Evolving Cybersecurity Threats Calls for a Return to Basics

The digital transformation changed the playing field for cybercriminals, prompting them to adapt their strategies to navigate and exploit vulnerabilities. These interminable and increasingly sophisticated cybersecurity threats have forced companies to return to cybersecurity basics, reconsider security priorities and foment organizational communication, according to industry experts.

“After the pandemic, the range of attack extended due to home office schemes and the migration to the cloud. The challenge is to adjust our security position in this new reality,” said Luis Padilla, Manager Mexico, Crowdstrike.

The limitations imposed by the COVID-19 pandemic left companies with little recourse other than to adopt and implement new technologies, often without the usual strategic and security preparation. The accelerated migration towards cloud and edge computing services effectively erased the infrastructure limitations that companies were used to monitoring, thereby inadvertently creating risk opportunities for cybercriminals to exploit. The shifting nature of digital infrastructures have therefore “changed the security objectives that companies should consider when formulating security controls,” said Felipe Garcia, CISO, Scotiabank. Consequently, companies should understand that security controls will need to continuously adapt in response to evolving cybersecurity threats. This requires an unrelenting learning and adaptation process to lead the charge against cybersecurity threats.

To do so, companies need to be fully cognizant of their digital infrastructure, a callback to a cybersecurity fundamental: infrastructure audits. The traditional security protocols have become outdated in part because digital infrastructures have changed, effectively compromising the visibility companies need to protect against cybersecurity threats. This recomposition has not only introduced new access points, it has also changed internal organizational and consumer-facing processes. This reorientation has introduced a new layer of complexity that has made previous organization security protocols obsolete. In response, companies were obligated to take a step back and conduct inventory audits to achieve the “full spectrum visibility they needed to identify gaps and update security protocols accordingly,” said Alessandro Garcia Álvarez, Technical Solutions Director, Tanium. The added element of organizational process has introduced a new element to cybersecurity coordination, which has led to more holistic security controls and protocols.

Cybercriminals have reacted in turn, adapting their tools to reflect a new digital reality, consequently “forcing cybersecurity professionals to reassess their understanding of how these threats function,” said Gustavo Garcia Arellano, Chief Information Security Officer, Christus Muguerza. Furthermore, cyberthreats have become increasingly sophisticated, learning to appear and mimic the appearance of professional services that are particularly hard for non-specialists to identify. This points to a growing trend among cybercriminals to target end-users; which in turn requires companies to implement awareness and education campaigns, said Garcia Álvarez. Compounding this concern is the known investments cybercriminals have been allocating toward AI and robotics to augment the apparent legitimacy of disguised security threats. More troubling yet, this is only one application of the many that have extrapolated from adversarial AI.

Another preoccupation for cybersecurity professionals concerns the apparent independent mutation of malware enabled by artificial intelligence and machine learning. Malware now presents the ability to hide its identity in the face of detection efforts, in turn forcing security experts to double their efforts towards the identification of system anomalies, said Garcia Álvarez. An added aspect of this ability implies that this threat is able to wait, embedded within a system, and activate when it seen most opportune. This is forcing security experts to keep records of all retrospective analyses so if necessary, when a threat is flagged by the cybersecurity community, experts know exactly where in their infrastructure to check for dormant threats in their system. This is a saliently important ability considering the norm of disaggregated digital infrastructures. 

To augment the effectiveness of threat campaigns, cybercriminals have also begun to deviate from their modus operandi concerning their strategic approach to entry. Most recently, experts have observed the fragmentation of threats, which are capable of bypassing security checks as individual components and then rejoining once inside the digital infrastructure. This challenge was resolved with the register of individual components of a greater threat, information that was shared with a larger cybersecurity community.