In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.
How have cyber threats evolved over the last year, and what trends are we seeing regarding attack vectors and methodologies?
To some extent, cybersecurity fatigue and complacency have left gaps where threat actors have exploited old vulnerabilities, including gaps in logging and patching, to get a stalwart beachhead into the network. Even the most sophisticated threat actors, including those linked to the People’s Republic of China (PRC), often opt for scanning for unpatched vulnerabilities and other basic configuration weaknesses to infiltrate high-profile targets.
This resurgence of traditional attack vectors highlights the critical importance of diligence in cybersecurity hygiene and the need for enhanced monitoring to combat novel attack techniques.
Are there any industries that are particularly at risk? What makes these industries more vulnerable?
Several industries are particularly at risk:
- Critical infrastructure
- Telecommunications
- Finance
- Government
- Defense Industrial Base
These industries are more vulnerable to cyberattacks because they have a significant quantity of sensitive data that is essential to their business operations.
In addition to the industries mentioned above, any industry that collects and stores personal information is at risk for cyberattacks. This includes retail, healthcare, and education among them.
The report mentions the influence of geopolitical tensions on cybersecurity. Can you discuss how international relations are shaping the cyber threat landscape?
Over the past 2 decades (maybe more), there has been a real shift from nation states who were at the onset apprehensive of electronic warfare methods and tools now shifting to regarding cyberwar tools as just another tool in their box, which they can use against their adversaries in support of national security and diplomatic aspirations.
The most notable and recent example is clearly the ongoing cyber war between Russia and Ukraine. From the onset of that conflict, Russia launched a series of cyberattacks against Ukraine, including on government websites, banks, and power plants. These have caused significant damage to Ukraine’s infrastructure and economy at a critical time.
In addition to nation-state actors, there are also a number of non-state actors that are engaged in campaigns and operations that could be described as cyberwarfare. These include terrorist organizations, hacktivist groups, and organized crime groups. These threat actors can also pose a significant threat to geopolitical stability worldwide.
Significantly, cyber operations is a serious threat to international security in ways we can’t always quantify. It can disrupt critical infrastructure, damage economies, and undermine society’s trust in democratic institutions’ ability to maintain order.
How is the use of AI and machine learning in cybersecurity evolving, and what role do they play in combating new threats?
We believe AI is the most disruptive technology since the invention of the internet, and has the potential to address some of the root causes of insecurity that plague cyber defenders. AI has already changed the way we do security, as we’ve already begun integrating AI capabilities into our external products and internal security tools.
AI provides cyber defenders the ability to tremendously scale their capabilities, while simultaneously reducing toil and burnout. Digital enterprises have learned hard lessons about how to secure computers and systems, attempting to compensate for the fundamental flaws in the internet. Now, we have the chance to design AI security tools the way we want them to be, built securely from the start. We expect cyber AI capabilities and benefits for defenders to surge in 2024, given that the defenders own the technology and thus can direct its development with specific use cases in mind.
How important is the role of public-private collaboration in addressing the threats?
The increasingly interconnected nature of the global economy has made it even more important than ever for governments and private industry to work together to address current and emerging cybersecurity threats.
There are a number of ways in which public-private partnerships can be effective in addressing cybersecurity threats. First, governments and private companies can share information about cyber threats and vulnerabilities. This can help to improve the overall security posture of both the public and private sectors. Second, governments and private companies can develop joint cybersecurity initiatives. These initiatives can focus on a variety of areas, such as developing new security technologies, improving incident response capabilities, or providing cybersecurity training to employees. Third, governments and private companies can collaborate on research and development efforts. This can help to identify new cybersecurity threats and develop new ways to protect against them.
Caveat, when talking about public-private partnerships – what is needed is real operational and ongoing public-private collaboration is essential for sharing information, developing best practices, and mitigating risks and is essential for building a more secure and resilient cyber ecosystem. CISA’s Alerts, Advisories, and resources intended to educate and inform industry are vital examples of ways to enable this ecosystem to grow and operate seamlessly.
In terms of investment, what areas of cybersecurity should be priorities for global businesses?
In terms of investment, there are several areas that should be priorities for global businesses. These include:
- Security awareness training: It is important to educate employees about cybersecurity best practices.
- Vulnerability management: This includes the process of identifying, assessing, and mitigating vulnerabilities in a computer system.
- Detection and response: Strong security posture in place, including firewalls, antivirus software, and intrusion detection systems. It is also important to have a plan in place for how to respond to a cyberattack, including who will be responsible for handling the incident and what steps will be taken.
- Encryption: Encryption is an essential security measure that can protect data from theft, loss, and damage.
- IT security governance: IT security governance should be based on a risk management framework that identifies, assesses, and mitigates risks to the organization’s information assets.