THOUGHT LEADERSHIP
Shifting cybersecurity stance – from defensive to proactive
We’ re seeing a growing number of businesses evolving cybersecurity strategies from a robust defensive posture to a more proactive approach. This involves cyberthreat intelligence, which is turning companies into threat hunters. Cybersecurity teams are actively monitoring the cyberthreat landscape to better understand what attacks could look like. By building knowledge and insight about criminals’ tactics, businesses can better predict, prioritise and prevent possible attacks. Action can be taken to mitigate risks, before they have the chanceto materialise into events that cause critical disruption and destruction.
Ransomware threats evolve at pace and cyberthreat intelligence can provide businesses with enhanced visibility of what they are up against. There are four ransomware trends in particular that show just how quickly attackers are adapting tactics.
Top tips for defending against growing threats
• Multi-layered threat intelligence
A multi-layered, threat intelligence programme can monitor and determine how ransomware threats are changing shape. This creates opportunity for proactive mitigation. For example, against wiper-style attacks, the most critical action is to ensure the recoverability of core systems and data, regardless of whether ransomware is deployed. This includes implementing immutable, offline backups that cannot be altered or deleted by attackers, as well as regularly testing restoration procedures under simulated attack conditions. Since data exfiltration typically occurs before destruction, organisations must also strengthen data loss prevention and insider threat detection capabilities, ensuring sensitive assets are tagged, monitored and access is tightly controlled.
Moreover, every month there are tens of millions of leaked credentials from infostealer malware dumped on criminal marketplaces, making it incredibly likely that credentials from organisations are available to anyone who wants them, cheaply. Organisations need to monitor for these leaked credentials and take action when they are discovered. Of course, multi-factor authentication is important, but so it means taking action and forcing password changes as soon as leaked credentials are discovered or reported. intelligence, assessing exploitability and deploying emergency patches or compensating controls before widespread abuse occurs. This means being able to act within days, not weeks. When a new vulnerability is announced, especially for common platforms targeted by ransomware groups and the initial access brokers that support them – such as SSL VPNs or certain firewalls – scanning for that vulnerability starts almost immediately and exploitation starts within 24 – 48 hours.
• Don’ t underestimate‘ lower risk’ groups
The emergence of‘ lone wolf’ ransomware attackers can mean that the successful takedown or disruption of an RaaS group by law enforcement doesn’ t necessarily spell the end of a group’ s ransomware. Organisations need to be alert to this and continue to monitor for code, tools and techniques from RaaS groups they believe to be defunct or lower risk.
• Keep up with AI ransomware trends
Being aware of how attackers are using AI in ransomware attacks is crucial to adapting and testing defences. For example, regular employee training and communications should be informed by changing criminal techniques. Staff have to be shown realistic examples of the risks they face, with simulated exercises creating awareness of how convincing AI-assisted attacks can be.
The future of ransomware
Ransomware attacks now target every type of organisation, making it essential for both public and private sector leaders to treat cybersecurity as a strategic risk.
There’ s no single, universal defence against these threats because they can strike from many directions. Effective protection requires a clear understanding of the threat landscape and a co-ordinated response across the entire organisation. The encouraging news is that many organisations already have the necessary tools in place – the challenge is to refine and align them to safeguard the organisation, its employees and the customers who rely on it. x
• Supply chain management
Defending against ransomware attacks delivered via zeroday vulnerabilities requires full supply chain risk management. This can include tracking third-party dependencies, validating update integrity through code signing and requiring vendors to demonstrate secure development practices.
Additionally, organisations must maintain a mature vulnerability management programme capable of rapidly ingesting threat
www. intelligentcxo. com
49