Last week saw the partial takedown of the world’s most prolific ransomware group, Lockbit. A triumphant win for global law enforcement, but it’s not the end of the story. History has proven that groups like this will come back swinging – going underground to regroup, re-tool and attack again.
For every Lockbit that gets shut down, there are hundreds more cybercriminals waiting in the wings to target businesses of all sizes. And sadly, in the world of cyber security, we are operating in an environment where we can confidently say to businesses – you’re going to get attacked by bad actors.
However, how these attacks look is changing. For example, in the year ahead we expect attackers to increase their use of QR codes to trick people, generative AI to enable more attacks in languages beyond English and Cloud to be many businesses’ Achilles heel.
In 2023, almost 70% of large businesses in the UK reported a cyber breach or attack. Criminals are targeting businesses of all shapes, sizes and industries, scanning for weak spots and infiltrating systems. Examples last year included reputable, robust organisations from the Electoral Commission to T-Mobile, all falling victim to attacks that exposed peoples’ personal data and severely disrupted their operations.
It’s not that these were easy targets. Casinos are some of the most security sensitive businesses in the world, but attackers were able to breach MGM Casino forcing it to shut down slot machines, hotel keys and online reservation systems. Even the world’s biggest bank wasn’t immune - in November, a cyber-attack locked parts of the network at ICBC, forcing it to handle trades in New York by couriering USB sticks around the city.
As in many other areas, the biggest driver of change for both attackers and defenders in cyber security last year was generative AI. It began to lower the barrier to entry for attackers, allowing them to operate faster and at greater scale. In the months after the rollout of ChatGPT, we saw a 135% increase in novel social engineering attacks – phishing emails that use more sophisticated grammar and language to make victims trust them. We believe attackers began using ChatGPT to make phishing harder to spot.
The impact will be felt more this year. Attacks will continue to proliferate, both through increasing use of AI and automation, and a range of other clever new tactics dreamed up by bad actors and companies need to face the harsh reality that the risk of cyber security breaches has heightened. The ‘new normal’ for all businesses is a world where breaches are as common as petty theft. Organisations will not only have to face the challenge of avoiding breaches, they will have to learn to adapt to them - constantly.
Living in a world where cyber-attacks are a constant threat underscores the importance of proactively reducing their impact. Equipping businesses with the tools and skills to prevent and protect themselves is essential. AI has a role to play in this. We must fight offensive AI with defensive AI – it’s the best way to stay one step ahead of cybercriminals.
Society expects organisations to be prepared for attacks, protect customer data and keep vital operations running. It will hold those who fail in that responsibility to account.
By using AI within their cyber security arsenal, businesses can arm themselves against ever-evolving threats. AI can learn businesses from the inside out and once it knows the native environment of an organisation, AI can be deployed to continuously monitor for risks, detect threats in real time and take immediate action. By doing so, it uplifts the humans working in security teams to protect us every day. AI can be vigilant 24/7 and spot small variations faster and more accurately than a human, allowing human teams to focus on investigating and fixing the most complex issues within their security set up.
But no matter how brilliant the tech a business installs, well operated the human team is or how good the partnership between the two, tech alone isn’t a silver bullet. Businesses need to take greater steps to protect themselves and limit the impact of any successful attack.
You can start by finding independent, dependable guidance. The National Cyber Security Centre (NCSC) provides guidance on the foundational steps every business should take to reduce the likelihood and impact of attacks.
Then, develop a plan. The difference between experiencing a small compromise and an all out crisis is having a plan. Once you have the plan, practice it and optimise your processes so that key players are ready if the day arrives.
Buy in the right tools. You can’t defend effectively against cyber attacks without defensive software. Make sure you have the right tools, and they are properly integrated to provide visibility of what’s happening in your IT estate, and defend against it. The more layers of defense an attacker has to make it through, the safter you are – defense in-depth.
And finally, adopt a strategy of zero trust. The ways attackers attempt to breach businesses is continually multiplying, so don’t assume any channel coming into your business is 100% safe.
Any day lost to a cyber breach is a gain not just for criminals, but also your competitors. Businesses spend a huge amount of time and resources looking at what others are doing in their sector to stay competitive – we need to apply the same amount of rigour and energy to preventing cyber attacks. When the reality as a large business is that you are more likely to experience a breach than you are not, these procedures are paramount.
It's not just a business imperative. Society expects organisations to be prepared for attacks, protect customer data and keep vital operations running. It will hold those who fail in that responsibility to account. We can do that better by changing mindsets. A successful attack should not simply be seen as a failure to be kept quiet – that’s what the bad guys want. It should be viewed as an opportunity to share learnings, so we can all adjust and ultimately come out the other side stronger.
Accepting this reality – and the responsibility as leaders and colleagues to play our part – is key to making businesses more resilient in the future.
Poppy Gustafsson is the Chief Executive Officer of Darktrace