This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Slava Bronfman, CEO and Co-Founder at Cybellum.
How have cyber attacks evolved over the past 12 months?
We see repeated targeted attacks on various edge devices and not only on traditional PCs and servers – hackers are targeting IoT devices deployed within organizations, as they understand that these devices are often the weakest link in the organization. On top of that, we see that supply-chain attacks are on the rise, as again and again, malicious actors realize that one way to circumvent the “perimeter security” set by enterprises is to look for an entry point from within. Suppliers or 3rd party products (software and hardware) received via the supply chain, are weak spots that malicious actors can take advantage of, and use as an easy entry point.
What lessons can be learned from the biggest cyber attacks in recent history?
Analyzing recent attacks such as SolarWinds, it becomes clear that organizations can’t rely on securing the assets they develop on their own – they must take responsibility for their supply chains’ security. This should not come as a surprise – to drive innovation and cut time-to-market, products (especially software) are becoming more assembled than developed from scratch. These third party components are integrated with internally developed components to create the final product. If not secured, these components could risk the final products or networks on which they operate. Another issue we can learn is that it takes long months for these big, targeted attacks to be detected. In all major attacks, we saw that the attackers spent months (sometimes even years) in the vulnerable network, before detection.
What will cyber attacks look like in the future?
Unfortunately, it is safe to say that there will be an increase in cyber attacks in the future. With more data and greater connectivity driving our day-to-day lives (both as consumers and businesses), malicious actors will find new opportunities to access high-value assets. What we are starting to see today will likely be the norm in the future – cyber attacks will no longer target PCs, servers and networks, but will take advantage of all connected edge devices that can be either a target on their own or most likely an entry point that enables attacks towards higher-value assets. Smartphones, smartwatches, connected vehicles and smart sensors are just a few examples of such edge devices that would likely become the focus of targeted attacks in the future.
On top of that, we’ll likely start to see Artificial Intelligence (AI) based attacks. That means that malware, ransomware, etc. are being created by an AI code and not by humans, which will make them easier to develop and reproduce.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
Below are three areas of focus for organizations looking to get ahead of cyber attacks:
- Get full visibility of ALL your assets – How can you mitigate risks residing in your products and systems if you don’t have complete visibility into all the software and hardware assets you have? Maintain a detailed asset inventory, with visibility into asset underlying composition, so your security team can mitigate any risks lurking within.
- Secure your supply chain – The reliance on 3rd parties brings tangible cybersecurity challenges. Independently validate the composition and security of your 3rd party components and assets to reveal any hidden risk. Work with your suppliers to advance their security posture over time.
- Invest both in prevention and detection – preventing cyber risks is the right way to go but nothing is perfect. You need to ensure you can detect cyber threats once they get through your defense layers. For example, these could be network monitoring solutions that reveal suspected traffic generated by malware, or end-point solutions tracking anomalous edge device behaviour that may indicate they’ve been compromised.