Evolving Cyber Threats Means Enterprises Must Do More

Enterprises in the Asia Pacific are doing a much better job of discovering cyber intruders today, but the impact of breaches is worsening with continued digital transformation, according to the Mandiant M-Trends 2024 report.

The good news is that while breaches were mostly detected and flagged by external parties in the past, at least half of cybersecurity breaches are now discovered by the affected enterprises themselves – and indications suggest this trend will continue.

On the flip side, adversaries are not sitting still. They have intensified their efforts and achieved some success against traditional cybersecurity defences, including safeguards like multi-factor authentication.

How is the cyber landscape changing, and what does it mean for enterprises and governments? Crucially, what are the latest trends, and how can organisations mitigate them?
 

The evolving cyber landscape

If there is one certainty, it is that enterprises cannot stop digital adoption or slow down. To stay competitive and get ahead in today’s hyper-connected world, businesses must embrace digitalisation and integrate technology into every aspect of their operations.

One downside to this is a vastly expanded attack surface, as well as a greater inconvenience when systems crash or are compromised. This is evident from some recent IT outages, which massively disrupted public utilities, hospitals, and even caused airlines to temporarily stop operations. The consequence of a successful cyberattack is now more significant, leading to substantial financial losses and reputational damage.

While the impact of cyberattacks has increased, it’s worth noting that cyber attackers rarely face the penalty for their actions. Ransomware gangs are occasionally shut down by authorities, but legal loopholes and the difficulty of identifying key ringleaders mean the respite is often temporary.

No organisation is invulnerable, and all will eventually face challenges. Enterprises must lay the groundwork to minimise compromises, swiftly contain breaches, and resume business as quickly as possible.
 

Threat actors getting better

Cybercriminals have poured resources into developing more sophisticated techniques and tools to bypass advanced security measures, making them more formidable adversaries than ever before. While the profile of nation-state actors and ransomware groups remains the same, their capabilities have evolved substantially.

According to the report, there is a shift from phishing attacks to more advanced social engineering techniques, with a more elaborate process to build trust across multiple channels. In addition, there has been a sharp increase in perimeter-based attacks, as adversaries move away from endpoint-based attacks.

This shift can be attributed to improved Endpoint Detection and Response (EDR) solutions, which make it more likely that a compromise is quickly detected. In response, adversaries are increasingly targeting perimeter devices such as firewalls, VPN servers, and MFA servers. Breaches in these devices are difficult to detect and investigate, giving attackers a larger window of opportunity to maintain persistence within the network and exploit vulnerabilities.

Moreover, ransomware threat actors are deploying more zero-day exploits to breach enterprise networks – once primarily the domain of nation-state actors. According to this year’s report, the number of zero days observed has almost doubled.
 

Organisations must do more

It is evident that strategies that worked in the past are becoming less relevant in today’s heavily digitalised and hyperconnected world. Given the substantial larger impact of a cybersecurity breach today, cyber leaders cannot rely on outdated resources to effectively defend against sophisticated threats.

Previously held strategies must be reassessed and adapted to address the evolving threat landscape. For instance, a diligent CISO would have set up robust controls across their network. While necessary and prudent, cyber security controls are not infallible; any control could potentially be bypassed by adversaries with the right ability, intent, and opportunity.

Similarly, enterprises that have established two-factor authentication might falsely believe it provides complete security. However, the report found that attackers could leverage sophisticated Adversary in the Middle Attack (AiTM) to compromise multi-factor authentication safeguards.

Another area of concern is the adequacy of visibility into IT environments. Due to data retention costs, enterprises often make decisions around the volume and type of logs they retain. Such trade-offs can leave gaps in verbosity, systems logged, and timeframe, making them worse off during incident response.
 

A shift in mindset

Cyber adversaries have made substantial inroads into better tools and techniques to penetrate defences. Meanwhile, the effects of successful attacks have soared with the extensive use of digital systems. To stay ahead, enterprises need a shift in mindset.

To effectively counter the evolving threat landscape, organisations must adopt a different strategy. Some enterprises may need to explore newer solutions to reduce blind spots within their network. For instance, a modern cloud-based log management solution incorporating data lakes can cost-effectively capture, store, and manage a much larger amount of data.

They can also consider using AI tools for the initial triage of cybersecurity incidents. This allows responders to quickly narrow down compromised assets and rapidly build a picture of what happened across their infrastructure, enabling a much swifter and more efficient incident response. Ultimately, addressing cyber risk isn’t just the responsibility of the IT or security department; it should be the collective responsibility of every employee in the organisation – including the business owners.