The evolving cybersecurity threat & how businesses can prepare for it

Cybersecurity continues to be among the top three risks for businesses over the past few years, primarily due to increased digital adoption in recent times. The increased digital presence is exploited by threat actors who use advanced techniques for hacking into organizations' systems. There is a marked proliferation in the number of well-established criminal organizations, who sell confidential data—excavated by such hacking expeditions—on the dark web.

Cyber criminals have been constantly working at reducing the time taken between initial access, lateral movement, and actual execution of a data breach, contributing to higher occurrence of cyber incidents. Generative Artificial Intelligence (Gen AI) makes it easier even for unskilled actors to commit intricately planned attacks that they would otherwise find difficult to execute manually. 

In the current cyber fraud landscape, mid-size or large organisations have dedicated CXOs driving information and cybersecurity initiatives to secure the business from unwanted cyber-attacks and minimize disruptions to operations. These specially appointed leaders must brace themselves to tackle emerging developments over the next several years.

1. Digital adoption: Organizations face the most significant cyber threat from digital adoption, which is constantly on the rise with the adoption of Cloud necessitating organizations to scale up their infrastructure to include multiple Cloud environments. The average of internet-facing applications in an organisation ranges from 10 to 100, which mean multiple surfaces that serve as entry points for attackers. Organizations will need to deploy ample security checks across all entry points to ensure they are protected by cyber risks.

2. Ransomware attacks: Ransomware has evolved as the most potent weapon for hackers to bring business operations to a complete standstill. Over the last few years, at least 50 per cent of cyber incidents involved ransomware and with the adoption of AI, there’s a surge in bot-based attacks. The average cost to mitigate a ransomware incident is roughly $4.5 million. In addition to this, regulatory requirements may include potential litigation and claims from end users in the event of personal or sensitive data being leaked.

3. Gen AI: With the advent of Gen AI, it has become easier for novice hackers to launch sophisticated attacks. Easy access to a plethora of open-source Gen AI tools further fuels cybercriminals’ intent. We are entering an era of cyber-arms race where AI is accelerating impact for both security professionals and threat actors. This indicates that the velocity of the cyberattacks will continue to increase as low skilled adversaries reduce the time from initial entry to lateral movement, finally executing a data breach.

4. Insider threats: Another emerging trend is that of rogue employees misusing company infrastructure to create avenues for exploitation of security vulnerabilities. Employees possessing sound knowledge about cybersecurity help hackers gain entry into the organization through loopholes that they are privy to. Compromised insider accounts, unintentional data leaks, and disgruntled employees—all constitute a substantial security risk. Hackers keep performing reconnaissance activities to probe for employees who can help them with their diabolical motives.

5. Cybersecurity and forensics abilities: Having the right individuals who understand technical and operational aspects related to cyber forensics and incident response is a must for organizations with large digital footprints. The market is exploded and currently there is a dearth of skilled professionals to manage in-house cybersecurity. It's a demanding job that needs continual skill development and the willingness to work outside of typical working hours, which can be stressful. To add to it, security teams are often held liable for breaches and are sometimes penalised unfairly. This risk will continue to evolve and CXOs will have to manage the situation, while ensuring minimal business disruption.

6. Cyber Forensics readiness and Incident Response management: There are two types of organizations—the ones that have suffered a cyber breach and the ones who are unaware that they have suffered a data breach. It is imperative to have a robust Incident Response and Cyber Forensics readiness plan in place to prepare for the eventuality of business disruption.  Security teams often lack the necessary expertise to provide the security apparatus with the controls required for a post-incident response analysis scenario. This increases the cost of performing a breach investigation in most cases. A thorough Cyber Forensic readiness assessment and an Incident Response plan will help establish cyber resilience to withstand cyber-attacks, enabling proactive security measures.

7. Cyber insurance: Adopting cyber insurance is fast emerging as a risk-mitigation strategy for handling cyber incidents. Good cyber insurance coverage will help organizations respond efficiently in the event of a breach while also lowering expenses.

Going forward, CISOs and CIOs must demonstrate outcome driven KPIs related to cybersecurity investments to reassure boards that acceptable ROI is achieved while managing security expenditures. Boards will require adequately skilled members to help understand cybersecurity-related risks. This will also help ensure that they hold the relevant teams accountable while providing adequate support in building a cyber resilient organisation for future cyber-attacks.  

Authored By: Ranjeeth Bellary, Partner, EY India Forensic and Integrity Services – Cyber Forensics