From vulnerabilities to vigilance

Issue 8 2023 Information Security

The world of work experienced a significant transformation in late 2022 with the introduction of generative artificial intelligence (GAI) in the global market. This breakthrough technology has shifted from a mere possibility to a tangible reality. It is unfortunate that cybercrime organisations also embrace these advancements, resulting in drastic changes in attack methods, strategies, and technologies. According to Stephen Osler, Co-Founder and Business Development Director at Nclose, the future of cybercrime is poised to become even more intriguing.

Stephen Osler.

Shift to reputational damage and extortion

“Cryptocurrency is being regulated more, and this will probably put criminal groups under increased pressure,” says Osler. After gaining unauthorised access to sensitive accounts, they will likely steal data and threaten to leak it unless a ransom is paid.

“Encryption is no longer their primary focus as leaked data becomes their bargaining chip. While companies can pay the hackers not to leak the information, there is no guarantee they will keep their word, and once the data is out, it is out. At least when they encrypted the data, you could recover it and remove the threat from your infrastructure. Now your data gets thrown out into the wild without guarantees or protections.”

Ransomware gangs’ use of artificial intelligence (AI) is also a growing concern. AI tools can enhance the sophistication and capabilities of attacks, enabling hackers to orchestrate more effective social engineering attacks. “The existence of AI bots that generate social engineering emails, create fake voice notes, and perform other malicious tasks adds to the complexity of the cyber threat landscape.”

Larger attack surface

With the increasing number of IoT devices, cybercriminals have a larger attack surface to exploit. “This expansion in attack opportunities will probably lead to a rise in cyberattacks targeting vulnerable IoT devices, including smart homes, smart metres, connected cars, and industrial systems,” cautions Osler. These attacks can have various consequences, ranging from data breaches and service interruptions to potential risks to physical safety.

The way forward

“When we look at the future of technology through the lens of cybercrime, it gets pretty concerning because the threats keep evolving and getting more cunning and sophisticated,” says Osler. “This poses a significant risk to organisations and their valuable data.”

Amidst these challenges, those combating cyber threats are not idle. Security organisations are becoming increasingly adept at identifying and mitigating threats. The benefits of their expertise are being passed on to businesses.

“With the right tools, detection methods and security teams in place, companies are well-placed to defend against the ever-changing threats. The future of cybercrime holds both challenges and opportunities. While cybercriminals continue to devise new methods, organisations have the means to adapt and protect themselves. By embracing technological advancements, collaborating with experts, and fostering a proactive security mindset, businesses can navigate the evolving cyber landscape and secure a safer digital future,” Osler concludes.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.