impacts to customers from vulnerabilities introduced in the delivered products and services.

To reduce the risk from supply-chain attacks, enterprises must implement supplier and third-party evaluation programs assessing their compliancy to cybersecurity best-practices, regulations, and industry standards. Vendors with unknown or inadequately controlled risks should be rejected is identified risks are not mitigated.

Furthermore, the use of open-source and third-party software introduces significant risk from supply chain attacks. Proper controls must validate third-party software trustworthiness and ensure that these receive regular updates and patches. Security assessments should be integrated into all phases of the software development life cycle (SDLC), and CI/CD pipelines of applications and products.

All the above need to be complemented to effective IT security programs which should include regular risk assessments, robust access controls, system hardening, regular patching and vulnerability remediation, employee training. Continuous security monitoring supported by threat intelligence, incident detection, response, and remediation are also key components of an effective security program.

With evolving data privacy regulations, how should enterprises adapt their cybersecurity strategies to ensure compliance while protecting against breaches?

Over the past years, several new cybersecurity regulations have been introduced worldwide to address emerging threats and enhance data protection. As cyber threats evolve, we can only expect regulations to become stricter, with higher financial penalties and potentially holding enterprise executives criminally liable for failing to uphold regulatory obligations.

As cyber threats evolve, adherence to IT security legal regulations becomes paramount to maintaining trust, integrity, and legality in digital operations.

By implementing a comprehensive cybersecurity program, organizations can better prepare to adapt to the evolving regulatory landscape. They can proactively mitigate risks, enhance resilience against cyber threats, and safeguard their digital assets and reputation.

Insider threats remain a significant concern for enterprises. What measures can organizations implement to detect and prevent insider threats effectively?

Not all companies are identical, and insider threat risk will vary. The initial step in effectively managing insider threats is conducting a comprehensive assessment to identify all potential areas where employee misconduct could disrupt regular business operations or compromise IT systems.

Appropriate IT security and HR controls should be designed to mitigate the identified risks. Security policies should incorporate tailored security measures aligned with the company’s specific insider threat risk appetite. These may include thorough vetting processes for employees with sensitive roles, systematic implementing least privileged access, introducing privileged management systems, network segregation, data loss prevention (DLP), and security monitoring, among others.

Third-party risk management is equally crucial. Subcontractors and vendors with privileged system access represent a significant source of risk. Regular evaluation of third parties is essential and should ensure third-party supplier compliance with the company’s security policies.