DirectDefense, Inc. today published an analysis of more than two million hours of alert investigations that identifies SIM card swapping cyberattacks crafted using generative artificial intelligence (AI), attacks against AI tools and platforms, attacks aimed at local data centers and efforts to infiltrate incident response communications as the top cybersecurity threats of 2024.
Those threats are rising on the heels of a list of top threats for 2023 that includes multi-factor authentication (MFA) abuse, social engineering, single sign-on (SSO) compromises, attacks spanning multiple clouds and increased efforts to “live off the land” by compromising IT administration tools.
DirectDefense president and CTO Jim Broome said the report makes it clear cyberattacks are continuing to become more sophisticated even as defenders become more adept at thwarting existing threats. That constant evolution requires organizations to continuously evolve their strategies within the context of a change management plan for cybersecurity, he added.
More organizations are relying on managed security service providers (MSSPs) simply because they can’t find and retain enough cybersecurity expertise. The services that DirectDefense provides, for example, would require an organization to hire nine full-time cybersecurity professionals to provide on a 24×7 basis, noted Broome. The challenge is establishing a level of collaboration and trust between external and internal cybersecurity teams that allows service providers to take specific actions without waiting for permission that might not be granted until hours after a breach has been detected, he added.
In general, most organizations still need to pay more attention to cybersecurity fundamentals, said Broome. Cybercriminals are not going to resort to more advanced techniques when a simple phishing attack will enable them to achieve their aims, he added.
However, as defenses become more robust organizations should also expect cyberattacks to evolve as cybercriminals explore additional tactics and techniques, noted Broome.
Each organization will need to decide for itself to what degree to rely on an MSSP versus its internal IT teams. Many organizations, for example, are trying to reduce the total cost of cybersecurity by shifting more responsibility for security operations (SecOps) to internal IT teams.
In the long term, advances in AI should also enable internal teams to manage more security workflows without having to add as much headcount as they might have once required.
There are, of course, a lot of options when it comes to managed security services. Organizations should determine to what degree an MSSP is willing to work with them to customize alerts to fit their requirements before partnering with one, said Broome. Many so-called as-a-service platforms currently made available by providers of cybersecurity platforms, for example, attempt to provide a one-size-fits-all approach to organizations that generally have unique sets of requirements, he added.
Ultimately, there are few organizations that when it comes to cybersecurity can afford anymore to go it alone. As cyberattacks increase in volume and sophistication the average organization, if it has not already been, will be soon overwhelmed as the cost of attaining and maintaining cybersecurity continues to increase. The best way to mitigate those costs is to rely more on shared services that multiple organizations via annual subscriptions are helping to underwrite for the common good.
Recent Articles By Author