Cybersecurity Awareness Month: What is the biggest cybersecurity threat we are currently facing?

CYBERSECURITY AWARENESS MONTH. CREDIT: PIXABAY

Cybersecurity Awareness Month: What is the biggest cybersecurity threat we are currently facing?

As part of Cybersecurity Awareness Month this October, we are looking at key topics affecting cybersecurity from threat detection and risk management to defence technologies and practices. Firstly we’re looking at what the cybersecurity threat landscape is like in 2022, particularly as cyber criminals become more advanced and sophisticated in their cyber attacks.

We’ve spoken to some of the top minds in the cybersecurity industry for their take on the current cybersecurity threats and which are the most dominant right now…

Ned Baltagi, Managing Director, Middle East, and Africa at SANS Institute

“The biggest threat to an organisation’s cybersecurity is that cybercriminals are now going after their weakest link – the employee. Unfortunately for organisations, this means that even after they have invested heavily in IT security technologies, poor security awareness among employees can still result in their systems being breached.

“Social exploits are becoming more sophisticated than ever before and even employees with the best intentions can severely compromise the cybersecurity of their organisations. It remains critical for organisations to dedicate enough personnel, resources, and tools to ensure their workforce is informed and to establish a cyber secure culture from within.”

Nicolai Solling, Chief Technology Officer at Help AG
“Amid another record year of global cybersecurity breaches, ransomware attacks have grown into a lucrative industry in the region – termed ransomware-as-a-service –  wherein perpetrators have become increasingly professional with vast resources at their disposal. Ransomware-as-a-service has transformed ransomware into a profitable business model wherein ready-made malicious code is sold to cyber attackers. Underscoring this point, Zscaler’s report found that ransomware-as-a-service is now being utilised by eight of the top 11 ransomware families.”Left unchecked, ransomware can have catastrophic effects on businesses, a deep concern for cyber leaders in the region and around the world. According to the US Treasury, $5.2 billion in Bitcoin transactions were found to be tied to the top 10 ransomware variants in 2021.”As ransomware threats grow both in number and sophistication, so does the need for adopting a more proactive cybersecurity strategy for organisations, as relying on prevention is not enough anymore. Businesses must focus on a holistic approach that incorporates investing in incident response and recovery as well as in implementing advanced defence measures.”
Harish Chib, Vice President, Middle East Africa, Sophos
“Ransomware remains a persistent threat with an ever-increasing escalation of cyberattack incidents. It is the biggest threat in the industry because it is not one threat but combination of many, and it exposes underlining weaknesses in processes, and people. Attackers are constantly changing tactics, techniques and procedures (TTPs) with multiple attackers targeting and victimising single organisations.  All organisations, regardless of size, need extra defences/reinforcements and trained human eyes to monitor networks for indicators of compromise as there’s a shortage of infosec skills in the industry.The increase of more organised and determined attackers with less-in-house defenders highlight the need for services. Organisations need as much help they can get from cybersecurity vendors – either through services or through solutions they can easily manage themselves as cyberattacks have become too complex for organisations to go at it alone.”
Roland Hashem, Managing Partner at PROW

“Social engineering attacks remain among the most pervasive and destructive threats facing organisations and individuals. Such threats are becoming increasingly sophisticated due to the advent of technologies like deepfakes and voice cloning, which are making it possible to replicate a person’s likeness, their voice and even their speech patterns to trick unsuspecting victims. When 22% of employees are likely to fall for a phishing attempt, according to a Phished report, it is daunting to think of how increasingly advanced cyberattacks will impact our world in the coming years.”According to IBM’s X-Force Threat Intelligence Index, human error is linked to around 90% of security breaches. Your employees are your weakest link, making it crucial to make cybersecurity part of your company’s culture, regularly holding training sessions and making cybersecurity a topic that everyone in the company is concerned with – not only the IT department.”

Bahaa Hudairi, Regional Sales Director at META, Lookout
“As operations move to the cloud, IT security teams find themselves guarding data that has scattered across data centers, private clouds and software-as-a-service (SaaS) apps, and are accessed by endpoints sitting on networks they don’t manage. But unlike when everything was neatly inside perimeters, they no longer have the visibility or the controls to protect their data.
“To prevent data leakage in this cloud-first era, organisations need a unified platform that protects users, devices, access and data, across all applications and devices, from any modern day cyber threats, and that’s where SSE, and as a consequence, Lookout can play a vital role.”

Subhalakshmi Ganapathy, Product Evangelist, IT Security, at ManageEngine

“Lack of visibility is one of the biggest threats to security today. Since the pandemic, the enterprise network is slowly becoming perimeter-less. Unlike the well-defined architecture of the traditional enterprise network, perimeter-less networks used for cloud and hybrid work models have a lot of grey area. Because of this, gaining visibility on user identities along with accesses and activities of cloud and hybrid networks can be difficult.

“On top of this, cyberattacks often target loopholes in security strategies; any areas neglected by the security professionals can be leveraged to launch an attack. If enterprises fail to track shadow IT or to implement identity-driven security systems like Zero Trust, they’ll be vulnerable to the most advanced and sophisticated data breaches.

“Adopting an identity-driven security architecture, cloud access security brokers, and AI-driven security analytics can help enterprises gain the visibility they need and thereby step up their security defences.”

Shaikh Mohammad Adeel, Cybersecurity Consultant at Omnix

“Ransomware is on the biggest cyber security threat in 2022. Businesses are more vulnerable to cyber threats as they adopt hybrid work arrangements and go through rapid digital transformation. Not restricted to any particular sector or size, it spreads across government to healthcare, education to retail, SMBs to Fortune 100s. It is zero-day, therefore cybersecurity measures can’t stop them.

“The biggest entry point of Ransomware is emails. Prevention involves a combination of several mitigation techniques. Cyber security awareness should be top priority. Ransomware is usually the last step in the cyberattack process. It is the payload that is delivered after an attacker gains access to the victim’s network. The first step in a network usually involves some form of phishing, social engineering, or web application attack. Once they attain a foothold into the network, they can deliver ransomware to every endpoint they can reach. This results in encrypting machines and asking for ransom for recovery.”

Morey Haber, Chief Security Officer at BeyondTrust

“The most pressing cyber security concerns facing organisations today are the rapidly evolving threat landscape in the cloud and attacks targeting assets that are no longer secured by a perimeter defence strategy.

“Organisations have become truly interconnected in the last decade and almost every asset has some communication path to the cloud for software updates, development, or as a part of its strategic operations and workflow. This includes servers, databases, and even end users working from home. The protection of these assets and their workflows have garnered strategies like Zero Trust and raised premiums on cyber insurance with little progress on solutions and methodologies for simple and effective mitigation.

“These changes have become the biggest issues for organisations today with multiple paths, products, and guidance available based on the diversity of digital transformations.”

Sam Curry, Chief Security Officer, Cybereason

“The superficial discussions are about the symptoms, like ransomware which is a clear and very real danger. The real conversations, above or below the security poverty line, are about the gap between the business and security, making security a risk function and a set of business processes similar to how legal, operations and financial risk are managed.

“Yes, we need to get the controls right and the staffing and the processes within information security, but the real understanding of that value and the proper funding and management of investment; there is the real job of security.”

Vibin Shaju, General Manager for UAE, Trellix

“Some of the most devastating and complex attacks we are seeing of late are focused on the supply chain. Given the wide range of partners, suppliers, distributors, contractors, outsourced sales, cloud platforms, geographical specialists, and sometimes a company’s own customers, the attack surface is growing by several orders of magnitude.

“To be more precise, the risk doesn’t necessarily grow with the number of partners as much as the risk grows with the number of partners whose cybersecurity environments are less secure than your own environment. The SolarWinds attack from a couple of years ago might have received the most attention, but since then we’ve had several more instances where the supply chain has been used to get access to the eventual target company.

“Compounding matters is the ‘cyber fatigue’, resulting from use of siloed cybersecurity solutions. As a case in point, according to a recent study we conducted, 60% of UAE SecOps teams admitted that they are hampered by patchworks of security solutions that have few, if any, integration options. Organisations need to take a new approach and implement an open, cloud-native XDR architecture — that looks at security through a holistic lens, combining Prediction, Detection & Prevention — so teams can work smarter and quickly remediate threats.”

Werno Gevers, cybersecurity specialist at Mimecast

“We are more dependent than ever on email and collaboration tools. This is where work happens. But it is also where risk happens. Companies have always been facing the risk of malicious actors, human error, and technology fallibility. But today, the stakes are higher than ever. Risks are compounded by complexity. But one attack vector is clear and that is that 91% of breaches start with email. Malicious actors are highly determined and well-resourced and often bounce between email and collaboration platforms in sophisticated attacks. They target M365 and Google as it presents the most people to phish, more ways to gain access, and even more data to steal.”

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea

“In our recent report, we found that in the UAE and Saudi Arabia, a staggering 91% of respondents reported that they experienced an identity-related breach or an attack using stolen credentials during the previous year and a half. While the importance of identity security is acknowledged by business leaders, most Middle East security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks. This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them. Moreover, cyber criminals look for the weakest link, so overlooking ‘non-human’ identities—particularly when these are growing at a faster pace than human users—greatly increases the risk of privilege-based identity attacks.”