PORTAL EXCLUSIVE: Shifting cybersecurity trends demand embracing innovative thinking | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

As we usher in 2024, the cybersecurity landscape is rapidly transforming. With Artificial Intelligence (AI) being prompted by some of today’s most clever minds, the shifting battleground demands a new strategy from Chief Information Security Officers (CISOs) and security team members – one that abandons traditional methods and embraces innovative thinking to outmanoeuvre the adversaries of tomorrow.

Threat actors
In India, a worrying trend has emerged with at least 82% of citizens having inadvertently interacted with a phishing attempt. While some threat actors continue to try and exploit system vulnerabilities, many are looking to leverage AI to trick people into sharing personal credentials. Unfortunately, they have been quite successful. This statistic is a stark reminder that cybersecurity has always been a cat-and-mouse game, but now, the pace is accelerating. The difference now is that generative AI condenses timeframes, allowing threat actors to try new approaches faster than practitioners can pre-emptively protect against them.

As cybersecurity leaders brace for more formidable challenges, it is essential to ponder over several key questions that will illuminate the path to a robust security framework. Managing multiple tools has become a challenge for CISOs in India, with 78% of global organisations using 50 or more cybersecurity tools. However, often team members are not well-trained on the entire suite of tools, focusing only on their specialised areas, potentially leaving blind spots where other technologies could be beneficial. A team should be reacquainted with the entire cybersecurity toolset. If multiple tools are offered by one vendor or under one platform, the team must ensure that its members are comfortable with the user experience, enabling them to fully utilise all available resources.

India, poised to grow its tech investments by 10% in 2023 to Rs 3.9 trillion ($46.8 billion), is a prime target. So far, the average ransomware payout in India is around Rs 99.8 million ($1.2 million), with the total cost of the attack nearly double that. This underscores the increasing benefit threat actors derive from the rapid advancement of AI technology. Instead of attempting to penetrate networks through vulnerabilities, a well-crafted AI-generated email might be all it takes. This raises the importance of comprehensive internal training, ensuring that every team member understands their critical role in safeguarding the organisation, techniques to identify potential attacks, applicable internal protocols and the correct procedures for reporting suspicious activities.

‘One-step-ahead’ strategy
It is vital to acknowledge that the attack that could breach your defences may not even exist yet. Whether incredibly complex or deceptively simple, the impact would be significant. Anticipating that a major attack against an organisation could occur, team members should be encouraged to gain a deep understanding of the network’s intricacies, assess the value an organisation presents to potential attackers, adopt a hacker’s mindset: consider how a malicious actor, aided by AI, might attempt to extract valuable data. One needs to be vigilant on all fronts, as adversaries need only a slight weakness to infiltrate one’s defences.

The multi-million-dollar question that remains is how to forge effective partnerships and strategies to safeguard assets against these evolving threats. AI, as much as it can be used nefariously, can also tap into vast data reserves to detect anomalies and suspicious patterns, moving us beyond the traditional cat-and-mouse game. For threat actors, the investment in crafting deceptive messages or simply bribing someone for their corporate credentials is often worth the risk. Indians, on average, receive 12 phishing messages per day, with 49% being unable to discern their malicious nature due to their sophistication. Hence, the investment in security must be comprehensive, mirroring the diligence of round-the-clock physical security. In conclusion, probing the critical aspects of security and AI, and guiding one’s company into 2025 with robust defences and a proactive mindset is the key. 

The author is managing director and country manager, SentinelOne


Click Here For The Original Source.

National Cyber Security