When you begin to dig into cybersecurity, you begin to recognize patterns. While there is always an evolution, often, the fundamentals do not change. For instance, new technology is added to organizational networks, with a greater emphasis on cloud migration. However, the keys to good cybersecurity don’t necessarily change dramatically. Good cybersecurity still requires strong passwords, multifactor authentication, and phishing awareness training, even if shiny new technologies get bolted onto a network or an organization moves from on-prem software to the cloud.
Ransomware and artificial intelligence are two areas of cybersecurity that have played a role in cybersecurity since cybersecurity became a thing. Yet, they continue to dominate the headlines. Ransomware, for one, because it remains one of the biggest threats to organizations, as it has for years.
A main tenant of CISA’s “Shields Up” program, launched following the uptick in cybersecurity incidents related to Russia’s invasion of Ukraine, is partnerships and collaboration between the private and public sector entities. While its efforts currently are focused on the 16 areas of critical infrastructure, it has made strides to help organizations in all industries share valuable information around cybersecurity incidents in a manner that does not force these organizations into jeopardy through reporting missteps. The goal is to make it easier and less punitive for organizations to openly share when facing a cybersecurity incident to make everyone safer in the digital environment.
Ransomware attacks persistently impact organizations across the industry. K-12 school districts have been particularly affected by ransomware as they are enticing targets for ransomware gangs because of the value and quality of sensitive data they hold and often a lack of resources to effectively protect it. Ransomware gangs have also begun targeting small colleges because they face similar issues. Earlier this year, Bluefield University in Virginia, BridgeValley Community, Technical College in West Virginia, and Truman State University in Missouri all had to navigate ransomware incidents.
But school districts and small colleges are far from the only types of organizations facing ransomware. In late April, Canada’s national art museum, the National Gallery of Canada, had to shut down its IT systems because of a ransomware attack. Arts organizations, like the National Gallery of Canada, have become frequent targets for ransomware groups eager to get their hands on customer information, with many believing they are more likely to pay because they need to stay open.
Above are just a few examples of the types of industries affected by ransomware. Still, ransomware can impact any organization with appreciative digital data, which is pretty much every organization in every industry.
Ransomware is evolving. Traditional ransomware, or extortion, is where criminals lock an organization’s files and force them to pay a ransom to unlock them. This has evolved into double extortion ransomware. In this type of ransomware, files are locked, and data is sold or leaked if a ransom is not paid. Double extortion ransomware has evolved into triple extortion ransomware. In this type of extortion, actors, on top of completing the steps of double extortion ransomware, also use distributed denial of service (DDoS) attacks to further disrupt an organization’s network. In DDoS attacks, large botnets are used to overwhelm traffic to an organization’s network and take a system offline for a period of time.
Because organizations are becoming less likely to pay a ransom demand, cybercriminals are becoming more ravenous in their attacks. For instance, cybercriminals often now reach out to individual victims who have stolen personally identifiable information (PII) from an organization and extort that individual. Cybercriminals are also more likely today to threaten to contact the media or cybersecurity bloggers and tell them they have stolen data from an organization. This is meant to ratchet the pressure and force organizations to pay a ransom demand.
One reason ransomware will be around for a while is that it is becoming easier to implement for cybercriminals. We are seeing a rise in Ransomware as a Service (RaaS). This model involves selling or renting ransomware to buyers, called affiliates, making it easier for threat actors, even those with little technical knowledge, to deploy ransomware against targets.
Artificial Intelligence is another reason why ransomware will continue to be a cybersecurity threat that organizations will be forced to navigate. The technology will allow ransomware attacks to become more automated and easier to deploy at scale. It will also make tools more accessible to users and increase the number of people who can implement ransomware attacks.
However, artificial intelligence will also help cybersecurity professionals and network defenders become more effective. You likely have heard of generative AI. It is the type of artificial intelligence behind new tools like ChatGPT and DALL-E that have grabbed headlines, and much more, over the last six months. Generative AI is being used, and will be used, in cybersecurity.
In March, Microsoft announced its Security Copilot. Copilot is Microsoft’s first generative AI security product. It incorporates GPT-4, a Microsoft-specific large language model (LLM), and signals from Microsoft’s threat intelligence. The tool is designed to aid cybersecurity professionals in discovering and mitigating attacks more rapidly and effectively. The idea is to help organizations fill the cybersecurity skills gap, with 3.4 million openings in the field. It is meant, Microsoft says, to augment cybersecurity analysts to be more effective in protecting networks and organizational defenses. While Copilot has yet to be released to the public, Microsoft hopes it offers a sea change in the world of cybersecurity. In its announcement, Microsoft President Brad Smith said of Copilot, “Imagine having a Tier 1 SOC where all of the people do Tier 2 SOC work.”
This is the value of artificial intelligence in cybersecurity in the good guy’s hands. It promises to make malware detection easier and more automated and mitigate incidents faster and more automatically. Like much of technology, the potential of AI is that it automates mundane tasks, freeing humans to focus on more creative and cerebral work. This is a very enticing promise for those who have ever gone cross-eyed looking at audit logs, or spend their days combing through threat intelligence signals.
There is a growing awareness of the need for collaboration in the cybersecurity space. This growing call has been led by the United States government. The Cybersecurity and Infrastructure Security Agency (CISA), which principals the U.S. government’s cybersecurity efforts, has been leading a charge in improving the way organizations are able to report cybersecurity incidents.
As a leader, it is important for you to understand these areas of cybersecurity. Make sure you are being proactive about understanding the latest because cybersecurity is critical to the health of your organization.
Reach out to TriCorps, and we can offer you a list of valuable resources around cybersecurity that we consume daily to help us stay updated on the latest trends in this critical area.