Building Resilience In A Changing Cyber Threat Landscape

Uploaded on 2024-08-06 in TECHNOLOGY--Resilience, FREE TO VIEW

It’s no secret that cyberattacks are a major threat to organisations in all industries. But despite widespread warnings of malicious activity and the disastrous financial and reputational consequences they can cause, organisations are still less prepared for cyberattacks than they realise.

The goalposts are constantly shifting, with technologies like AI accelerating social engineering attacks and bad actors now exploiting cloud servers to conduct their campaigns. On a seemingly endless treadmill of threats, staying ahead can feel like an uphill battle. 

A Constantly Changing Cyberscape

Today, organisations need to be wary of all kinds of attacks, including phishing, malware, and DDoS, to name just a few. One of the most prevalent threats is ransomware attacks, which can lead to the data of millions of individuals being stolen, not to mention that paid ransoms fund cybercriminals and their future activity. 

A recent IDC report commissioned by Kyndryl found that 70% of IT leaders had been successfully targeted by ransomware within the last year, with two thirds choosing to pay the ransom. 90% of those hit by ransomware said that the attacks exfiltrated company data, likely causing company disruption and financial damages.

A lot of these incidents can be traced back to a single staff member or user clicking on a malicious link. An extreme example of the consequences of human error is the data breach of the Police Service of Northern Ireland (PSNI) last year, which shared the personal details of all PSNI staff, resulting in a fine of £750,000.

The pervasiveness of ransomware attacks signals a need for digital forensics teams to be more powerful and efficient in their response. But siloed, disjointed incident response and incident recovery processes often cause further problems and hinder businesses’ ability to get back up and running after an incident, with the two teams often unintentionally working at cross-purposes. 

New Avenues For Attack

Now, cybercriminals have a new tool at their disposal: generative AI. Generative AI can produce audio and video clips impersonating real customers and executives, making it easier to fool security systems and conduct phishing or social engineering attacks. Additionally, criminal groups are using generative AI technologies to spread malware and constantly change its code, meaning it can evade IT security systems easier.

With AI likely to increase the volume and impact of cyberattacks over the next few years, businesses need to start fighting fire with fire. Without harnessing AI and machine learning for themselves to spot patterns and flag anomalies, organisations will simply be unable to adapt their cyber defences to meet this rise in threats. 

When starting to implement AI-driven defences, CIOs need to begin by validating essential control implementation, before stress testing their response and recovery capabilities, and adapting training and awareness programmes to reflect AI-based cyberthreats.

Building Cyber Resilience

Human error and AI are key challenges concerning CISOs, and businesses need to go beyond just predicting when the next attack will hit. To anticipate, protect against, withstand, and recover from diverse cyberattacks, the focus should be on building cyber resilience. But cyber resilience isn’t just investing in the right technologies, it also involves a shift in mindset, where an organisation comes together to see cybersecurity in a more holistic way.

The first step in establishing cyber resilience is identifying the critical services the business is dependent on and importantly with what impact tolerances for data loss and outage. Then, they should map their infrastructure to applications and assess whether the controls already in place can protect against a disruptive attack, detect any future threats, and recover if incidents escalate. Lastly, businesses should outline a customised roadmap for continually improving resilience and modernising infrastructure to continue building resilience, recoverability of their critical service should become an important functional requirement. Once companies have followed these steps, they can consider areas where third-party help or technical expertise might be needed, particularly in sector-specific applications. With a continual focus on cybersecurity and potential attacks, businesses can build a culture of healthy scepticism, reducing the likelihood of a successful attack or human error incident, like that of the PSNI. 

Cyberthreats have always evolved to utilise the latest technological advancements. But generative AI’s unprecedented ability to streamline and speed up malicious activity has facilitated the need for more robust and holistic defences.

For businesses to adapt, they need to arm themselves with AI-enabled defences that are stronger than AI-enabled threats, all while adopting a cyber resilience approach that combines cybersecurity, business continuity, and disaster recovery to minimise disruptive, expensive cyberattacks. 

Duncan Bradley is Practice Leader for Security and Resiliency, Kyndryl UK&I

Image: @Kyndryl

You Might Also Read: 

Ransomware: Businesses Are Well Equipped But Underprepared:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Millions Of US Voters Exposed Online
A Brief History Of Cyber Crime [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

CHERI Alliance

CHERI Alliance

CHERI Alliance is an industry initiative spearheading the global adoption of the Capability Hardware Enhanced RISC Instructions (CHERI) security technology across the computing industry.