Preparing for the next big cyber threat

In an increasingly uncertain world, with internal risks and external social, economic and geopolitical threats to organizational development and automation looming overhead, CSOs have been adopting strategies to be prepared for operating in uncertain times. Ransomware, data breaches and fraud are unabating, with cyber insecurity as well as misinformation and disinformation being the top and fourth risks, respectively, for the upcoming two years as projected in the World Economic Forum’s Global Risks Report 2024. 

The attack surface gets ever more complex with the increased adoption of cloud and artificial intelligence (AI), and thanks to generative AI (genAI) and IoT connectivity. Hackers are already attacking concentrations of common software and services to leverage their returns on investment. Critical infrastructure continues to be targeted as entire city networks, emergency networks, water treatment plants and power utilities are breached amidst rising geopolitical tensions. 

Ultimately, preparing for the next big threat entails focusing on cyber resilience, because there are simply no silver bullets in the cyber world. Embracing the hard truth with the inevitability of breaches entails a holistic approach towards developing as well as sustaining strong resilience. Strengthening cyber resilience will increasingly be a core part of the entire enterprise security strategy and entails a few techniques including coordinated protection, analytical monitoring and adaptive response. 

Coordinated protection 

For coordinated protection, as we demand greater cyber integration and reliance on Industry 4.0 — such as feeding telemetry information from IoT sensors into public cloud for data analytic services — CISOs will have to extend oversight into vendor environments as hackers leverage weaker entry points of the enterprise. 

The increased scrutiny into threat, vulnerability and risk assessment (TVRA) of environments supporting crown jewels must extend to communication service providers (CSPs), original equipment manufacturers (OEMs), operations support systems (OSS) and social media platforms. Cloud security enhancements will be implemented to address the use of multi-cloud environments. 

Strengthening coordinated protection also entails the management of third-party risk, tighter remediation timelines on known exploited vulnerabilities (KEVs), especially those flagged with ransomware indicators, adversarial simulation with red/purple teaming engagements and extension of table-top exercises to suppliers will see greater traction and oversight. 

In addressing emerging threats, CISOs will have to incorporate controls to counter adversarial AI tactics and foster synergies with data and AI governance teams. Controls to ensure quantum-resistant cryptography in the symmetric space to future-proof encrypted data and transmissions will also be put in place if they are not already. Many organizations — including banks — are already enforcing the use of quantum-resistant cryptography, for instance, with the use of the Advanced Encryption Standard (AES)-256 algorithm because data encrypted by it is not vulnerable to cracking by quantum computers. 

Zero trust as a mindset and approach will be very important, especially in addressing insecure design components of OT environments used in Industry 4.0. Therefore, one of the key areas of strengthening protection would also be identity and access management (IAM). Defense against multi-factor authentication (MFA) fatigue attacks must be deployed, and we must look towards password-less authentication as we try to optimize security and convenience as frictionless as possible as we step up our game. 

Analytical monitoring and adaptive response 

Key success factors of strong cyber resilience also entail analytical monitoring and adaptive response beyond just coordinated protection. This encompasses taking an assumed breach approach, which is often a neglected yet important component of zero trust. 

Organizations should also: 

• Consume actionable threat intelligence. 
• Subscribe to cyber threat intelligence, information sharing and analysis centers.
• Threat hunt. 
• Have adequate incident response (IR), if possible, with security orchestration and automated responses. 

Recently, the city of Columbus, OH detected a ransomware attempt early and managed to contain the incident by disconnecting the machine. While it is inevitable for sophisticated breaches to happen — especially those that live off the land in stealth — we can limit the attack blast radius, disrupt the cyber kill chain to prevent OT systems from being compromised by ingesting threat intelligence, detect fast through threat hunting and contain fast through orchestration. 

For instance, a company had loaded the indicators of compromise (IoCs) shared by Operational Technology Cybersecurity Information Sharing and Analysis Centre (OT-ISAC) into its security equipment prior to being attacked, thereby successfully detecting and thwarting the attack when it reached their doorstep. Not least, we need to also extend this to vendor environments. After all, successful digital supply chain attacks have been on the rise. Last year alone, we witnessed the breach of MoveIT, a managed file transfer solution being used as a conduit to compromise close to 2,800 of MoveIT’s customer companies. 

As part of strong cyber resilience, we need sound IR playbooks to effectively draw bridges, we need plan Bs and plan Cs, business continuities as well as table-tops and red teams that involve our supply chain vendors. 

And finally, response to the ever-evolving threat landscape will entail greater adaptability and agility.  For instance, protection against adversarial AI threats needs to be quickly incorporated into existing cybersecurity processes, such as secure-by-design for large language models (LLMs). This should be accompanied by penetration testing or red teaming incorporating the testing of LLMs for generative AI solutions. This demands that control processes reach a high level of maturity. Policies, standards, procedures, risk registers, OKRs, KRAs and KRIs will have to be updated more frequently against the increasingly volatile threat landscape. 

Getting it right 

Preparing for the next big threat entails a lot of getting the fundamentals of risk optimization right and establishing a mature process to sustain cyber and business resilience. And we can’t work alone in the cyber resilience journey. It requires the whole village to come together and involve our supply chain as the whole ecosystem. We are, after all, only as strong as our ecosystem. 

Steven Sim has worked for over 27 years in cybersecurity with large end-user enterprises and critical infrastructures. He has led global cybersecurity centers of expertise (CoEs), undertaken a global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He also has led cybersecurity across large MNCs, heading eight direct reports at a global cybersecurity department as well as indirect reports across regional offices and local business units in 44 countries.