Alain Penel, Regional Vice President (Middle East) of Fortinet, outlines the potential cyberthreats of 2021 and how CISOs can prepare their organisations to deal with them.
In an era of constant innovation, it is important to be constantly aware of the impact that new technology has on the threat landscape.
While IoT devices and multi-cloud environments have proven beneficial, especially in times of increased remote work, CISOs must also understand the risks that such solutions pose to their employees and to their organisation.
Over the past 20 years, Fortinet’s team of security researchers has found that while certain aspects of cyberattacks continue to evolve, such as new malware or targeting new elements of the network, the underlying attack patterns, criminal behaviours and end goals have typically remained the same.
In recent years, the team’s predictions have addressed issues such as the evolution of ransomware, attacks targeting converged technologies and the weaponisation of machine learning (ML) and artificial intelligence (AI). However, while some of these threats have already come and gone, others are only just starting to make an impact.
As digital innovation, the expansion of the network, evolving corporate strategies and the growing reliance on business applications continue to accelerate, the traditional network perimeter has been replaced by multiple edge environments – each with their own unique set of risks.
Cybercriminals are fully aware of these vulnerabilities, as well as the fact that for far too many organisations, a full security strategy often lags behind network expansion; they also know that organisations often sacrifice security to maximise agility and enhance performance between these interconnected edges.
This lack of adequate security measures has led threat actors to allocate significant resources towards targeting and exploiting new edge environments, especially the home office branch and remote workers. Through the weaponisation of 5G and edge computing – and the subsequent deployment of swarm-based attacks – cybercriminals are able to easily target victims while fending off most of the lacklustre solutions attempting to fight their attacks.
As cyberattacks grow more advanced, CISOs should understand the role AI can play in helping their organisations stay a step ahead of their cyber adversaries.
In addition to enabling an automated system that can detect threats and attacks before they occur, AI can also be used to document the behaviours of cybercriminal activity in detail, resulting playbooks that can help identify an attack, anticipate an attacker’s next moves and circumvent their threat before they can complete their mission or achieve their objectives.
As AI and ML systems gain a greater foothold in networks, their ability to build out such playbooks is not far from reality. In fact, basic playbooks using schemes like the MITRE ATT&CK framework to standardise behaviours and methodologies are already being used by various threat research organisations, including FortiGuard Labs.
One of the most likely outcomes of this will be the continued evolution of ransomware, making it one of the most dangerous and damaging threats facing organisations today.
In addition to encrypting data and systems, cybercriminals are now posting data on public servers and threatening to expose organisational leaders unless a ransom is paid, moving extortion and defacement to the digital realm. While there are now organisations appearing on the darknet with a business model of negotiating ransoms to save victims money, the benefits of this are short-term and the end of the day, the bad guy will almost always get a payday – this will only reinforce their criminal behaviour.
Inspired by the collective behaviour of biological systems such as ants, bees, or flocks of birds, swarm intelligence is being developed by industry to tackle such tasks as efficiently exploring a new environment by collecting, aggregating, and correlating data in real time, rapidly assembling complex devices, optimising complex problems such as vehicle routing, or tightly coordinating flight manoeuvres of a squadron of military jets.
As this technology matures, the opportunities for malicious use are endless.
The cyber-wars of the future will occur in milliseconds, meaning the primary role of humans will be to ensure that their security systems have been fed enough intelligence to not only counter attacks in real-time, but also anticipate such attacks so that they do not happen in the first place.
To defend their networks against these increasingly sophisticated, and eventually, AI-enabled attacks, security teams must look to adopt AI-enhanced technologies of their own designed to see, anticipate, and counter such threats.
Security implemented after the fact is never as effective as if it were to be interwoven in the fabric of a new network or solution right from the start.
This is especially important to remember as our reliance on data and internet links enabled through advanced satellite-based systems continues to grow. While satellite security concerns have traditionally been nominal because they are extremely remote, this may no longer be enough as satellite-based networks proliferate.
By compromising satellite base stations and spreading malware through these networks, attackers potentially gain the ability to potentially target millions of users. Such attacks will likely start with such tactics distributed denial-of-service (DDoS) attacks, but as communication through satellite systems becomes more common, CISOs should expect more advanced attacks to follow.
The 2020 FortiGuard Labs Threat Predictions report highlights several important concerns, but perhaps the most forward-looking involves quantum computing.
While access to quantum computers is beyond the scope of traditional cybercriminals, one of the biggest concerns is the use of such systems by nation-states to break cryptographic keys and algorithms. Experts now expect quantum computers to break elliptical curve cryptography by 2027, and governments everywhere are developing cyber-strategies to address such a threat.
With this in mind, organisations – like their government counterparts – will need to adopt quantum-resistant computing algorithms wherever cryptography is used to ‘sign’ and protect the integrity of information as soon as they become available.
The threat landscape will only grow more advanced as time goes by, meaning that it is no longer a matter of if an organisation will be a target of a cyberattack, but instead a matter of when. Which is why, in addition to establishing a proactive and forward-looking defence strategy, CISOs also need to solidify their plans for effective incident response and business continuity.
The use of an integrated AI system will enable a security team to defend their networks and respond to attacks before they can leave a mark.
However, even with the right technology in place, organisations cannot be expected to fend off the full range of modern attacks on their own. To effectively protect their networks, they will also need to:
Additionally, organisations must also work with vendors who have established partnerships with public sector institutions, including education and law enforcement. Such public-private sector alliances help raise the bar for the detection, response and prosecution of criminal behaviour. Organisations must also play an active role in educating their employees and others to not only engage in safe cyber-behaviours, but possibly even consider a career in cybersecurity, helping to close the skills gap while protecting others along the way.
Because cybercriminals do not respect political borders, law enforcement organisations have built global command centres closely tied to the public sector, helping them see and respond to cybercrime in real-time.
By weaving similar threat intelligence into their security resources and enabling team members to stay abreast of the latest updates, CISOs can build and deploy more effective playbooks that will not only help their own organisations, but by being a good neighbour, also help protect others that could be affected by certain threats.
What this latest round of predictions highlights is the fact that cybercriminals will only grow more advanced in their attack methods.
During such a time of rapid evolution, it is up to CISOs to stay up to date on the latest threat intelligence as well as understand how the new technologies and network operations their organisations adopt to improve efficiency could have a lasting impact on cybersecurity.
By monitoring the threat landscape, partnering with the right vendors, and establishing valuable alliances, these security leaders can better protect their employees while also helping the industry as a whole stay ahead of modern threats.
To find out more information, visit: https://www.fortinet.com/.