Intelligent CISO Issue 57 | Page 38

The majority of cybercriminals are inside the target environment only hours ( 43 %) or minutes ( 26 %) before an investigation occurs .
protocol to disguise themselves as system administrators . As we head into the new year , CISOs must prioritise the integration of EDR and NDR to defend data centres , access points and critical infrastructure that hackers can infect once they infiltrate external barriers .
Unsupervised APIs
This year , we ’ ll continue to see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organisations . A main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment . Most of the traffic within those modern applications is often unsupervised API traffic , fuelling lateral movement as cybercriminals continue to use evasive techniques once inside the environment to divert detection on VDIs , VMs and traditional applications . These initial access techniques will be increasingly attractive to malicious actors aware of organisations ’ monitoring limitations and will hunt for vulnerabilities .
Last year , deepfake attacks soared . We ’ ve seen deepfakes move from the entertainment sphere to business and enterprises . In fact , two-thirds ( 66 %) of businesses have reported witnessing a deepfake attack in the past 12 months . The technology leaves security teams battling false information and identity fraud designed to compromise an organisation ’ s integrity and reputation .
Chad Skipper , Global Security Technologist at VMware
Deepfake attacks , identified in email , mobile messaging , voice recording and social media , are pliable enough to grow into the scammers ’ weapon of choice .
This year , we will see the number of deepfakes continue to soar . Businesses must take proactive steps to mitigate the risk of falling victim to deepfake-based scams via investments in detection software and employee training to ensure they are able to detect deepfakes .
The big red ( digital ) button
Critical infrastructure is facing a year of vulnerability as cybercrime toolkits will undoubtedly develop behind borders . The majority ( 65 %) of respondents to VMware ’ s GIRTR stated an increase in cyberattacks tied to Russia ’ s invasion of Ukraine . Russia ’ s digital offensive has revealed a new era of warfare ,

The majority of cybercriminals are inside the target environment only hours ( 43 %) or minutes ( 26 %) before an investigation occurs .

designed to corrupt key industry services bringing infrastructure , such as power grids , to a standstill . Ukraine ’ s threat response readiness is vital to its defence and cyber tactics
38 www . intelligentciso . com