FEATURE
We are now into the third year of COVIDinduced disruptions to our work and personal lives .
One of the most immediate and significant impacts to COVID was the rapid shift to large-scale remote working . This trend inevitably increased the attack surface of organisational IT assets , a development that threat actors of all kinds were quick to exploit .
The initial imperative that precipitated the widescale shift to remote working has now passed . Remote working is now becoming an integral part of Digital Transformation and good security is being implemented from the outset , not as a best-effort , last-minute add-on to enable the essential shift to remote working .
That ’ s the good news . The bad news is that just as organisational approaches to remote access security have evolved , so too have those of bad actors of all persuasions . Here are some developments most likely to threaten organisations in 2022 and beyond .
AI-enabled Business Email Compromise ( BEC )
The Barracuda Spear Phishing : Top Threats and Trends Vol . 7 – Key Findings on the Latest Social Engineering Tactics and the Growing Complexity of Attacks report found that in 2021 cybercriminals sent out 3 million messages from 12,000 compromised accounts .
While approximately 500,000 Microsoft 365 accounts were compromised , a full 36 % of organisations that had an account compromised had hackers set up malicious inbox rules to hide their activity . In fact , hackers on average created two rules for each compromised account .
According to the FBI , BEC garners more revenue for cybercriminals than any other kind of cybercrime , almost US $ 1.9 billion in 2020 . In a BEC attack the attacker usually persuades an employee to initiate electronic payment of a large sum with an email that appears to be from a known and trusted source . Organisations are getting better at thwarting these attacks by requiring additional checks to verify the authenticity of requests for high value funds transfers .
However , attackers are also getting better at impersonating those who routinely authorise large transactions . They are deploying deep fake technology to mimic the voices of such people . They then make a phone call to request a high value transaction . This ploy has already been used successfully several times , including against a bank in the UAE that netted the criminals US $ 35 million .
Mark Lukie , APAC Sales Engineer Manager , Barracuda
Skills shortage puts cloud security at risk
The shortage of security skills is huge , global and well-known . The ( ISC ) 2 Cybersecurity Workforce Study , 2021 , estimated the global shortage of cybersecurity professionals at 2.7 million . In Australia , it said the number of people working in cybersecurity had grown 34 %, to 135,000 from 2020 to 2021 and a further 25,000 were needed .
The impacts of these shortages will be felt for years , but as organisations continue to rapidly increase their use of public cloud services , the lack of skills needed to ensure correct configuration – and hence the security – of these facilities will make them increasingly vulnerable . In mid-2021 Gartner forecast Australian spending on public cloud services to reach A $ 13.8 billion in 2021 and A $ 16.7 billion in 2022 .
Security incidents related to their cloudbased services will continue to grow , www . intelligentciso . com
49