What We Learned in the Q1 Cybersecurity Briefing

Cyberthreat is real – and the stats are staggering. The industry saw a dramatic rise in advanced persistent cybercrime with malicious wiper volume increasing an astonishing 53% between Q3 and Q4 of 2022. Arguably more astonishing, though, are the statistics regarding businesses' ability to protect against the rise in cybercrime. According to a recent survey, 72% of respondents claimed they have a ransom policy in place – yet when investigating the nature of the ransom policy, 49% of them pay the ransom outright!

With these stats as our scene setter, over 40 industry professionals gathered in PPG Paints Arena for DES’ Q1 Cybersecurity Briefing with industry leader, Fortinet. The presentation focused on Operational Technology (OT) as an increasingly vulnerable attack surface. With buildings operations converging with networked operations, building OT, such as the software and hardware that control physical devices, are a gateway for bad actors. One example of this is Hikvision and Dahua video cameras, recently banned by the FCC over concerns of backdoor vulnerabilities.

Indeed, once again, the numbers tell the story. Over the course of 2022, 93% of organizations experienced an intrusion targeting their OT infrastructure, with 83% experiencing more than three intrusions. Certainly, global events are affecting this rise. The war in Ukraine is being played out online as well as on the ground, with both sides developing targeted attacks against critical infrastructure. The sophistication of these attacks has ramifications on US infrastructure, particularly in the increase of disk-wiping malware.

A conversation about cybersecurity would be remiss without recognizing the insidious weaponization of AI. Cybercriminals are using AI in a multitude of malicious activities ranging from thwarting algorithms that detect abnormal network activity to mimicking human behavior. Deepfakes and uber-realistic phishing emails add to an arsenal of tactics designed to trip up an unsuspecting employee and infiltrate the network.

Most worrying in the 2023 cybersecurity forecast is the commercialization of cybercriminal organizations. Bad actors can outsource specific components of cyberattacks to niche professionals, such as Reconnaissance-as-a-Service where dark web “detectives” are hired to probe a target and provide an attack blueprint. Recon services could include reports on security schema, key security personnel, number of on-prem servers, compromised credentials and many other items.

The implication of these turnkey, subscription-based offerings is that anyone, with any skill level, will be able to launch a sophisticated attack.

Looking ahead at developing technology, the next frontier of cybercrime will be the intersection of the Dark Web with Web3. Web3 is a new model for the World Wide Web which incorporates concepts such as decentralization, blockchain technologies, and token-based economics. Many corporations are beginning to experiment with Web3 tools as a means to store and manage data and provide customized, AI-driven user experiences. The decentralization and obscurity of Web3 technologies will be the next major challenge for cybersecurity.

The presentation concluded with practical action. The protection against a multi-directional threat landscape must be a multi-layered security strategy. Thankfully, there is a wide toolbox of possibilities, including:

• Have a Disaster Recovery Plan (DR)

• Have an Incident Response Plan (IR)

• Practice your DR & IR Plans

• Manage Vulnerabilities

• Patch your systems

• Use Virtual Patching

• Continually Train your Employees (Phishing)

• Use Multi-Factor Authentication

• Adopt a Least-Privileged Access Philosophy

In regard to Operational Technology, a multi-layered security plan should also include:

• EDR (Endpoint Detection and Response)

• Inline Sandboxing

• Off-site and offline backups

• ZTA (Zero Trust Architecture)

• Conduct Network Mapping & Connectivity Analysis

• Implement Strong Identity and Access Management (IAM) Strategy

After a lively open floor discussion, seminar attendees retreated to a private VIP box where they enjoyed great food and enviable views of the game!

In conclusion, what can you do right now to protect your organization?

You can contact us to discuss any of these strategies. You can also request a FREE cybersecurity threat assessment. It is minimally disruptive to your ongoing operations and will provide you with a detailed report of vulnerabilities. These assessments often surprise our clients. In 70% of cases, malware is detected, and – as they say – knowledge is power.