Episode 70: Evolving Cybersecurity: Key Trends and Best Practices for Organizations

JP Ruth02/08/2024

Senior editor JP Ruth from InformationWeek joins us on the #shifthappens podcast to discuss the latest cybersecurity trends, including notification requirements, supply chain vulnerabilities, sophisticated social engineering tactics, AI risks and benefits, cloud and edge computing developments, and evolving security best practices. We cover several key takeaways for organizations to understand in order to improve their security posture.

Notification Requirements Raise the Stakes

New regulations at both state and federal levels increasingly require organizations to notify government entities about cyber attacks and data breaches. As Ruth points out, this requirement raises the stakes around security incidents:

"One of the questions and I guess incident types that we’re starting to get a better understanding of is with the need for notification and government entities saying that word needs to come out when something happens and there’s an issue."

In fact, some hackers have even "snitched" on their own victims, reporting organizations that failed to disclose attacks as required. This takes security into a new dimension - no longer can organizations hide attacks simply to save face. Transparency around security incidents is an absolute must now.

Supply chain risks also increase accountability across vendor and partner networks. The massive SolarWinds attack in 2020 revealed how hackers can remain persistent and undetected within systems for years. As Ruth emphasizes, "Trust but verify" is essential across business ecosystems now more than ever:

"It is now really, everyone needs to be a lot more open and have conversations about their security, you know, incidents of the methods that they’re taking, the approaches they’re taking."

Geopolitical drivers also raise the stakes, with more state-sponsored attacks specifically targeting certain organizations or industries based on political agenda. Organizations must understand how they might unexpectedly get caught in the cross-hairs of cyber warfare unfolding halfway across the globe.

Leveraging AI - Risks and Benefits

Artificial intelligence brings many emerging risks as well as benefits when it comes to security. Attackers are already leveraging AI for more sophisticated social engineering attacks and deep fakes that impersonate trusted identities. But AI also powers advanced defensive technologies when applied properly.

Ongoing policy discussions around AI governance and acceptable use try to balance the need for innovation with ethical guardrails. As Ruth explains, organizations must pay close attention to these policy impacts while also understanding both sides of AI's security potential:

"Be aware that the policy landscape is going to continue to evolve...that is something to continue to watch as that evolves because that has the potential to maybe not just mimic policies that European entities and states have put into play, but there might be other new layers of policy that they might have to adhere to."

"Consider the possibilities of what the further advances in AI are going to bring, not to be a doomsayer about AI, though I’ve got my personal perspectives on how it could be used for good or ill, but it is definitely has ways that it can further democratize the ability to launch attacks. But there might be ways to apply AI to create defenses as well. And that’s going to be something to just, uh, Pay attention to..."

People Still the Weakest Link Against Attacks

Despite expanding security awareness training over the past decade, people still enable the majority of attacks via social engineering tactics and exploitation of human vulnerabilities. While foundational training is essential, it must continue evolving to address the sophistication of today's social engineering campaigns and emerging technologies like deep fakes.

As Ruth advises, verifying identity and double checking any unusual requests or instructions is critical, even when purportedly coming from senior leadership or trusted sources:

"Training people to understand that, to double check that maybe like the email address that might look close. but could be just off just a bit or amassed in some other ways to make it look like it’s official and to not just click that link or just to follow those instructions."

Attackers are now combining advanced social engineering techniques leveraging AI with hacking tools and malware for maximum impact. Defending the human element requires matching this level of sophistication with policies, technology, training, and vigilance.

Cloud and Edge Computing Complications

The pandemic necessitated a rapid shift to cloud computing as workforces suddenly distributed. While cloud delivers efficiency and agility, this expansion distributed data and environments extensively, complicating security. As Ruth explains, hybrid decentralized environments are now replacing the old centralized "security guard" IT model:

"It is creating a really mixed bag, like kind of more of a quilted landscape rather than just like kind of like one cohesive sheet, you know, like kind of like landscape, you know..."

With data and apps now accessed across vendors, customers, partners, and user devices, organizations must coordinate security efforts extensively. Roles, responsibilities, security resources, features, controls, and costs must be clearly defined both internally and with outside entities.

And while cloud providers offer security services, organizations must validate exactly what's offered and how it's governed. Shared liability changes how breaches are addressed - coordination and transparency between stakeholders is essential.

Ruth emphasizes this partnership requirement as security complexity increases:

"It is something that at least I would hope that more organizations are having a kind of like this kind of like group conversations to talk about how they’re collectively going to safeguard things because it has become more of a, more of a, you know, it takes a village, if you will, uh, to secure things..."

Steps Organizations Must Take to Improve Security

Given escalating cyber risks, what steps must organizations take to improve security? Ruth provides several key takeaways:

1. Continuously monitor the evolving regulatory and policy landscape as new cyber rules emerge, especially around AI governance which remains fluid.
2. Understand the expanding range of attack tools and scenarios as technology democratizes threats - the barriers to entry for launch attacks grow lower each year.
3. Seriously consider proactive AI defense investments rather than just AI innovations for customers - fight fire with fire as they say.
4. Align internally and externally through transparency, verified security measures, coordinated incident response procedures, and collective vigilance across partnerships.

As threats advance, defense requires a coordinated effort across people, policy, and emerging technology. Cybersecurity is now a team sport - organizations must empower internal players while aligning with partners, vendors, regulators, and industry coalitions. Shared vigilance and open collaboration can help turn the tables against increasingly sophisticated attackers.