Writer: CHESTER WISNIEWSKI, Director Global Field CTO, Sophos

With 2024 fast approaching, what are the results for 2023 and what are the developments in the threat landscape for this new year?

The year 2023 was marked by persistence in the tactics of cybercriminals, with the predominance of ransomware, the exploitation of vulnerabilities, theft of credentials and even attacks targeting the supply chain. The common point in all his attacks is their formidable effectiveness.

It is therefore essential to ask what trends will persist in 2024 and what strategies businesses should adopt to deal with these future cyber threats.

Between persistent trends and evolving cybercrime tactics

In 2024, the threat landscape is not expected to change radically, particularly with regard to attack typologies and criminal tactics and procedures.

Criminal groups still primarily focus their attention on financial gains and ransomware remains their weapon of choice. These cybercriminals tend to take the easy way out by opportunistically attacking unpatched security vulnerabilities.

The recent Citrix Bleed attack demonstrated the agility of cybercriminals when it comes to quickly and effectively exploiting these new vulnerabilities.
However, once patches are applied to these vulnerabilities, cyberattackers tend to revert to more common strategies of stealing credentials or, failing that, cookies or session cookies, which, while slightly slower, constitute always a proven means that allows them to penetrate within a system.

In 2024, however, we should expect increased sophistication in defense evasion tactics, particularly due to the generalization of certain technologies such as multi-factor authentication. These attacks will combine malicious proxy servers, social engineering techniques and repeated authentication request attacks or “fatigue attacks”.

AI and regulations will continue to shape cybersecurity

In 2024, the development of AI will have a positive impact on the efficiency of IT teams and security teams by enabling them to strengthen defenses and work more efficiently, including through the processing of vast volumes of data in the aim of detecting anomalies. It should make it possible to respond more quickly in the event of an incident.

Indeed, analysis of attacks in 2023 showed a shortening of the time between network penetration and the triggering of a final attack – using malware or ransomware. The need for rapid detection and response tools to prevent costly incidents is therefore essential.

Finally, regulatory developments could have a major influence on measures taken against ransomware. The need to take more substantial measures could push some states to penalize the payment of ransoms, which would represent a brake on malicious actors and change the perspective of companies in the event of an attack.

Other stricter legislation, such as the implementation of the European NIS2 Directive, is also expected to force companies to take additional measures, particularly regarding their abilities to collect data sets.

To protect themselves against increasingly rapid, effective and costly attacks, companies will need to strengthen their defenses by equipping themselves with tools that allow them to detect and respond to incidents more quickly.

The worsening cybersecurity talent shortage does not appear to be as serious as some studies claim. On the contrary, companies have implemented more lax hiring criteria and more open-mindedness in the recruitment process.

From this perspective, to guarantee their survival in a constantly evolving threat landscape, companies have every interest in establishing partnerships with cybersecurity experts whose main mission is to make the hyperconnected world safer, to advise and assist them. in setting up effective defenses.

Businesses today face many threats; but if those coming from outside are their main source of concern with a priority focus on ransomware, they too often forget to consider internal threats which can be just as devastating.

In fact, they take less time to assess the adaptability of their internal security measures in case a cyberattacker manages to break through their defenses from the inside and recover sensitive data that is easily accessible to him. So, what are the means to put in place to detect these threats and respond to them effectively?

The sources of these insider threats are diverse and very often undetected or detectable. They can thus be the result of negligence or even malice.

They can, for example, come from an implementation of relaxed security controls that do not apply to certain systems, or from a lack of logging and identification of these malicious activities.

Although, difficult to measure – since they are rarely the subject of dedicated reports – these internal attacks have already affected many companies.

What are the reasons for the appearance of these threats?

Intentionally or not, insider threats are legion. For example, when an employee carelessly forgets a USB key containing copies of critical information on the train, he then neglects to comply with all the rules in force.

This type of situation can be tragic for the company since there is therefore a risk of theft or public exposure of information that could lead to a violation of official regulations imposed by a governing body (usually GDPR, PCI and HIPPA) or by several regulatory bodies’ premises.

The company must then be extremely transparent by disclosing to its employees – and more broadly to the general public – that it has been the victim of a data breach within the organization, and it must also be held accountable. of all actions associated with this data breach.

But it can also be actions triggered intentionally for a wide variety of reasons. An employee may, for example, realize that he has the possibility of carrying out a malicious action in his workplace because of relaxed controls or because he has high visibility.

This type of situation can lead to the theft of confidential information belonging to the company. The employee then seizes this opportunity to harm the company with impunity.

Various flaws and patterns

Cybersecurity experts have identified three distinct insider threat motives which are revenge, greed, and inattention.

The first two reasons include, for example, intentional and accidental acts, and are more likely to occur following a dismissal or a resignation. However, these reasons vary according to the type of activity of the company.

In the case of the defense sector, it can be corruption or espionage, unlike the ICT sector, where commercial data theft is more widespread.

Employees in charge of selling products and solutions can thus save their customers’ contact details in files and programmers can steal the source code. Despite their media coverage, on the whole, cases of espionage or sabotage remain, fortunately, exceptions.

More generally, data leaks are often caused by insider threats, when sensitive information belonging to the company becomes “uncontained”, when it should be classified confidential according to the operational context.

This information then becomes “public” and people whose position has nothing to do with it can consult it. Very often, when businesses are faced with such accidental data loss or leakage, it is the result of carelessness, inadvertence or clumsiness – such as the loss of mobile devices, USB storage media or public exposure of repositories stored in the cloud.

The classic example of accidental data release comes from the use of the “To” and “CC” fields when sending an email to multiple external recipients, where personally identifiable information is exposed to all of these recipients; a situation that could have been avoided by using the “CCI” (blind copy) mode.

Finally, data destruction is also a typical action where the integrity and availability of data is taken away from the business.

This has the effect of preventing him from accessing critical information, which can directly impact the operational capacity of the company. While this activity is mostly associated with ransomware operators, it can also be attributed to insider threats.

It should be borne in mind that there are many reasons that could lead to such acts, but the main reason remains that the data is generally stored in a weak way, which allows too many people to access information that has nothing to do with the tasks entrusted to them.

These people can steal sensitive data for revenge, but also destroy it or remove it from the company or even try to extort its return.

How can we best respond to these threats?

The implementation of a strategy to prevent these internal threats remains difficult to implement, since once the attack has been launched, anticipation and control are already outdated. It is therefore extremely important to set up preparation sessions aimed at determining the impact of these attacks.

Thus, training employees in the correct use and understanding of internal company systems and processes can go a long way towards avoiding errors associated with accidental data leaks.

In addition, it can be useful to turn to several solutions and tools such as file and document management systems to better manage the critical data that the organization has in its possession. ZTNA limits access to only required tools/services/apps rather than everything on a company’s LAN.

It is also possible to employ Data Leakage Prevention (DLP) tools, capable of preventing accidental data leaks – except in the case of intentional theft. XDR systems and firewalls can also be very useful as part of the disaster prevention and recovery plan because they allow DLP to be implemented and log access and data movement at the same time.  Their actions facilitate forensic work, particularly in understanding failures and their consequences.

Finally, the implementation of technical controls capable of regulating access to data and systems that contain sensitive information, as well as the monitoring of the results of these controls and the responses to violations of the security policy contribute to the detection of ‘a malicious attack in progress.

To protect their company and their employees from these internal threats, managers must imperatively limit access to the data to the persons concerned and ensure the implementation of strict controls on the most sensitive data, while providing them with the support they need.

In essence, therefore, the right balance must be struck between people, process and technology, since any imbalance can favor the introduction of instability, as well as an easier increase and spread of risks – whether they either external or internal to the company.

I’ll start on this by referring you an earlier piece I had written on 17 April, 2021 about Professor Farooq Kperogi when he attempted to hoodwink his readers and Professor Pantami that he was the latter’s friend but still went ahead to disparage him by spewing lies and supposed private matters on the Professor, the piece can be read here.

At that point, I had just switched from being his ardent fan to seeing him for who he really is, a propaganda merchant who thrives on the docility of Nigerians to cash out.

Kperogi had to acknowledge that article as it bursted his little games on 24 April, 2021 in his column tagged ‘On my friendship with Pantami’ and which can be read here.

I read Kperogi piece of today 11^th February, 2023 where he attempted to as usual disparage Buhari’s naira policy and linked it as a ploy to stop a BAT and I found the analogy in it very ludicrous to say the least. I wonder why Kperogi has developed a permanent feeling and understanding that Nigerians are extremely daft and so he could spew anything at them albeit hypocritically after cashing out his little coins behind the scene.

Kperogi is a supporter of Tinubu but just like so many Nigerians who share his type of double character, he is  finding it difficult to come clean about it, so he is using mind games this time around to blame Buhari and his policy as the reason why Tinubu would fail even though according to him, he doesn’t want it but he would prefer that the failure of Tinubu occurs through ballots and not through sabotage.

However, what Kperogi and the likes who don’t have the audacity and criticality to formulate critical campaign strategies to market Tinubu don’t understand is that the suffering of Nigerians which had largely made them to make up a mind did not start with the naira scarcity and it’s attendant suffering which in my opinion is over bloated by the likes of Kperogi and other propaganda merchants to unfairly blackmail Buhari into succumbing to perhaps use state resources to install Asiwaju as president and that won’t happen because in reality Nigeria has long moved away from such. You have to have some level of popularity to rig elections in any society and rather than campaign enough to get the masses support for Asiwaju, Kperogi and the likes believe the victory must only be gotten through blackmail.

While on my way back from office yesterday, I critically examined the menial marketers like ‘suya’ sellers and the rest, and I saw a normal activity going on as I used to know it and I wondered in my mind where the excessive suffering that was been hyped was? It has also been established and I know that those people in the remote villages that Kperogi attempted to refer to do not need more than one to five thousand Naira to transact and while in the beginning things got a little rough, POS merchants have since gotten cash for them and things are normalizing, so I’m sure that the whole propaganda about suffering is being spewed by some political elements who perhaps see free and fair contest as a threat to their victory and such narrative has to stop quickly because in recent past it was same kind of narrative that made Jonathan loose elections, Nigerians desist such fearful narrative.

Furthermore, Kperogi alluded to the fact that Asiwaju always used billion vans to win his way through elections, assuming without conceding that was true as coming from him, is Kperogi then telling us that he supports a corruption of the electoral system? If anything, is ensuring a free and fair contest by Buhari not worthy of commendation? I can bet you Nigerians especially those from

Northern Nigeria have accepted this policy not because there are not minor and temporary discomfort about it but because they see it from the prism of Buhari doing what he ought to have done a long time ago which was to annihilate corruption and its practices, so it appears the people were ready to bear this brunt in as much as it guarantees free and fair contest.

Speaking about a payback by Buhari after Tinubu had supported him, I have maintained in different fora that the agreement for the reciprocation was a party matter and that had been settled at the primary elections because indeed all stakeholders allowed Tinubu to emerge even though they had other preferences which is normal with every human. However, general elections are a totally different games because there are other contestants and it is a democratic regime we are in where numbers of votes garnered matters most, so Kperogi and co should rather concentrate on fetching votes for Tinubu rather than blackmailing Buhari to hand over powder to Tinubu already baked.

Kperogi supports Tinubu,I knew this penultimate the primary elections, when he kept dropping hammers on Osinbajo, a contract he collected to disparage Osinbajo in the eyes of the northerners so as to pave way for Asiwaju and that worked but the current one won’t work because the ordinary people from the north have bought into it to a large extent maybe not so much from the beginning of it but much more now. Rather than all these intellectual shortcuts, I have advised the APC and it’s campaign to make appropriate recruitments to formulate strategies and such recruitments can be out of the ‘big names’ and the usuals, there are millions of smart boys and girls out there who can beat Kperogi and the likes to their cheap and opportunistic games, Daniel Bwala is one of such examples!

May the best man win for Nigeria’s increased progress, Amen!