As we go into autumn there are two significant cybersecurity National Awareness Months coming up. The first is National Insider Threat Awareness Month in September, which serves as a crucial reminder for organizations to strengthen their most powerful cybersecurity defense—their employees. While many may label a disgruntled ex-employee or someone looking to gain an edge in a new job as the ultimate insider threat, the reality is that every individual, from an intern to the CEO, has the potential to pose a risk to the organization and employee security and awareness training and education programs are critical.
The second is National Cybersecurity Awareness Month in October. Launched in 2004 under leadership from the U.S. Department of Homeland Security and the NCA, this year is the 20-year anniversary. Cybersecurity Awareness Month aims to help Americans stay safe and secure online. Since it started, the movement has grown exponentially, raising awareness amongst consumers, small and medium sized businesses (SMB), enterprises, and educational institutions.
The evolution of cyberattacks
This got me thinking about the type of threats (and the need for threat intelligence) 20 years ago when this initiative was first launched and how threats have evolved. We are all aware that the cybersecurity threat landscape was very different two decades ago than it is today. From a technology perspective, the cloud as we now know it didn’t exist, and there were no Internet of Things (IoT) sensors. Not even Gmail was around and it wasn’t until 2007 that the first iPhone was launched. Cybercrime was more rudimentary. In the first decade of the new millennium, we started to see a rise in more sophisticated attacks, including new viruses and worms as adversaries shifted their focus of attacks from infecting files to infecting systems to infecting the whole enterprise and now to infecting an organization’s entire ecosystem.
Back then, cybersecurity tools were very different. Forensic investigations weren’t automated; they were mostly done onsite and by hand. There was a lot of vulnerability scanning carried out on big screens, and there was little to no technology that allowed work to be done remotely. You would have to physically plug into the network and review the data to compare how an organization was performing from one month to the next. The data would then be manually input into spreadsheets. I wrote about how threat response is evolving in a previous SecurityWeek article which you are welcome to read.
Collaboration and sharing of threat intelligence
Fast forward to present day and it’s well known that cyber threats and tactics used by cybercriminals have evolved significantly, but so have solutions to combat these threats. In addition, there is now more collaboration and sharing of threat intelligence. However, threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem. We started by protecting desktops and laptops. Then we moved onto protecting networks to keep the bad guys out. Now there is a need to design protection that works inside the network, mitigating both lateral movement and insider threats, as well as IoT and OT/IT protections as many OT environments are no longer air-gapped from the Internet. And as we look to the future, this leads to expanding protections for cyber-physical threats where critical national infrastructure organizations are being targeted. To this point our latest ThreatQuotient Cybersecurity Automation research, which is due to launch in the Fall, highlighted that in the coming year, respondents expect cyber physical attacks will be the most common attack vector targeting their organization, surpassing even phishing attacks and ransomware.
Likewise with AI, which is seen as both an opportunity and a threat at the same time, we are starting to see the need for security solutions that leverage integrations with generative AI tools such as ChatGPT to accelerate capabilities for contextual information gathering and sharing. That’s because with AI-created videos and deepfakes flooding the internet and circulating across social media, we now live in a world where seeing and hearing are no longer believing. We’ve also seen issues around AI hallucinations, data poisoning targeting AI models and there’s no doubt that the cybersecurity implications are considerable as large language models (LLMs) and visual generative AI tools create opportunities for the bad guys.
The emergence of Dark AI
As the use of AI becomes more widespread and mainstream, it shouldn’t be a surprise that it is also being used for malicious purposes. Innovation can be a double-edged sword, with breakthrough milestones representing opportunities for increased productivity as well as potential weaponization. In a similar vein to the Dark Web, which has been home to malicious actors for decades, we are now seeing Dark AI, which is the application of AI technologies and notably, recent innovations in Gen AI, for the purposes of accelerating or enabling cyberattacks. Dark AI is adept at learning and adapting its techniques to breach security systems. It is specifically engineered to leverage AI benefits to conduct cyberattacks, infiltrating systems and manipulating data. The core function of Dark AI is to exploit vulnerabilities in digital infrastructures. The effects of Dark AI often go unnoticed until significant damage is already done.
This exponentially increased scope of attack requires operating scale for defenders so that internal SOC teams and their industry peers and complementary technologies and machines can scale intelligence faster and go to the next level in order to respond to adversaries. To scale quickly, organizations need to automate more and again our research highlights the importance of automation and how this has increased on average year on year with 98% of survey respondents seeing budget increases and nearly 40% now securing net new budget rather than diverting it from other areas.
Cybersecurity threat intelligence can be a tool that helps organizations better understand the threat landscape and scale their operations. Paired with other internal data, it provides context to help internal teams work more efficiently and effectively to help combat increased attacks and enable organizations to keep one step ahead of adversaries. It will be interesting to see what innovations are out there—both good and bad—when we come to mark the 25th anniversary of Cybersecurity Awareness Month. Watch this space!
