SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

IWD 2024: Defending against modern adversaries requires greater diversity

Fri, 8th Mar 2024

The speed and aggression of cyberattacks continue to accelerate as adversaries compress the time between initial entry, lateral movement and breach. In parallel, the rise of generative AI is lowering the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more innovative and sophisticated. These two factors alone place us in an entirely new threat context, a context that creates the need for our industry to embrace more diversity in the way we think, strategise, and defend against modern adversaries.

The agility of cybercriminals today is disconcerting. Our latest analysis in the CrowdStrike 2024 Global Threat Report has shown a dramatic decrease in breakout time for interactive eCrime intrusion activity, plummeting from 84 minutes in 2022 to a mere 62 minutes in 2023. What's more, the fastest breakout time was recorded at just 2 minutes and 7 seconds. Once initial access was gained, eCrime adversaries on average were deploying tooling within an astonishing 31 seconds.

This rapid pace is supported by a strategic approach targeting identity through social engineering, supply chain vulnerabilities, and the utilisation of access brokers—those of whom are democratising cybercrime by selling legitimate access to other criminal groups. An overwhelming 75% of these initial access attempts were conducted without malware, further confirming cybercriminals' shift towards more innovative and insidious tactics.

At the same time, the spectre of cloud-based attacks looms larger than ever, with a 75% increase in successful incursions and a 110% year-over-year rise in cloud-conscious cases (i.e., cases where an adversary consciously exploits cloud misconfigurations or vulnerabilities). The deployment of AI tools by adversaries presents an alarming frontier for misinformation campaigns and geopolitical meddling, suggesting a heightened need for vigilance and innovation in cybersecurity measures.

These trends are driving a shift in the security landscape, and paint an alarming context for businesses in ANZ. The 'good enough' approach to cybersecurity is simply no longer viable for modern threats for larger businesses. At the same time, small-to-medium businesses represent 98% of Australia's economy and yet are heavily targeted by cybercriminals and are incredibly vulnerable. Compounding this is the fact our region is facing a persistent cybersecurity talent shortage, and while AI is proving valuable in enhancing the cybersecurity workforce, we'll ultimately always need humans in the mix to provide context and verification.

It's for this very reason that we stand at a critical juncture. To keep pace with the innovation we're seeing from threat actors, we too need to evolve. Key to this is encouraging and embracing a kaleidoscope of perspectives, skills, and ideas to continue combatting growing threats.

We're better off when people from all walks of life come together to collaborate and problem-solve. But too often, we are confronted with the assumption that a career in cybersecurity is exclusive to those with a technical background or coding experience.

For instance, my own journey from political intelligence (a non-technical field) to cybersecurity threat intelligence underscores the value of varied skill sets in enriching the industry's capabilities. Cybersecurity is not just about coding or network architecture; it is equally about understanding the psychology of adversaries, applying critical thinking, and devising strategic defences. Non-technical skills are just as important, particularly in the context of cyber threat intelligence, which is an incredibly important layer of defence for businesses globally.

With that said, my message to prospective cybersecurity professionals who may be doubting themselves is: If you have ever considered pursuing a career in cybersecurity or pondered making a career change into the industry, do not be held back by thinking you don't have anything of value to offer. Cybersecurity is a team sport that requires different strengths and skill sets; it requires the sharing of unique ideas and perspectives. That is what allows us to evolve as an industry. It's what makes us truly effective at stopping bad actors and defending businesses, governments, and society as a whole.