Here’s some 2025 predictions from Larry Schwarberg, CISSP, Vice President, Information Security at The University of Phoenix
The rapid adoption of AI will cause inadvertent data exposures
The growing popularity of Artificial Intelligence (AI) has business leaders trying to find as many use cases as possible in hopes of improving service delivery and operations. In most cases, the use cases surpass the cyber security team’s ability to implement appropriate governance and controls. With a sense of urgency and the lack of a mature governance program, employees may be using open-source AI for internal business cases. The increased risk will be inadvertent data exposure due to limited knowledge of training a large language model (LLM). For risk mitigation, business leaders should partner with Privacy, Cyber Security and Legal to implement a governance model before pushing wide use of AI within the organization. The governance model begins with a sound policy that provides flexibility for innovation and allows for oversight of major AI projects.
Ransomware attackers will target centralized services and data lakes
Some of the ransomware attacks in 2024 have shown that attackers are focused on wider impact, which produces a sense of urgency to pay ransoms. When attackers focus on a centralized service provider, the impact is much greater than an attack focused on a single organization. Service providers have SLAs and penalties which can force the consideration to pay the ransom instead of attempting to recover on their own. Several notable attacks in 2024 have proven that attacks on service providers and large databases provide a goldmine for hackers. Additionally, attackers may begin targeting cloud service providers who are likely to host large organizations in various industry verticals. Organizations should ensure their business continuity plans, and disaster recovery plans have contingencies if their service providers become unavailable. Incident response plans should also test the executive team on scenarios where a ransomware group may exfiltrate personal information from their service provider and attempt to negotiate additional ransom for the data they have in their possession.
Phishing / Vishing will be more believable with the use of AI
AI has created an environment where deep fakes can easily be leveraged for social engineering to gain initial access to networks. These types of attacks can be leveraged in many ways where typically fraud prays on the hearts of their victims, such as natural disasters and other significant events where unsuspecting people want to help through donations. Social engineering via vishing attacks can also target individuals who might think their child has been abducted for ransom. Vishing attacks will also be leveraged to impersonate executives which would be used to target employees into sending funds, providing access, etc. People are the weakest links into a network because of their desire to be helpful. Social engineering attacks using vishing are made easier with the advances in AI and information obtained through social sites. Organizations should build into their awareness programs plenty of training on social engineering and encourage employees to verify non-typical requests.
Insider threat will become more common
Since Covid, where many organizations transitioned rapidly to a fully remote workforce, the risk of insider threat has significantly increased. A malicious attacker could join an organization for intelligence collection or with the intent to gain access to other sensitive information. Insider threat has been a challenge for cyber security teams since you have to determine what is authorized activity versus what is not authorized by a user. Organizations must use the concept of least privilege to perform daily tasks. Risk mitigation for insider threat starts at the screening process. However, in 2024, it has been proven that even mature hiring processes can be defeated by persistent hackers.
Increased focus on zero trust network architecture and passwordless authentication
The concept of Zero Trust Network Architecture (ZTNA) focuses on “trust nothing and authenticate continuously” but does take into consideration the user experience. Organizations are focused on this architecture because the concept continually evaluates that the user and machine are who they say they are, allowing them access to data they have authorization. With the escalation of ransomware attacks, it is important to validate users since organizational networks are no longer defined by a perimeter. Cloud-based technologies and Software as a Service providers have created complexity in system and user trust. ZTNA deploys continual authentication, micro segmentation, continuous monitoring and the least privilege concept.
Related
This entry was posted on December 11, 2024 at 8:27 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cybersecurity Projections For 2025 From A CISSP
Here’s some 2025 predictions from Larry Schwarberg, CISSP, Vice President, Information Security at The University of Phoenix
The rapid adoption of AI will cause inadvertent data exposures
The growing popularity of Artificial Intelligence (AI) has business leaders trying to find as many use cases as possible in hopes of improving service delivery and operations. In most cases, the use cases surpass the cyber security team’s ability to implement appropriate governance and controls. With a sense of urgency and the lack of a mature governance program, employees may be using open-source AI for internal business cases. The increased risk will be inadvertent data exposure due to limited knowledge of training a large language model (LLM). For risk mitigation, business leaders should partner with Privacy, Cyber Security and Legal to implement a governance model before pushing wide use of AI within the organization. The governance model begins with a sound policy that provides flexibility for innovation and allows for oversight of major AI projects.
Ransomware attackers will target centralized services and data lakes
Some of the ransomware attacks in 2024 have shown that attackers are focused on wider impact, which produces a sense of urgency to pay ransoms. When attackers focus on a centralized service provider, the impact is much greater than an attack focused on a single organization. Service providers have SLAs and penalties which can force the consideration to pay the ransom instead of attempting to recover on their own. Several notable attacks in 2024 have proven that attacks on service providers and large databases provide a goldmine for hackers. Additionally, attackers may begin targeting cloud service providers who are likely to host large organizations in various industry verticals. Organizations should ensure their business continuity plans, and disaster recovery plans have contingencies if their service providers become unavailable. Incident response plans should also test the executive team on scenarios where a ransomware group may exfiltrate personal information from their service provider and attempt to negotiate additional ransom for the data they have in their possession.
Phishing / Vishing will be more believable with the use of AI
AI has created an environment where deep fakes can easily be leveraged for social engineering to gain initial access to networks. These types of attacks can be leveraged in many ways where typically fraud prays on the hearts of their victims, such as natural disasters and other significant events where unsuspecting people want to help through donations. Social engineering via vishing attacks can also target individuals who might think their child has been abducted for ransom. Vishing attacks will also be leveraged to impersonate executives which would be used to target employees into sending funds, providing access, etc. People are the weakest links into a network because of their desire to be helpful. Social engineering attacks using vishing are made easier with the advances in AI and information obtained through social sites. Organizations should build into their awareness programs plenty of training on social engineering and encourage employees to verify non-typical requests.
Insider threat will become more common
Since Covid, where many organizations transitioned rapidly to a fully remote workforce, the risk of insider threat has significantly increased. A malicious attacker could join an organization for intelligence collection or with the intent to gain access to other sensitive information. Insider threat has been a challenge for cyber security teams since you have to determine what is authorized activity versus what is not authorized by a user. Organizations must use the concept of least privilege to perform daily tasks. Risk mitigation for insider threat starts at the screening process. However, in 2024, it has been proven that even mature hiring processes can be defeated by persistent hackers.
Increased focus on zero trust network architecture and passwordless authentication
The concept of Zero Trust Network Architecture (ZTNA) focuses on “trust nothing and authenticate continuously” but does take into consideration the user experience. Organizations are focused on this architecture because the concept continually evaluates that the user and machine are who they say they are, allowing them access to data they have authorization. With the escalation of ransomware attacks, it is important to validate users since organizational networks are no longer defined by a perimeter. Cloud-based technologies and Software as a Service providers have created complexity in system and user trust. ZTNA deploys continual authentication, micro segmentation, continuous monitoring and the least privilege concept.
Share this:
Like this:
Related
This entry was posted on December 11, 2024 at 8:27 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.