Enhancing cyber resilience in an evolving threat environment

Light blue digital lines on black background

Image courtesy of Adi Goldstein via Unsplash

Cyber incidents pose a significant risk to organizations across every industry. Despite numerous warnings about malicious activities and their severe financial and reputational impacts, many organizations are less prepared for cyber threats than they realize.

The landscape is continually evolving, with advancements like AI accelerating social engineering attacks and cybercriminals exploiting cloud servers to help run their operations. Keeping up with these ever-changing threats can be challenging.

A dynamic cyber environment

Organizations today must be vigilant against various types of attacks, including phishing, malware, and distributed denial-of-service (DDoS). In addition, ransomware remains one of the most common cyber threats — enabling data theft from millions, and funding criminal activities (including human trafficking and global terrorism) through paid ransoms.

A recent IDC report commissioned by Kyndryl revealed that 70% of IT leaders experienced ransomware attacks in the preceding year, with two-thirds opting to pay the ransom. Additionally, 90% of those affected reported data exfiltration, leading to significant disruptions and financial losses.

Many incidents start with a single user clicking on a malicious link. In fact, human error often plays a critical role in cybersecurity breaches. In response to a recent example, the FBI and CISA issued a Cybersecurity Advisory to #StopRansomware against threat actor BlackSuit, which typically demands ransoms ranging from $1M to $60M – usually through phishing emails. The increasing sophistication of cyber threats, including the use of generative AI for social engineering and malware distribution, underscores the need for a cohesive incident-response protocol.

The prevalence of ransomware highlights the need for more effective digital forensics teams. However, fragmented incident response and recovery processes often exacerbate problems, hindering the abilities of businesses and governments to recover swiftly after an incident.

Emerging threats

Generative AI is a powerful new tool for bad actors. This technology can create convincing audio and video clips impersonating real individuals (deep fakes), making it easier to bypass security systems and execute phishing or social engineering attacks. Additionally, generative AI is being used to spread malware with rolling codes that are harder for IT security systems to detect.

In response, businesses and governments must adapt AI and machine learning to identify patterns and detect operational anomalies. Without these technologies, organizations will struggle to meet these rising threats.

CIOs, CISOs and other officers should start by validating essential controls, stress-testing their response and recovery capabilities and updating training programs to address AI-based threats.

Building cyber resilience

Human error and AI are significant concerns for cybersecurity experts. Businesses and governments must focus on building a cyber resilience strategy to anticipate, protect against, withstand and recover from various cyberattacks. This involves not only investing in the right technologies, but also fostering a holistic approach to cybersecurity within the organization.

The first step in building cyber resilience is identifying critical services and their impact tolerances for data loss and outages. Organizations should then map their infrastructures to applications and assess whether existing controls can protect against disruptive attacks, detect future threats and facilitate recovery. Finally, businesses and governments should develop customized roadmaps for continuously improving resilience and modernizing infrastructure. These roadmaps should include plans for third-party technical assistance, particularly for sector-specific applications. By maintaining a focus on cybersecurity and potential threats, organizations can cultivate a culture of healthy skepticism, reducing the likelihood of successful attacks or human error incidents like phishing breaches by BlackSuit.

Cyber threats have always evolved alongside technological advancements. The unprecedented capability of generative AI to enhance and accelerate malicious activities necessitates more robust and comprehensive defenses.

To adapt, organizations must equip themselves with AI-enabled defenses that surpass AI-enabled threats, while adopting cyber resilience strategies that integrate cybersecurity, business continuity, and disaster recovery to mitigate disruptive and costly cyberattacks.