In the age of rapid technological evolution, cybercriminals have been one of the many benefactors of novel technology, capitalising on emerging technology through the addition of new digital tools to strengthen their arsenals and accelerate their capabilities.
Cyber security controls considered robust not long ago are now being circumvented by these advanced tools and techniques, posing a heightened risk for organisations to mitigate.
Three driving factors can be attributed to attackers’ increasing sophistication:
Adoption of AI
The barrier to entry for leveraging Artificial Intelligence (AI) has been significantly lowered through the emergence of pervasive platforms providing AI as a Service (AIaaS). The ease of implementation coupled with inexpensive requirements has allowed cybercriminals to weaponise AI to increase the efficacy of cyber campaigns, which has been leveraged in phishing campaigns and in the development of malware.[i]
Adoption of nation state tooling
2021 saw a record year of zero-day vulnerability exploitation in the wild, almost three times the volume in the previous year.[ii] Organizations that struggled to sustain the pace required to patch vulnerable systems felt the full force, as cyber insurance data showed a 100% increase in claims relative to 2020.[iii]
Historically, zero-day exploitation has been associated with nation state actors. However, we are witnessing a turning of the tide, as financially motivated cybercriminals were attributed to almost one third of zero-day vulnerability attacks in 2021. Moreover, the time elapsed between the announcement of a zero-day exploit and wide-scale exploitation by other cybercriminals has reduced significantly, which implies that they are adopting the newest tools and techniques developed by nation states with increasing ease.
Cybercriminal mergers and acquisitions
Much like organisations that seek to expand revenues through the acquisition of complementary firms, M&A activity allows cybercriminal groups to grow inorganically and expand their capabilities.
For instance, the adoption of a trust-based team model has accelerated the maturity of cybercriminal group Conti. At the end of 2021, Conti acquired the lead developers and managers of cybercriminal group TrickBot, transforming Trickbot into a subsidiary rather than a supplier. In turn, this granted Conti autonomy over the direction of development activity, while simultaneously strengthening their malware capability.[iv]
How should organisations react?
As organisations embed new defensive capabilities, cybercriminals generate an equal and opposite reaction – whether that be through the adoption of AI, nation state tooling, or the acquisition of new criminal groups. Combatting this requires organisations to act continuously and decisively, and three winning approaches can be taken, at no additional cost, to provide a competitive edge:
- Enhance cross-functional collaboration. Cross-functional collaboration between security teams and internal partners, such as enterprise architecture and privacy, is the organisational canary in the coal mine. Breaking down communication siloes and establishing regular communication channels and forums for discussion between the teams enables pertinent risks to be surfaced and addressed before the risks materialise.
- Embed a culture of continuous improvement. Ultimately, security is not an independent project that can be completed – it is a behaviour, an attitude. A paradigm shift is required to transform a security programme from reactive to proactive. Operationalising this requires implementing regular lessons learned exercises across all functions and continually asking the question ‘how can we improve our processes next time?’.
- Measure the efficacy of security controls. Reporting operational and executive key performance indicators enables the effectiveness of key controls to be tracked. Trends and leading indicators highlight gaps which enables the decision makers to drive investment and optimise resource allocation, allowing security programmes to adapt to the dynamic threat landscape.