Protecting against cyber-threats has never been more important. In September, according to Hacker News, the US government dismantled the Raptor Train botnet that managed to capture more than 200,000 devices; there was a rise in phishing lures using potential jobs to infect applicants with MISTPEN; phishing attacks are using refresh entries in HTTP headers to send spoof email login pages; and misconfigurations in ServiceNow have resulted in sensitive data leaks.
Ransomware attacks are more sophisticated, budgets are shrinking thanks to continued geopolitical uncertainty and ongoing economic volatility, and emergent technologies are putting pressure on already strained security systems. Companies need to be compliant, secure, aware and on point as the threats continue to evolve and adapt to find new vulnerabilities and weaknesses.
There are, however, bright lights on the security horizon as companies adapt their services and approaches to mitigate the threats and stay ahead of the security trends.
The trends, the threats and the security
Here are some of the biggest trends in security right now alongside the solutions that are being created to match demand and mitigate the threats.
01: The CISO
At first, the Chief Information Security Officer (CISO) was just security. Their role was to prioritise day-to-day operations and ensure the walls were up and the employees aware. Now, this role has become incredibly strategic as the CISO manages compliance, security investments, regulatory awareness, employee training and C-suite conversations.
The insight: A CISO reduces the risk of security gaps, ensures policies are aligned with the business, and improves an organisation’s security posture.
02: Changing regulations
Currently, there are 156 countries that have cybercrime regulations in place with Europe the highest and Africa the lowest. According to UNCTAD, 80% have regulations in place, 5% are in the draft phase, 1% have no data and 13% have none. Many of these regulations, such as the EU Cyber Resilience Act and the US Securities and Exchange Commission, are putting immense pressure on companies to ensure they have robust security measures in place or else face increasingly complex consequences.
The insight: The governance required to keep up with regulations can help organisations refine their security postures, build more robust security programmes, and stay ahead of the threats more effectively.
03: Ransomware
This remains one of the most prevalent threats. In a recent Statista survey, approximately 41% of CISOs labelled ransomware as the biggest threat to the business, followed by malware at 38%, and email fraud and DDoS attacks at 29%. These attacks are sophisticated, smart and disruptive, and they are a relentless threat to the business. They can also leave a business in complete disarray if measures haven’t been put in place to protect and recover the data.
The insight: Endpoint security offers companies with comprehensive protection by reducing your attack surface across devices and applications. Solutions such as Microsoft 365 Guardian are designed to provide companies with effective protection and management alongside real-time visibility into threats within your environment.
04: Deepfakes
Generative AI is turning up the proverbial heat. It can be used to mimic voices and faces, creating fake voice notes and videos that trick people into making payments, sharing logins, or providing private information to hackers. These deepfakes are so powerful that they are defined as ‘adversarial AI’ and are, according to Deloitte, anticipated to inflict losses to business at a CAGR of 32% by 2027.
The insight: It comes down to awareness and resilient security. While deepfakes are tough to spot and people can make mistakes, ongoing training and awareness throughout the business can minimise the threat. Employees need to question the Why behind odd and unexpected requests from leadership while security needs to create an ecosystem that allows for people to understand the risks and recognise the threats.
Bolstering your company’s security is complex, but it is achievable. You can maintain your digital transformation agenda and build a thriving digital ecosystem while staying on top of security and empowering your employees. With Microsoft’s solutions, ongoing research and development and commitment to ensuring its technology is as secure as possible, companies can confront these challenges with confidence.