Intelligent SME.tech Issue 04 | Page 17

intelligent

// TECH TRENDS //

What is important to understand is that the attacks do not just attempt to execute a lockout or encryption of data anymore but are increasingly aimed at extraction or stealing data from organisations .
While some cybercriminals may sell the data on the Dark Web , others may threaten to leak the data for a higher pay-out on the ransom . We predict that this will become hackers ’ ransomware end game – though the risk of detection rises along with the potential payday .
Granting ‘ least privilege ’ is essential in preventing unauthorised access to businesscritical systems and sensitive data by both external actors and malicious insiders .
Striving towards zero-standing privileges and only granting just-enough , just-in-time access to target systems and infrastructure can limit lateral movement that could lead to data exfiltration and additional damage .
Artificial Intelligence
AI will re-learn how to squash insider threats
September was Insider Threat Awareness month and a lot of attention was paid to the threat but not always to the remedies . Fortunately , more tools are relying on AI technology to address this challenge , such as data loss prevention ( DLP ) and user and entity behaviour analytics ( UEBA ).
However , these tools must establish a behavioural baseline first , which has not been helped by the pandemic because those baselines basically need to be redone to make those tools effective again . While this represents the drawback of relying too much on AI , it also shows the dynamic resiliency of AI in that it can re-learn what it needs to be an effective security tool , which will be important as we continue to adapt to pandemic-related challenges in 2021 .
When AI is utilised in authentication , it provides the ability to be far more dynamic , create less friction and guarantee real-time decisions . In the context of privileged access management ( PAM ), we know that adaptive multi-factor authentication ( MFA ) is one example where a multitude of authentication factors combined with taking dynamic user behaviour into account can dramatically reduce risk when making authentication decisions .
In 2021 , this could lead to AI being used more frequently to establish real-time risk scores and stop threats at the authentication stage before they can get in to do real damage .
Coronavirus
The drastic COVID-19-related changes to the way people live and work has changed the way attackers operate . The implications of these shifts for 2021 are significant . Over the past year , companies became less secure due to hastily-deployed remote work solutions . That has translated into a lack of employee training , default laptop configurations left unchanged and vulnerable remote access connections . Together these trends have opened up a myriad of new attack vectors , including targeted ransomware campaigns .
Disruption caused by COVID-19 is inevitable and SME leaders have enough to worry about without contending with things like cybersecurity and compliance issues .
Unfortunately , cybercriminals have sensed an opportunity amid the pandemic , launching a spate of attacks that exploit people ’ s fear and uncertainty . It ’ s therefore more important than ever to make sure your organisation is capable of fending off attacks and preventing data breaches .
Cybercrime in 2021 is set to evolve , with new hacking practices becoming more widespread , ransomware gangs consolidating and advanced exploits being used more effectively to target victims . �

GRANTING ‘ LEAST PRIVILEGE ’ IS ESSENTIAL IN PREVENTING UNAUTHORISED ACCESS TO BUSINESS- CRITICAL SYSTEMS AND SENSITIVE DATA BY BOTH EXTERNAL ACTORS AND MALICIOUS INSIDERS .
Intelligent SME . tech
. tech
17