The Expert View: The changing face of cyber-threats

“We have to be proactive in cyber-security today because the stakes are so much higher,” said Nour Fateen, Director, Sales Engineering, EMEA at Recorded Future. Speaking at a TEISS Breakfast Briefing at London’s Goring Hotel, he said that over the past few years regulatory pressures, reputational risk and intellectual property (IP) threats had all increased in significance.

 

Fateen said that “timely, accurate and actionable” intelligence is vital to proactive cyber-security. He asked attendees, all senior security experts from a range of sectors, whether they were adopting more proactive security measures to tackle the changing cyber-security landscape.

 

Growing threats

 

One growing threat identified by attendees was third-party risk. Vendors, customers and other third parties can all be a risk if they are not properly secured against attack. Vendor assessment is “painful”, one attendee said, and often outdated as soon as it is completed. Smaller third parties often don’t have sufficient security resources or expertise, while larger ones are often reluctant to share too much about their systems.

 

State-sponsored threats were raised by one attendee, who said their changing nature was a challenge. It might once have been possible to assume that state-sponsored actors primarily aim to steal IP – something that would be a low risk if your business had little IP worth stealing. However, these attacks are now just as likely to be about causing disruption or stealing money. And the possibility of falling victim to a state-sponsored attack aimed at another organisation, as many have during Russia’s invasion of Ukraine, means state-sponsored attacks cannot be overlooked.

 

The speed of technological change was also highlighted as a growing risk. From smartphones to artificial intelligence tools such as ChatGPT, new technologies create attack surfaces that must be protected. While they enable new ways of working, they can also put data and networks at risk.

 

Obstacles to proactivity

 

With current threats in mind, attendees agreed with Fateen that a more proactive approach is necessary, though they warned that there are obstacles to that. One attendee complained that there is so much intelligence available that the problem becomes sorting through it to find which parts are relevant to your organisation and which can be ignored. A new threat might be a crisis for a manufacturer, for example, but irrelevant to a retailer.

 

Fateen said that getting the right information at the right time was something Recorded Future had prioritised in recent updates. The company now provides a “threat map” that makes the information quicker and easier to digest.

 

Another obstacle is resources, attendees said. A security incident will force most organisations to divert resources from routine tasks. That might open a vulnerability in another area – something attackers are aware of. They frequently launch attacks of two types at once, precisely to overstretch defenders.

 

Getting more resources means making the case to the board, and attendees were unanimous in finding this difficult. Some attendees have found that the board is often more likely to listen to an outside expert rather than its own security experts, so being able to attribute intelligence to a third party can be beneficial. Sometimes, though, the board will be reluctant to invest in security tools, leaving you with “champagne tastes and a lemonade budget”, as one delegate put it.

 

Driving automation

 

Still, if you can get the board to invest in new tools, automation has enormous potential. Every attendee said their companies use automation in some aspect of cyber-security, mostly to filter information so they can identify threats that need further investigation.

 

Rather than using automation to cut staff, attendees agreed that it can improve productivity. It allows the existing team to deal with more alerts and makes their work more rewarding too, because they are spending more time on complex challenges rather than sorting through false alarms. Even tools such as ChatGPT are likely to become useful within cyber-security soon because a chat interface is a very natural way to manage information.

 

Nevertheless, attendees warned that automation is still not at a stage where it can make decisions unsupervised. As some of the most high-profile failures of ChatGPT have demonstrated, the technology needs to be supervised. They suggested that companies should work with providers to ensure that the level of automation is right for their needs.

 

The pace of change is not going to slow down but cyber-security professionals can build better defences with good intelligence and automation tools.

 

---

 

For more information visit www.recordedfuture.com