It’s critical to stay ahead of top cybersecurity threats, but this can be challenging for security leaders, since both sides of the playing field change continuously. The external threat landscape is always evolving, as attackers develop and refine new tools and techniques. Meanwhile, the systems and infrastructure that security teams must protect are also always changing, often introducing new technologies with new risk profiles.
It’s more important than ever for leaders to stay ahead of top cybersecurity threats by:
- Seeking guidance from industry analysts and other thought leaders about macro-level security trends.
- Leaning on their security partners to proactively analyze, interpret, and share their own research and observations.
To jumpstart this process, I invite you to download a copy of Forrester’s report, “Top Cybersecurity Threats of 2023.” And as a complement to this research, I’ll also share some commentary about today’s top cybersecurity threats on behalf of the LogRhythm Labs security and threat research team.
Artificial Intelligence Threats: Real or Hype?
AI is an excellent example of a new threat category that likely blindsided many security leaders over the last 12 months. But is it a theoretical risk or something that security leaders must act on urgently?
There are at least three threat vectors that security teams must consider when it comes to AI cybersecurity threats:
- How might threat actors weaponize AI to execute more sophisticated attacks?
- Will employee use of external AI platforms lead to proprietary data leakage?
- Will the “poisoning” of AI models by adversaries emerge as a more powerful form of social engineering?
Our Take:
The first two items above are most definitely real. There is little doubt that attackers are already tapping into the power of AI, just as they were already using bots and other forms of automation to accelerate and scale attacks. One example we’re already seeing is the use of AI language models to generate more realistic phishing emails that are free of telltale grammar errors and misspellings. Meanwhile, many risk-conscious organizations are already placing restrictions on external AI model usage, in response to early examples like Samsung’s disclosure that employees shared proprietary source code to ChatGPT.
We agree with Forrester’s assessment that AI model poisoning is more of a longer-term threat than something that is impacting organizations today. It’s something we are paying close attention to with our own use of machine learning in our security products. This will become more of an issue as more organizations adopt custom AI models for specific business processes.
Overall, AI is a risk area that security leaders must take seriously, but it’s important not to oversteer in this direction at the expense of security activities with a greater near-term impact.
Cloud Security Cybersecurity Threats
The great cloud migration is largely complete at this point. According to a 2022 Forrester survey, which is referenced in our free download, adoption rates for hosted private cloud, internal private cloud, and public cloud infrastructure now all exceed 80 percent.
Many organizations had early security growing plains with the cloud, such as data leakage through unprotected cloud storage containers. While these types of misconfiguration issues still occur regularly, many organizations have increased their cloud security sophistication using a combination of cloud providers’ integrated security features and third-party options.
Nonetheless, cloud security remains far from solved for several reasons:
- Multi-cloud environments are becoming more common, making it difficult to rely solely on cloud provider-specific security tools.
- Many cloud environments have a mix of deployment models, as organizations combine traditional cloud workloads with newer deployment models like containers.
- The same dynamic attributes that make cloud infrastructure so appealing from an operational standpoint also introduce rapid change that security tools can’t always stay in step with.
Our Take:
Overall, most organizations are approaching cloud security with an appropriate level of urgency. At the same time, it’s critical to bring all the disparate security signals from your built-in and third-party cloud security tools together into a unified analytics, detection, and response framework. And as new tools and techniques are added, it’s important to integrate them into this same framework rather than creating many one-off views and workflows.
At LogRhythm, we try to make this simpler for customers by adding turn-key connectors to new data sources and forging strong technology partnerships across the cloud and security ecosystems.
How Geopolitical Cyberthreats Impact Security Priorities
The tense geopolitical climate globally, including the continuing war between Russia and Ukraine, is driving an uptick in cyberattacks originating from nation-state actors. Because these attacks target both government and civilian targets, it’s critical for security leaders to monitor both military actions and related activities like sanctions and proactively consider possible responses.
For example, a country targeted by economic sanctions may use these actions as justification for retaliatory cyberattacks targeting the financial sector of its adversary. Similarly, cyberattacks against private-sector transportation, energy, and healthcare infrastructure are a likely byproduct of global tensions and conflict. One notable example of this is KillNet, a pro-Russia hacktivist group that has been targeting the interests of countries that support Ukraine with distributed denials of service (DDoS) attacks. Their activities have been ongoing throughout the Russia/Ukraine war, including one high-profile attack that targeted 14 prominent U.S. hospitals in early 2023.
In addition to the potential for direct damages, security leaders also face other indirect pressures. As Forrester’s report highlights, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires U.S. critical infrastructure companies to report cybersecurity incidents to CISA within 72 hours and ransom payments within 24 hours.
Our Take:
While nation-states use similar tools and methods as other attackers, adapting security monitoring practices to create a defensive posture when geopolitical cybersecurity threats escalate is critical. This includes refining detection methods in response to external threat intelligence.
Security partners like LogRhythm can play an essential role by bringing external threat intelligence and lessons learned from work in individual customer environments together to benefit all of our customers. In addition, by enabling sound and mature detection and response processes, LogRhythm can help organizations meet incident reporting mandates.
Ransomware and Double Extortion Cybersecurity Threats
Ransomware is another topic that has been top-of-mind for security leaders for years. As with cloud security, many organizations are now taking a more sophisticated approach to ransomware prevention and response.
But it remains one of the top risks that most organizations face, since attackers are also increasing the sophistication of their ransomware tactics. For example, the use of “double extortion” is on the rise. In these scenarios, even organizations that are prepared to restore their data without paying a ransom face additional pressure from a secondary threat that their sensitive data will be publicly exposed if they don’t pay.
And as Forrester notes in their research, perpetrators have little hesitation in targeting organizations like hospitals, creating literal life-or-death impacts.
Our Take:
Organizations should not take their eye off the ball when it comes to ransomware. While blocking ransomware vectors like malicious email is often the best defense, these approaches will never be 100 percent effective.
It’s important to augment these measures with ransomware-specific monitoring techniques. I shared some examples of the top ransomware detection techniques in a previous post. We continuously monitor how ransomware techniques evolve and adapt our detection methods to stay in step.
Business Email Compromise and Social Engineering
What is driving cyber insurance claims? While you might expect ransomware to be the leading driver of cyber insurance claims, Forrester notes in their research that business email compromise (BEC) and social engineering are actually leading the charge. These attacks can be devastating financially, since they often result in monetary theft, such as fraudulent wire transfers initiated by well-intentioned employees who have been manipulated through social engineering.
Our Take:
As with ransomware, continuing to focus on email security practices is a vital mitigation measure against BEC. Building security awareness among both technical and non-technical employees through formalized training programs is another crucial mitigation measure.
But given that neither of these will take BEC nor social engineering risk to zero, cyber insurance is another way to manage risk in this area. We partner with our customers to ensure they monitor for any signs that BEC attempts are escalating. In addition to increasing the chances of stopping an in-process attack, we help customers demonstrate to cyber insurers that they have mature security operations practices in place.
Stay Ahead of Today’s Top Cybersecurity Threats
Once again, if you would like to read Forrester’s complete analysis of today’s top cybersecurity threats, be sure to download your free copy of their “Top Cybersecurity Threats in 2023” report.
And if you’re using LogRhythm today, here are some tips for maximizing your protection against these threats:
1. Optimize Your Email Threat Detection Posture
While most organizations are using malware-blocking and antiphishing platforms today, it’s critical to connect the dots between detected email threats and other threat signals and indicators of compromise in your environment. Through our integrations with leading email security products, we provide the additional context about email-based risks necessary to defend against more sophisticated, AI-enabled attacks and ever-evolving ransomware and BEC tactics. Check out our phishing demo to see how this works.
2. Prepare Pre-Defined Playbooks for Ransomware Attacks
Given the prevalence and impact of ransomware attacks, effective detection alone is not enough. LogRhythm makes it possible to integrate guided playbooks into your response workflows. By combining advanced planning, well-documented procedures, and the use of automation where possible, LogRhythm playbooks increase the speed and effectiveness of your team’s response to ransomware incidents, minimizing business impact.
3. Diversify Your Cloud Security Monitoring Capabilities
As your cloud footprint expands and evolves, it’s important to ensure that your threat detection model does not develop visibility gaps. LogRhythm’s ability to collect and analyze log data directly from leading IaaS and SaaS platforms, as well as third-party cloud security posture management (CSPM) and cloud access security broker (CASB) platforms, makes it easy to maintain effective threat detection coverage even as your organization adopts new cloud platforms and deployment models.
4. Harness External Threat Intelligence
New geopolitical risks can emerge quickly based on world events, and one of the best ways to stay vigilant is by including external threat intelligence in your security monitoring strategy. Taking advantage of LogRhythm’s threat intelligence ecosystem will provide early warnings about new nation-state threats and incorporate the latest information about malicious attack sources and tactics into your monitoring strategy.
5. Approach Security Operations Maturity Systematically
Whether you are working to achieve compliance with new cyber incident reporting requirements or engaging with a cyber insurance provider, it is critical to demonstrate your level of security operations maturity – and your roadmap for future improvements. LogRhythm’s Security Operations Maturity Model (SOMM) provides a clear and actionable framework for assessing your current level of capability and prioritizing future enhancements.
6. Augment In-House Talent with Specialized Experts
Investing in the recruitment, development, and retention of in-house cybersecurity talent is critical. But selective engagement of outside cybersecurity experts can help your security team achieve better outcomes by reducing burnout risk and providing ongoing access to specialized expertise. LogRhythm’s suite of services includes numerous options to help you realize value from your security tool investments faster. This includes access to an Analytic Co-Pilot who will guide your threat detection and response strategies across the risk areas and use cases that are most critical to your organization.
Not using LogRhythm yet? Schedule a brief introductory call to speak with us about your security challenges and learn more about how we can help you stay ahead of today’s top cybersecurity threats.