Key Points:
- Ransomware groups are increasingly bribing employees to gain access to company data, with this trend expected to rise in line with economic challenges.
- Zero trust architectures are expected to grow in popularity within hospitals to counter an increased number and range of cyber attacks.
- Proposed US Securities and Exchange Commission (SEC) regulations requiring businesses to report all significant data breaches are anticipated to increase scrutiny on enterprises and encourage better cybersecurity practices.
- The adoption of generative AI increases the risk of intellectual property and commercial data breaches significantly, making security governance a strategic priority at board level.
- Commercial Cloud Service Providers (CSPs) are being misused by cybercriminals, disguising malicious content to avoid detection and necessitating innovative detection and prevention solutions.
2023 has seen a shift in cyber crime, with ransomware groups bribing disgruntled employees to gain access to sensitive data, according to Zach Fleming, Head of Red Teaming at cyber risk and testing services company, Integrity360. Fleming warns of insider threats pretending to slip up and provide attackers with access to systems. He also noted that the practice of ‘money laundering’ is increasing, as cybercriminals turn extortion payment through legitimate shell companies, taking an additional 10% fee for doing so.
In light of increasing cyber threats, hospitals are fast adopting zero trust architectures which focus on improved identity management, authentication, continuous verification, and detailed access controls. The anticipated benefits of these architectures are they provide a robust defence against cyber attacks and support modern care delivery.
Andrew Shikiar, Executive Director and CMO of the US-based authentication standards group FIDO Alliance, predicts that the proposed SEC regulations, which require businesses to report all data breaches, will transform how businesses manage cybersecurity. Through this, increased scrutiny on business cybersecurity strategies and governance is expected, with businesses that neglect cybersecurity being exposed.
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, stresses that the adoption of generative AI not only raises the risk of cybersecurity attacks, but also the risk of loss of intellectual property and significant commercial data, as well as the likelihood of breaching industry regulations.
The misuse of Commercial Cloud Service Providers (CSPs) by cybercriminals is seen by Raj Samani, SVP Chief Scientist at Rapid7, as an emerging concern. As cybercriminals use CSPs to cloak malicious content, new solutions to counter this threat, such as those using AI and advanced automation techniques, will need to be developed.