The importance of cybersecurity cannot be overstated. As businesses and individuals rely increasingly on digital platforms for communication, commerce and information sharing, the threat landscape grows increasingly broad and complex.

This is according to ICTGlobe Managed Services MD Jan Hitge, speaking during a Lunch and Learn session held in conjunction with TechCentral recently.

The aim of the session was to unpack the cybercrime trends to watch out for in 2024. Hitge opened the session by discussing how visibility is key to cybersecurity. “You cannot defend against what you cannot see, which is why visibility is emerging as a critical linchpin when it comes to fortifying defences against cyber threats.”

Visibility, he said, refers to the comprehensive awareness and understanding of the entire digital environment, encompassing networks, devices, applications and user activities. “Businesses need to understand the pivotal role that visibility plays in crafting robust cybersecurity strategies. Essentially, without a clear and real-time understanding of the dynamic digital landscape, identifying, mitigating and preventing cyber threats becomes an uphill battle.”

A complex landscape

Next, First Distribution Microsoft security specialist Sahil Kassie said as the world becomes increasingly connected and digital, cybersecurity is becoming more complex. “As an experienced technology provider, we know how challenging it can be to prioritise where to focus security efforts. Between infrastructure, data, and apps in the cloud, there’s a lot more to protect.”

Sharing some Microsoft statistics, he said that one hour and forty-two minutes is the median time it takes an attacker to begin moving laterally within a corporate network once a device is compromised, and that 98% of cyberattacks can be prevented with basic security hygiene.

“You’re only as strong as your weakest link,” Kassie said. “Keeping up with today’s threats means securing every area of vulnerability, including e-mail, identity, endpoint, Internet of Things (loT), cloud and the external attack surface.”

According to him, there are six things businesses need to know to prevent compromise…

E-mail remains a top vector

Firstly, e-mail remains a top attack vector and a focus area for defence. “A mere 72 minutes is the median time it takes an attacker to access private data should someone fall victim to a phishing e-mail.”

Alarmingly, this year nearly half (45%) of ransomware involved the use of e-mail. Phishing attacks also increased by 61% from 2022 to 2023. “Bad actors are commonly using legitimate resources to carry out their campaigns, making it harder to tell the difference between real and malicious e-mails.”

Kassie added that using safeguards such as URL checking and disabling macros will help boost an organisation’s security posture. “However, tackling more advanced e-mail threats needs e-mail signals to be correlated into broader incidents. Security professionals need to visualise the attack and understand how malefactors are taking advantage of other parts of the environment to leverage legitimate resources.”

The expanded identity landscape

Next, he says the expanded identity landscape is also expanding opportunities for attackers. “We saw 921 password attacks per second in 2023, a 74% increase from the year before, and 93% of Microsoft investigations during ransomware recovery engagement revealed insufficient privilege access and lateral movement controls. Attackers are getting more creative when it comes to circumventing multi-factor authentication and phishing kits have made it even easier to steal credentials.”

This is why Kassie said the identity attack surface is more than just securing user accounts: access and workload identities need to be covered too. “For instance, attackers frequently gain access to third-party accounts and then use those credentials to infiltrate the cloud and steal data. Often, this is accomplished through workload identities which can be overlooked during permissions auditing.”

Endpoint blindspots and IoT devices

Thirdly, hybrid environments and shadow IT have increased endpoint blind spots, he said. “Shockingly, 3 500 is the average number of connected devices in an enterprise that are not protected by an endpoint detection and response agent.”

Kassie said that as loT devices are proliferating, so are loT threats. “The sheer number of devices in today’s hybrid environments has made securing endpoints more challenging. Unmanaged servers and BYOD personal devices contribute to the shadow IT landscape and are particularly appealing to threat actors. And it only continues to grow.

In fact, 41 billion loT devices are expected in enterprise and consumer environments by 2025, and 60% of security practitioners say loT and operational technology security is one of the least secured aspects of their infrastructure. “loT devices are an often overlooked endpoint attack vector. Interestingly, as organisations harden routers and networks to make them more difficult to breach, loT devices are becoming a threat target of choice for threat actors.”

For example, Kassie said an loT device can exploit vulnerabilities to turn loT devices into proxies, by employing an exposed device as a foothold onto the network. “Too often, entities have no visibility into loT devices, which can even contain dangerous vulnerabilities, such as outdated or unsupported software.”

He added that there are emerging regulations for loT security in various countries but gaining more visibility into all of the business’s attack surfaces is key, and this includes loT devices.

Securing the cloud

The next key point is that protecting the cloud is critical, but complex. “A whopping 895 man-in-the-middle phishing attacks are detected per month by Microsoft Defender for Cloud Apps. On average, 84% of organisations that suffered ransomware attacks did not integrate their multi-cloud environments into security operations tooling.”

Kassie added that companies are increasingly moving infrastructure, application development, workloads, and data to the cloud. This radical shift has increased the number of new attack vectors for malefactors to exploit, with many gaining access through gaps in permissions security.

“Cloud app development is a top cloud attack vector, as is cloud storage, and sometimes, cloud services providers themselves can be affected. For app development, we recommend embracing a “shift-left” security approach; that is, thinking about security at the earliest phase of app development.”

An internet-scale challenge

In ending, Kassie said securing the external attack surface is an internet-scale challenge. “There were 1 613 cyberattack-related data compromises in 2023, which is more than all data compromises reported between 2022 and 2023. In addition, 53% of organisations experienced at least one data breach caused by a third party in that same time frame.”

Today, a business’s external attack surface spans multiple clouds, complex digital supply chains, and massive third-party ecosystems. “It also extends beyond its own assets and includes suppliers, partners, unmanaged personal employee devices and newly acquired entities.”

“The bottom line is that the internet is now part of the network, and despite its almost unfathomable size, security teams must defend their organisation’s presence throughout the internet to the same degree as everything behind their firewalls.”