Interview

What are the main cybersecurity trends of 2024?

Cybersecurity is a constant priority in financial services and cyber attackers are constantly evolving. Patrick Brusnahan asks the experts.

Patrick Brusnahan: What are the main cybersecurity trends of 2024?

Piers Wilson, Head of Product Management at Huntsman Security: There are a few that are notable, one is AI. This seems to have three dimensions as far as cyber security goes. One (and this is far from new, more like a decade in the brewing) is using AI to detect changes and activity in networks and systems to detect attack. We’ve been doing this for a while, and it’s fairly mature, but obviously has a slightly newer level of attention. The second is using AI to aid the security operators in understanding or dealing with incidents. It's not quite a paperclip, “It looks like you are trying to diagnose a security incident, would you like some help?”, but more like enabling easier search and access to knowledgebases, other experts and sources to help diagnose a threat using AI. 

Lastly, and this is one of the most worrying, is its use to craft better and more convincing phishing emails, possibly even tailoring them for specific companies or people. Like asking chatGPT to write an email that would be most likely to get a member of the development team to click on a link…” as well as using AI to find other targets and ways to attack. 

The other big one is operational resilience, this puts new (regulatory) pressure on organisations, specifically the FS, with policy statements from the FCA and security checklists form the BoE that mean financial service providers need to better understand their critical processes, the systems they rely on, the dependencies these have and the third parties that are part of the supply chain. 

The OpRes agenda requires not just appropriate protective cyber security controls, but also a need to have thought about prevention, containment/mitigation, response and recovery - it's about surviving incidents when they do occur as much as stopping them occurring. 

 Alex Holland, Senior Malware Analyst in the HP Wolf Security threat research team, at HP Inc: Threat actors are increasingly employing a wide range of techniques to prevent campaigns being detected by security tools – with new evasion methods enabling attackers to infect computers under the radar appearing every day.” 

For example, cybercriminals changed the way Raspberry Robin is spreading. Threat actors have shifted to using highly obfuscated Windows Script Files (.wsf) with a range of anti-analysis and virtual machine detection techniques. This has made Raspberry Robin much harder to spot, triage, and protect against. In fact, currently the Windows Script loader is poorly detected by anti-virus scanners on VirusTotal, and some samples are not being detected at all. Additionally, a recent DarkGate PDF campaign evaded detection by proxying links though advertising networks. Each malicious link was obfuscated behind an advertising link, which helped the cybercriminals operating DarkGate to evade detection and even capture analytics about victims. 

Patrick Brusnahan: ​​​​​​​How can private banks and financial institutions combat the ever evolving threat of cyber criminals?

Piers Wilson: The guidance on resilience, and this is seen again and again, can be helpful here. Survivability is key. So, consider prevention of cyber security incidents, how to contain them and limit the impact (or blast radius), then being able to respond - practiced and capable incident handling processes - and then recovery. Getting systems and functions back online and services restored quickly. 

Within each of these “pillars” does of course lie a number of processes, controls, checks and safeguards. Getting visibility and having more effective oversight of the controls is also key. An annual “cyber security review” is not enough, the pace is way too quick for that. You need good, accurate real time risk information that can drive the operational work of technical teams as well as give the board a continuously refreshed picture of the risk landscape. 

 Alex Holland: ​​​​​​​Organisations must start building a more collaborative security culture as they settle into the future of hybrid work. But even so, they must prepare for the reality that most users will eventually click on something they shouldn’t. 

As attacks against users increase, having security baked into people’s PCs from the hardware up – so they can easily prevent, detect, and recover from attacks – will be essential. Today, email is still the most common attack vector, particularly for opportunists like cyber hustlers. Isolating risky activities is an effective way of eliminating entire classes of threats without relying on detection. Threat containment technology ensures that if a user opens a link or attachment and something nasty comes through, the malware can’t infect anything. This way financial services organisations can reduce their attack surface and protect employees without hindering their workflows. 

Patrick Brusnahan: Who are cyber criminals targeting more than others?

Piers Wilson: These days it’s almost anyone. The big difference in the last few years has been the geopolitical angle. Whereas it might just have been large enterprises and banks with a financial motive, now its critical infrastructure and any business that could have a disruptive effect on society.

 Alex Holland: Home users or remote workers often get caught in the firing line, as they are easier to compromise than the enterprise. Cybercriminals can use simpler techniques, like scams and phishing – potentially capitalising on the economic downturn by offering people fast ways to make money, like cryptocurrency and investment scams. The interconnected nature of the cybercrime gig economy means threat actors can easily monetise attacks. And if they strike gold and compromise a corporate device, they can also sell that access to bigger players, like ransomware gangs. This all feeds into the cybercrime engine, giving organised groups even more reach.

Patrick Brusnahan: What is the biggest hurdle in tackling cyber crime?

Piers Wilson: Speed and bandwidth. The example of cyber security audits above is a good one. Checking controls annually is of little use, but doing that more often could be expensive if using manual/traditional processes, there’s a need to utilise technology better to free up the precious time of scarce security resources to work on finding and dealing with vulnerabilities and threats, not just endlessly reporting on controls, fielding audits and responding to questionnaires. As business more generally have undergone digital transformation, so too must cyber security operations and audit processes.

 Alex Holland: In recent years we’ve seen the rise of the cybercrime gig economy, where the shift to platform-based business models has made cybercrime easier, cheaper and more profitable. Cybercrime tools and mentoring services are readily available at low costs, enticing cyber hustlers – opportunists with relatively low levels of technical skill – to access what they need to turn a profit. As we face another global downturn, easy access to cybercrime tools and know-how could increase the number of attacks we see – especially attacks against home users by opportunistic attackers.

09/12/2024 10:09:08
  • Home | Cybersecurity in the age of AI
  • Contents
  • Briefing
  • Foreword: Cybersecurity in the age of AI
  • Navigating the AI-driven cybersecurity landscape
  • Key trends impacting cybersecurity
  • Timeline: a history of cybersecurity
  • Explainer: The most common types of cyberattacks
  • AI attacks now ‘the main cybersecurity concern’ for businesses across sectors
  • The state of cybersecurity: AI and geopolitics mean a bigger threat than ever
  • Companies’ own AI applications are ‘a huge cybersecurity problem’
  • Regulators must protect the cybersecurity market from a private equity takeover
  • Healthcare
  • The impact of cybersecurity on healthcare
  • Case studies: cybersecurity in healthcare
  • Leading cybersecurity adopters and providers in healthcare
  • How healthcare cybercrime is predicted to escalate
  • Healthcare cybersecurity risk ‘higher than ever’ due to pandemic
  • Industry takes: Keeping healthcare businesses cybersecure
  • Rubrik’s Richard Cassidy on cyberattacks and resilience in healthcare organisations
  • Cyberattacks on healthcare: Russia’s tool for mass disruption
  • Traceability technologies tighten supply chain fakery
  • Could brain-computer interfaces be hacked?
  • Deal activity related to cybersecurity in the pharma industry since 2021 
  • Deal activity related to cybersecurity in the medical industry since 2021 
  • Energy
  • The impact of cybersecurity on the energy sector
  • Case studies: cybersecurity in energy
  • Leading cybersecurity adopters and providers in power
  • Cyberattacks on critical energy infrastructure ‘have increased dramatically’
  • Report: Nuclear industry faces acute cybersecurity threats
  • The energy transition means increased attack surfaces for hackers
  • Deal activity related to cybersecurity in the power industry since 2021 
  • Cyber threat to oil and gas driven by geopolitics, extortion
  • How has cybersecurity changed since the Aramco hacks?
  • Deal activity related to cybersecurity in the oil and gas industry since 2021 
  • Mining
  • The impact of cybersecurity on mining
  • Case studies: cybersecurity in mining
  • Leading cybersecurity adopters and vendors in mining
  • Proactive approach to cybersecurity key for mines
  • ‘Operational disruption’ the main cybersecurity threat in mining
  • Why the mining sector should prioritise investment in cybersecurity
  • Will the Northern Sea Route become commercially viable in the near future?
  • Deal activity related to cybersecurity in the mining industry since 2021
  • Defence
  • The impact of cybersecurity on defence
  • Case studies: cybersecurity in defence
  • Leading cybersecurity adopters and providers in defence
  • Latest news: Ukraine war dominant in cyber operations
  • Sweden’s Nato accession: a cyberattack-filled saga
  • Germany recalls ambassador to Russia over cyberattacks
  • Why have cyberattacks in Poland spiked since Donald Tusk’s election?
  • How did China hack the UK Ministry of Defence?
  • Will IoT in defence continue to grow amid cybersecurity concerns?
  • AI Innovations wants to use semi-autonomous drones to save lives in Ukraine
  • Deal activity related to cybersecurity in the aerospace & defence industry since 2021 
  • Consumer Goods
  • The impact of cybersecurity on the consumer goods sector
  • Case studies: cybersecurity in the consumer sector
  • Leading cybersecurity adopters and providers in consumer goods
  • Latest news: Cybersecurity in packaging
  • Cybersecurity rising concern for packaging firms as digitalisation raises threat
  • Packaging companies must protect production lines from cyberattacks –analyst
  • Cybersecurity boost: Packaging learns from recent IT outages
  • Deal activity related to cybersecurity in the packaging industry since 2021 
  • Latest news: Cybersecurity in drinks 
  • Drinks industry faces cybersecurity challenges from smart manufacturing
  • Brown-Forman chief talks cybersecurity
  • Modern supply chains open up cyber weak spots
  • Banking
  • The impact of cybersecurity in banking and payments
  • Case studies: cybersecurity in banking
  • Leading cybersecurity adopters and providers in banking & payments
  • Latest news: cybersecurity in banking
  • AI needed to tackle AI fraud – cybersecurity expert
  • What are the main cybersecurity trends of 2024?
  • What does the Economic Crime Act mean for foreign investors to the UK?
  • Regulators make crypto more attractive to institutions – NYU professor
  • Finance firms and ex-spies: strange bedfellows in a war-torn world
  • Monzo adds friction to fight fraud—but the features may not be popular with customers
  • Looking to stop payment fraud? Modernise your approach to bank validation
  • Governments must intervene on anti-fraud funding for real-time payments
  • Knowledge sharing puts finance sector among best for cybersecurity
  • Deal activity related to cybersecurity in the retail banking industry since 2021 
  • Sponsorship opportunities
  • GlobalData Thematic Intelligence
  • Next issue
09/12/2024 00:00:00