Intelligent CISO Issue 57 | Page 37

While it is important to acknowledge the many successes of security teams , it is also crucial to take learnings from these high-profile breaches to avoid history repeating itself . www . intelligentciso . com
FEATURE
The last year has been a headline year for critical data breaches and cyberattacks , overshadowing defence milestones achieved by security teams across the globe . While businesses have been updating response tactics in line with the surge in cybercriminal activity , it is clear that organisations are still struggling to adequately protect their assets from thieving hands .
In the last 12 months alone , we ’ ve seen cybercriminals successfully targeting major organisations across a variety of industries , including Toyota which suffered a data breach after a third party was able to access a company server with credentials that they obtained from source code published on GitHub by a third-party contractor . Cisco also confirmed a cyberattack after an employee ’ s credentials were compromised and the attacker was observed leveraging machine accounts for privileged authentication and lateral movement across the environment .
These breaches facilitated by lateral movement strategies , mass phishing expeditions and sophisticated ransomware have substantially undermined network security resulting in reputational damage for many businesses and ultimately losses of customer trust . As we reflect on the year past , while it is important to acknowledge the many successes of security teams , it is also crucial to take learnings from these high-profile breaches to avoid history repeating itself .
I predict there will be five key challenges bound for enterprise cybersecurity teams in the year ahead : investing in responsive tech ; lateral movement ; aggressive API attacks ; a rise in deepfakes ; and cyber warfare .
Innovative instincts tackle evasion tactics
Threat response innovation has been the industry ’ s standout growth area in 2022 . VMware ’ s Global Incident Response Threat Report ( GIRTR ) found that cybersecurity professionals are actively deploying new techniques , such as virtual patching to respond to incidents and counter cybercriminal activity . Although today ’ s threat actors possess an impressive portfolio of evasion tactics , the research unveiled that the majority of cybercriminals are inside the target environment only hours ( 43 %) or minutes ( 26 %) before an investigation occurs .
As threat response time is critical to network defence , meeting sophisticated threat actors at their level is missioncritical to protecting systems . Using innovative tactics to update response techniques is the first point of call in stopping malicious intent before it escalates – and one to focus on moving into 2023 .
The new battleground
You can ’ t stop what you can ’ t see and instances of lateral movement within an environment present an ever-expanding battleground for security teams as it lays the foundation for one-quarter of all attacks reported in VMware ’ s GIRTR . These infiltration techniques have been overlooked and underestimated by organisations over the last year . In April and May last year alone , nearly half of intrusions contained a lateral movement event , with most involving the use of remote access tools ( RATs ) or the use of existing services , such as the Remote Desktop Protocol ( RDP ) or PsExec .
In 2023 , we expect cybercriminals will continue to utilise remote desktop

While it is important to acknowledge the many successes of security teams , it is also crucial to take learnings from these high-profile breaches to avoid history repeating itself . www . intelligentciso . com

37