11 Ways Cybersecurity Threats are Evolving
Cyberattacks continue to increase in number and frequency. While some organizations, particularly highly regulated companies, have achieved a high level of cybersecurity maturity, tactics continue to evolve as new technologies become available making it more difficult for smaller organizations to cover all the bases. Moreover, people tend to be the weakest link in the cybersecurity chain.
“[C]yber threats continue to evolve as technology advances. Motivations behind many of these attacks can vary from monetary gain to political activism, disrupting the global supply chain and critical infrastructure, to attempts to undermine the very bedrock of society — and the current geopolitical landscape creates a rich set of opportunities for them to craft their plans. These all contribute to the evolution of cyber threats by influencing the motivations, capabilities, and targets of cyber actors operating in these regions,” says Cameron Over, partner and cybersecurity lead at business advisory firm CrossCountry Consulting in an email interview. “Also evolving, and certainly anticipated by threat cyber criminals, is the vast opportunity that artificial intelligence provides for AI-powered malware, deepfake, and synthetic media, and an even more sophisticated social engineering engine, powered by AI.”
Meanwhile, enterprise attack surfaces continue to expand with the explosion of device types, pushing out from the traditional network of computers to phones, IoT and IIoT devices. As the tech stack becomes more complex, the potential points of failure grow, and worse, some teams don’t have visibility into those security gaps.
“By the time you’re doing an annual audit, quarterly penetration tests or any number of things that are supposed to be proactive in corporate security, by the time you test again, even if it’s literally weeks — which is what it takes to generate the report — somebody’s been hired, somebody’s been fired. It’s as simple as that,” says Ralph Echemendia, an independent cybersecurity consultant, otherwise known as The Ethical Hacker. “It’s already changing the landscape because the threats aren’t purely technical.”
Following are more ways the threat landscape is evolving.