Managed Detection & Response Services

Welcome to the latest episode of Unraveling IT, Expert Tech Talks. I'm Nikita with Corsica Technologies, here to introduce our latest podcast featuring Ross Filipek, our our chief information security officer. In March 2024, Ross joined industry analysts at the IHL Group for an illuminating webinar on strategic technology and IT outsourcing for midmarket companies. Listen into this week's episode to hear our take on the top cybersecurity trends and threats for 2024. Enjoy. Hey, everybody. I'm Ross Filipek, chief information security officer at Corsica Technologies. I'll be talking about some cybersecurity trends and threats for 2024. And as a managed cybersecurity services provider, I think that Corsica is kind of in a unique position. We work with clients in a lot of different industries. So manufacturing, healthcare, finance, really all across the board. So I think we have, you know, some pretty unique perspective for observing some of these different cyber trends and threats, and I'm gonna be talking about, some big things that we're seeing out there. Just a high level agenda. Some of you probably will recognize a handful of these things as not necessarily being new for 2024, but rather these are the types of things that we continue to see organizations struggling with really, in all industries and all over the globe. So I think it's important to really hammer on those to talk about what we can do to mitigate risk from these types of things. And, you know, I hope it goes without saying, but this is gonna be a nonexhaustive list. Yeah. There's really no way I could capture every potential cyber threat and and trend for for 2024 in a single presentation. So I'm gonna focus on the types of things that we see the most of. So to start out, just to lay the groundwork a little bit, some background information. The cost of cyberattacks on the global economy is predicted to top ten point five trillion dollars by the end of this year. So if you try to wrap your mind around that figure, I mean, this is just, you know, it it it's mind boggling. I mean, clearly, cybersecurity is no longer something that we can just leave up to chance. So this really means that cybersecurity has to be treated as a strategic priority for us on an individual, organizational, and governmental level. Yeah. This is really why I'm such a proponent of conducting a proper cybersecurity risk assessment for your environment, you know, using a tried-and-true framework, you know, something like CIS RAM or the FAIR model. Yeah. Those are both great resources. But really, you know, if you guys think about the cybersecurity product marketplace today, there there are million products out there, you know, all kinds of security hardware and software and services. All those vendors position their products as kind of being the magic bullet for cybersecurity. But, unfortunately, there is no magic bullet when it comes to cyber, you know, and no organization has enough time or people or money to just go out and buy all the products to implement them. Right? You know, so we need some judicious way to figure out what do we really need from a safeguard perspective to protect our environments. You know, what's what's actually going to be effective for us to implement and what can we kind of put on the back burner. So that's really the purpose of conducting a cybersecurity risk assessment, so we know where to focus our protection efforts. Also, as Greg mentioned earlier, AI is gonna have a transformative impact this year on both attack and defense. Its impact is gonna be felt across every one of the trends that I'll cover here. I've got some more slides coming up about AI, so stay tuned. The cybersecurity skills crunch. As a managed cyber services provider, this one kinda hits close to home for me. But we've been seeing a shortage of professionals with the skills needed to protect organizations from cyber attacks continuing to be a running theme. And in fact, the research indicates that fifty four percent of cyber professionals believe that the impact of the skill shortage on their organizations has actually gotten worse over the past couple years. You could kinda see the graphic there, on the slide over on the right from the IHL study. Forty two percent of companies have IT staff availability as a top pain point. So this continues to be something that that we see. And, you know, for those of you who have ever tried to hire cybersecurity talent, you know, particularly good cybersecurity talent, those people tend to be expensive, they tend to be difficult to find, and they tend to be difficult to retain. So, you know, we really see that continuing to be a running theme. But efforts to rectify the situation include increasing salaries. So, you know, that's great, but you it can only only go so far before the economics just don't make sense. Certainly, greater investment in training and development and upskilling programs. You know, these are great ways to attract and retain skilled cybersecurity talent. But here again, you know, these things tend to be expensive and they tend to get more expensive over time. So as a result of this, we've really seen a dramatic increase in the amount of outsourcing to, manage providers with the necessary tools and skill sets. Generative AI for both good and evil. You know, we've talked about AI a couple times already, today. But as AI increases in sophistication, we're gonna continue to see more sophisticated and smarter AI powered attacks. These are gonna be things that range from deep fake social engineering to automated malware that in intelligently adapts to the detection. So, you know, kind of the classic example of this, if there is such a thing, you know, you guys remember, like, five years ago or ten years ago, it was usually pretty easy to spot phishing emails. You know, there'd be a lot of misspelled words and poor grammar. Really a lot of red flags that our users can be trained to be on the lookout for to spot a phishing email or, you know, some kind of social engineering attack, that's coming in and and reaching them. So really what we've been seeing as the result of generative AI tools are that cyber criminals, you know, particularly those who are not native English speakers, now have the ability to craft very believable, emails written in perfect English, no misspellings, no bad grammar. And now, you know, our our end users are having to contend with those types of attacks. So it it just really puts an additional burden on us as organizations because the number of red flags that are at our disposal to look for now is dramatically shrunk. So, you know, that's not to say that it's only the bad guys who are able to make use of AI. The good guys are having excellent results with it as well. So at the same time, AI is gonna help us detect and neutralize cyber threats thanks to things like real time anomaly detection, smart authentication, and some automated incident response capabilities. So, yeah, I could speak for Corsica as a managed cybersecurity provider. Many of the tools that we use to deliver our cybersecurity services and the tools that our security operation center uses to to monitor, those tools and and those services, already make heavy use of artificial intelligence. So they just really help our SOC analysts be much more efficient and effective and accurate when it comes to investigating and triaging cyber attacks. So I think, you know, definitely some some strong advantages for AI for the good guys as well. So, what we can say is that if cyber attacks and defense this year is like a game of chess, then AI is the queen. So whoever controls that has the ability to create powerful strategic advantages. Next level of phishing attacks. So, you know, this is certainly nothing new. Phishing has been a problem for a lot of organizations for a long time. It's going to continue to be a problem, you know, particularly, when used in conjunction with generative AI, like I was talking about on the previous slide. Saw a pretty interesting statistic, a couple of months ago, and that's that eighty percent of all successful cyber attacks actually target people, not computers. That makes sense. Right? You know, if you're an attacker, why do you wanna spend a month or a week, you know, a a week or a month or, you know, even a year trying to hack your way in to, you know, through somebody's firewall or hacking to somebody's server where you could just fish their employees and trick all those people into giving you their usernames and passwords. You know, attackers like to work smart, not hard. So certainly, they're gonna continue to hammer away at phishing until we get better at detecting and stopping it. So the response to this, yeah, kind of, like I implied a second ago is that it it'll largely revolve around organization wide awareness and education. So continuing to be aggressive about security awareness training for our employees, it's just gonna be so critical to do. You know, for for many clients, I recommend that if you're in a position right now where you're doing, like, a like, a big batch of annual cybersecurity awareness training, Look at splitting that up over the course of the year, so maybe move to a quarterly training model with a smaller volume of training courses. And the reason that tends to be more effective is that, you know, as long as we can routinely get this training information and testing, in front of our employees, that tends to keep these concepts fresh in memory and, you know, people, are are less likely to, you know, kinda put it on the shelf and and forget about it. IoT cyberattacks. So some of you probably recognize IoT. IoT is the acronym for Internet of Things. So when I talk about IoT devices, I'm talking about really any electronic gadget that connects to our network in some capacity, but it doesn't actually have a human user sitting behind it. So, you know, you think about nowadays, refrigerators and, you know, toasters and smart TVs are a great example. All these things, you know, people buy them and then they connect them to the network and then they tend to forget about them. So over time, a lot of these things wind up missing firmware updates and security patches. And really what that does is just, really, increases what we call the attack surface for our organizations. It gives those potential attackers a lot more that they could potentially grab on to and hammer away at to try to breach our environments. In addition, with the work from home revolution continuing, the risks posed by workers connecting or sharing data over improperly secured devices is gonna continue to be a threat. So, you know, I would imagine most of you, you know, certainly back during the pandemic, had a lot of employees working from home, you know, probably using personal devices, connecting to your, business environments across infrastructure that your IT department didn't necessarily have visibility into or the, control over. So that caused a lot of problems for a lot of organizations. Cyber resilience. So, I think two terms that a lot of times get used interchangeably but really mean two different things are cybersecurity and cyber resilience. But the distinction, I think, is becoming increasingly important. So while the focus of cybersecurity is on attack prevention and detection, the focus on cyber resilience is on response. So some of you may have heard the adage that it's not a question of if you get breached, it's a question of when you get breached. So from the cyber resilience standpoint, the more effort we can put into preparing for that inevitable breach, In other words, sitting down and taking the time to develop a proper incident response plan and then periodically testing that plan to make sure it's doing what we need it to do. Yeah. All the preparation we can do ahead of time is just gonna make life so much easier for us if we ever end up needing to respond to a breach. So very important to do. It's gonna be crucial going forward. Less than zero trust. Some of you may be familiar with what it's called the excuse me. Some of you may be familiar with what's called the zero trust framework. This is a model of network architecture that stresses that there's really no perimeter within which the network activity, can be assumed to be safe. So really what that means is, you know, you think about ten years ago, a lot of organizations were set up so that if employees were physically working in the office, you know, you had people coming in and working in their their offices or out of their cubicle. A lot of times, we set those up so those people could bypass things like multifactor authentication and many of the other cybersecurity controls that they would otherwise have to go through if they were trying to connect from the outside. Right? So what zero trust says that we do is kinda flip that model on its head And it says that we should assume that all of the devices in our environment, whether they're devices in our offices or the devices that our users are using to connect from home or from hotel rooms. We should assume that all those things are compromised. So we're gonna take other measures to protect our organization's data. And, generally, that amounts to very granular, very accurate authentication and authorization mechanisms for that data. But, for those of you who are familiar with CISA, that's the US government's, cybersecurity and infrastructure security agency. They recently put together a really great white white paper on zero trust architecture that does a fantastic job of explaining what that is conceptually. So, you know, if that if that's the type of thing that interests you, I'd really encourage you to, check out that that CISA white paper. It's a great reference. Cyber warfare and state sponsored attacks. Yeah. These have been going on for a long time. They're not gonna let up anytime soon. And, you know, I think for for the rest of, yeah, the rest of our existence, we're we're gonna have to continue to deal with these things. So, certainly, the war in Ukraine, has exposed the extent to which nation states are willing and able to deploy cyber attacks. Against both military and civilian infrastructure. And, you know, that that we're we're not just seeing that in Ukraine, you know, certainly with Israel and Gaza. This is a big deal as well. Going forward, wherever military operations take place around the world, they're gonna go hand in hand with cyber warfare operations. If physical warfare and cyber warfare are gonna be inseparable, they're always gonna go together. So the most common attacks that we continue to see originated from state sponsored actors are phishing attacks. You know, like I mentioned a few minutes ago, eighty percent of all successful breaches start with phishing. Attackers know this. They know it's highly effective. So that continues to be what they focus on. So being able to gain access into their victim environments to do disruption and espionage And even things like denial of service to knock systems offline, you know, that that tends to be the hallmark of these state sponsored threat actors. Separately from warfare though, we've got major elections coming up this year in the US, in the UK, in India, and we can expect to see an increase in cyberattacks that are aimed disrupting those processes. And lastly, we are continuing to see a trend toward soft skills becoming increasingly essential for cybersecurity professionals. So, you know, I can tell you, you know, ten years ago, fifteen years ago, when we would hire a talented, you know, cybersecurity engineer, chances are pretty strong that we'd end up putting him or her in, know, in a closet someplace and just having them focus on malware analysis or, you know, doing the technical things to detect cyber threats in the environment. And that worked well for that time. But, you know, if you think about today, cybersecurity is just so tightly woven into all of our business processes and all of the information technology that we use across our organizations. It's just becoming so important for those who are tasked with cybersecurity for our environments to be able to communicate effectively with all the rest of our employees. So, yeah, certainly the soft skills, we we definitely put a premium on. And I think, unfortunately, a lot of times, you know, that just, you know, continues to make it more difficult to find, people who are able to do what really needs to be done. But, yeah, certainly, this is gonna be a trend that continues and is just gonna get more important as the years go on.