The turbulence of the digital age has never been more evident. With each passing year, enterprises, both large and small, struggle with increasingly sophisticated cyber threats that can bring operations to a screeching halt, tarnish reputations, and, worst of all—compromise sensitive data. As the threat landscape continues to evolve, investing in robust cybersecurity measures is no longer optional; it is now imperative.
In this blog post, we will dissect the growing threats and trends in cybersecurity and explore how and why your business must prioritise cyber resilience in the face of 2024’s digital challenges.
In this interview, Matthieu Manalo, Flexisource IT’s Lead Project Coordinator, talked about cybersecurity’s trends, challenges, and why it’s essential to invest in it—whether your business is big or small.
Table of Contents
In your view, why should companies invest heavily in cybersecurity?
With the fast-changing pace of the IT landscape, a lot of companies are left behind in terms of their overall cybersecurity posture. A lot of factors play a role in this–whether it be outdated infrastructure, in-house developed applications that rely on vulnerable code/plugins, or little to no awareness of cybersecurity best practices. Threat actors armed with even little knowledge could easily penetrate companies working with just the one vulnerable gap.
Just last November, one of the biggest companies, Toyota Financial Services, suffered a major attack at the hands of the Medusa Group. That attack exposed confidential data including financial documents, spreadsheets, purchase invoices, user credentials, passport scans, internal organisation charts, financial performance reports, staff email addresses, and more which was ransomed at $8,000,000. Investing in improving Cybersecurity posture, practices, and people armed with the right tools, can help mitigate risks like this.
What are the pitfalls that businesses are facing in cybersecurity strategy?
AI and Machine Learning (ML)
AI and Machine Learning (ML) already play a big role in the space as it has been used in next-generation security appliances for threat analysis. Both of these will play a bigger role in 2024. AI’s advanced data analysis is being relied upon heavily in identifying and even predicting cyber threats which is gearing for even real-time threat analysis. ML algorithms are expected to see advancements in the way they adapt and update cybersecurity protocols autonomously, eliminating manual intervention. Advancements in this space could also bring about the emergence of AI-driven security bots that can identify and neutralise cyber threats/breaches autonomously.
IoT (Internet of Things)
The staggering speed at which IoT (Internet of Things) has grown in 2024 shifted the focus to enhancing security in that space. The first area of enhancement and the most significant one is the development of a robust standard for security protocols for IoT devices. This would mean universal encryption methods and mandatory security certifications for new devices. The second area of focus would be the integration of AI and Machine Learning (ML) algorithms into IoT systems. Although AI and ML algorithms are not new to next-generation security appliances since these help in filtering/blocking out unknown signatures that make up a breach. This move would lead to a faster response to threats.
Zero Trust Security
This gained significant traction last 2023, coming off as a niche approach to one of the core facets of cybersecurity to a fundamental aspect of cybersecurity strategy. Zero Trust works on the ethos of “never trust, always verify.” This changes the perspective from traditional security models wherein the focus is securing the perimeter.
Zero Trust assumes that both external and internal zones can have threats. What this means is that every action regardless of origin or the network is treated as a potential threat hence the additional layers of verification, strict access controls, and continuous network monitoring. This approach is rewarding from a security standpoint since it mitigates the risks from internal threats and restricts lateral movement by a threat actor. Transitioning to Zero Trust in 2024 marks the paradigm shift in cybersecurity. Focusing on continuous verification, access control, and overall improvement of network security.
What are the pitfalls that businesses are facing in cybersecurity strategy?
For me, these are the common pitfalls when it comes to preparing a cybersecurity strategy:
“Hackers only target big businesses”
With new threats and vulnerabilities being discovered daily (CVE, NVD, vulDB, Exploit-DB), no business is exempt from being targeted by attackers. They are not picky about who they target. Those with security gaps are always targeted and exploited. To protect business data, proper security measures must be in place and followed.
“Software updates? Maybe later or never”
We are all familiar with the dreaded pop-up notifying us of an update that we would need to install. Oftentimes, this would get pushed back if there are more urgent things happening like attending a meeting or an urgent deadline that needs to be met. This seemingly harmless task of updating software regularly is critical in securing you and your asset since regular updates bring in a slew of advantages. Fixing security loopholes, fixing vulnerable code/bugs, and even improving user experience.
“Man-in-the-middle, phishing, ransomware? What are these anyway?”
No, these are not strategies or code words. These are a few of the common cyber attacks that a lot of organisations and users fall victim to. These may be common but most are not even familiar with the common cyber attacks plaguing the space. To name a few, phishing attacks, malware attacks, ransomware, and insider threats are the most commonly found targeting businesses. Prevention is better than a cure and in this case, prevention stems from knowing how these attacks work and how to mitigate the risks you can control.
“Yep, the same password for everything so it’s easier to remember.”
Yes, it may be convenient to recycle passwords but it also makes it convenient for attackers to exploit and gain access faster. Recycling passwords is one thing but making weak passwords makes it even more dangerous as it can be cracked by tools like Hydra, Hashcat, and JohnTheRipper to name a few. To solve this, stop recycling passwords, use MFA/2FA, longer passwords using a combination of numbers and symbols, or even use the new PassKeys (encrypted passwordless login which is then decrypted on another trusted device) standard that is gaining traction.
“Cybersecurity policy? We don’t need that. We’ll be fine.”
Having a cybersecurity policy ensures that the organisation has a blueprint to follow and to incorporate into its day-to-day operations to make it secure. However, a survey conducted by CISOMag revealed that 60% of small businesses do not have a cybersecurity policy, which puts them in a tight spot. A cybersecurity policy can guide employees on the identified and unidentified threats to the organisation by giving them an overview and instructions on how to be secure in the process. Drafting or even creating a cybersecurity policy would need the functions of an appointed Chief Information Security Officer and a dedicated security team to build the foundation of the policy.
“That’s too expensive, there are cheaper, default, or even free alternatives out there we can use”
Free is good. We’ve all heard of it before but when it comes to protecting your business and your data. Free or cheap is not good. The problem with free tools/software is that it is accessible to anyone to play around with. Again–it is accessible to anyone to play around with. This means it is also accessible to attackers to play around with and test their penetration tools, scripts, and evasion tactics because it is easily available. Investing in IT services, enterprise-grade encryption software, perimeter security, Data Leak Prevention systems (DLP), security and patch management/monitoring, and overall security in and out of the network is a must.
Matthieu Manalo is the Lead Project Coordinator for Flexisource IT. This article is based on his brown bag session, Hack Me. Visit our social media pages for more of our brown bag sessions.
As a writer and branding strategist, Lex has found her passion in telling business stories in the form of impactful branding and marketing. When not working, she loves to read books about herpetology, botany, and going to the library.