CS Jan-Feb 2024

Computing
Security
Secure systems, secure data, secure people, secure business
SAFEGUARDING HR
Human resources
now a key target for
AI-related cybercrime
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
THE IRON FIST
Demands for ransomware
not to be paid stepped up
BREAKTHROUGH?
Experts pinpoint some of
best strategies that can help
you stay safe in 2024
ALL AT SEA
Tempest of threats lashes
organisations fighting to stay
above the waterline
Computing Security January/February 2024

comment
DEAL OR NO DEAL?
EDITOR: Brian Wall
(brian.wall@btc.co.uk)
LAYOUT/DESIGN: Ian Collis
(ian.collis@btc.co.uk)
SALES:
Edward O’Connor
(edward.oconnor@btc.co.uk)
+ 44 (0)1689 616 000
Daniella St Mart
(daniella.stmart@btc.co.uk)
+ 44 (0)1689 616 000
Stuart Leigh
(stuart.leigh@btc.co.uk)
+ 44 (0)1689 616 000
In early December 2023, a provisional deal was struck on what would be landmark
European Union rules governing the use of artificial intelligence, including
governments' use of AI in biometric surveillance and how to regulate AI systems,
such as ChatGPT.
"With the political agreement, the EU moves toward becoming the first major
world power to enact laws governing AI," enthused global news agency Reuters after
the agreement was announced. The moment was hard won: it came after almost
15 hours of negotiations between EU countries and European Parliament members,
which followed an almost 24-hour debate the previous day.
The accord requires foundation models such as ChatGPT and general-purpose AI
systems (GPAI) to comply with transparency obligations before they are put on the
market. These include drawing up technical documentation, complying with EU
copyright law and disseminating detailed summaries about the content used for
training - and much more, which Computing Security will cover in future issues.
Not everyone is happy about the outcome, including DigitalEurope whose director
general Cecilia Bonefeld-Dahl commented: "We have a deal, but at what cost? We fully
supported a risk-based approach, based on the uses of AI, not the technology itself,
but the last-minute attempt to regulate foundation models has turned this on its head."
Brian Wall
Editor
Computing Security
brian.wall@btc.co.uk
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexions Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK: £35/year, £60/two years,
£80/three years;
Europe: £48/year, £85/two years,
£127/three years
R.O.W:£62/year, £115/two years,
£168/three years
Single copies can be bought for
£8.50 (includes postage & packaging).
Published 6 times a year.
© 2024 Barrow & Thompkins
Connexions Ltd. All rights reserved.
No part of the magazine may be
reproduced without prior consent,
in writing, from the publisher.
www.computingsecurity.co.uk Jan/Feb 2024 computing security
@CSMagAndAwards
3

Secure systems, secure data, secure people, secure business
Computing Security January/February 2024
inside this issue
CONTENTS
Computing
Security
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
SAFEGUARDING HR
THE IRON FIST
Demands for ransomware
Human resources
not to be paid stepped up
now a key target for
AI-related cybercrime
BREAKTHROUGH?
Experts pinpoint some of
best strategies that can help
you stay safe in 2024
ALL AT SEA
COMMENT 3
Deal or no deal?
Tempest of threats lashes
organisations fighting to stay
above the waterline
NEWS 6 & 8
Hornetsecurity reveals a staggering
144% increase in phishing
Cyberattacks are breaching defences
on a massive scale
Support-line aims to ward off attackers
New platform out to deliver vital boost
to cyber resilience
If you're feeling vulnerable…
ARTICLES
THROUGH THE LURKING GLASS 10
How might the 'darker forces' of cyber
security impact the industry in 2024? In
this in-depth feature, we open up the
space to allow several observers to put
forward their thoughts on what might be
lurking up ahead over the next 12 months
THE SAFEGUARDING OF HR 14
Robert O'Brien of MetaCompliance on
the power of cyber security training
AI - WHERE NEXT? 18
With ever more alarming news emerging
TOP-LEVEL FIBRE BEHIND CYBER 16
about the perils of AI, how might the
VIPRE Security offers its key pointers for
technology advance and mutate from here -
getting executive support for cybersecurity
and what will that mean for the security
industry as AI’s powers, for good and bad,
continue to expand at a remarkable rate?
NO COMPROMISE ON TRUST 21
No device, nor user, should be trusted
until secure authentication has taken
place, insists one leading vendor
LIFE INSIDE THE CLOUDS 27
PHISHING FOR THE ANSWERS 22
Traditional cloud security is failing the
Domain phishing scams have now reached
modern enterprise, claims new research
unprecedented levels of sophistication. a
far remove from the phishing scams of old,
POINT OF IMPACT 28
says one observer: “Cybercriminals have
In 2023, some of the biggest corporate
evolved their tactics, crafting websites that
names were brought to their knees. Can
mirror legitimate domains with alarming
we truly expect anything better for 2024?
precision”.
WE SHALL NOT BE MOVED! 24
The US government and dozens of foreign
allies have pledged never to pay ransom
FIGHTING BACK ON ALL FRONTS 32
demands, in a bid to discourage financially
Stealers, loaders, zero-day exploits, brute
motivated hackers and ransomware gangs
force attacks, ransomware, - the list of
from profiteering when cyber-attackers
vulnerabilities is overwhelming. How can
strike. Now, who will be the first to blink?
organisations stay above the water line?
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
WHY AI IS ON ALL OUR MINDS 31
More reflections on artificial intelligence.
See also our main feature on pages 18-20
4

Layers aren’t just for cakes; they’re
essential in cybersecurity’s secret
recipe for protection!
Bake it happen with VIPRE Security Group. Secure your
bytes before you take a bite with Email Security, Endpoint
Security and User Protection
www.vipre.com

news
Bernard Montell.
HORNETSECURITY REVEALS EVER-GROWING THREAT FROM CYBERCRIMINALS
Cyber Security Report uncovers massive step-up in phishing attacks
CYBERATTACKS BREACHING
DEFENCES ON MASSIVE SCALE
Security leadership "needs to be
involved in high-end business decision
making".
Of the cyberattacks that have been
experienced by UK organisations in
the last two years, 48% of these were
successful, according to Tenable.
"This forces security teams to focus
time and efforts on reactively
mitigating cyberattacks, rather than
preventing them in the first instance,"
says the company. With just 60% of
UK organisations confident that their
cybersecurity practices are capable of
successfully reducing the organisation's
risk exposure, there is obviously work
to be done. Comments Bernard Montel,
EMEA technical director and security
strategist, Tenable: "Our study confirms
that security teams are being overwhelmed
by the sheer volume of cyberattacks
they have to react to.
As the attack surface becomes ever
more complex, this imbalance will only
worsen. Security leadership needs to be
involved in high-end business decision
making."
An analysis of 45 billion emails found a 144% increase in
'Daniel Hofmann.
phishing, compared to last year, rising from 12.5% of all
threats in 2022 to 30.5% this year. Hornetsecurity's Cyber
Security Report 2024 reveals the growing threat of cybercriminals
using harmful web links in this way.
It is phishing, however, that remains the most common email
attack technique, states the company. Its use increased by
nearly 4% points this year, rising from 39.6% to 43.3% of all
email attacks. Commenting on the latest report findings,
Daniel Hofmann, Hornetsecurity CEO, says: "Email continues
to be one of the key methods of attack that threat actors use -
and it's essential that firms of all sizes, and across all sectors,
put in place a robust email security strategy to future-proof
their business. The boom in malicious web links and steady rise
in phishing demonstrates that organisations cannot underestimate
the damage such threats can cause and must ensure they use next gen security service,
while also maintaining security awareness throughout the workplace."
Of the 45 billion emails analysed, more than a third (36.4%) were categorised as unwanted.
Within this category, just over 3.6% - or more than 585 million - were identified as malicious.
This represents the widespread nature of the risk, with a vast number of emails posing potential
threats. Threat actors are savvy and adaptable, adds the company, stating: "In the last year,
following Microsoft disabling macros by default in Office, there was a significant decline in the
use of DOCX files (by 9.5 percentage points) and XLSX files (by 6.7 percentage points). Instead,
cyber-criminals opted for HTML files [37.1% of files analysed], PDFs [23.3%] and Archive files
[20.8%]. HTML file usage is a particularly notable trend: usage rose by 76.6% over the last year."
To see the full Cyber Security Report, including predictions for 2024, go to:
https://www.hornetsecurity.com/en/cyber-security-report
CYBER THREATS ARE HITTING BUSINESS LEADERS HARD
Cyberattacks are growing increasingly sophisticated, with 97% of companies
being targeted by email-based phishing attacks in 2022.
That is the finding of Mimecast's 2023 State of Email Security report. This increase
in cyber threats is having a real impact on business leaders, the company says,
show-ing that "cyber risk is not just an IT problem, but a critical vulnerability for
the organisation".
The most prevalent attacks highlighted in the report reported are phishing,
ransomware and spoofing. Phishing was found to be the most widespread,
especially among large enterprises with more than 10,000 employees, where
73% reported a significant rise in phishing attempts.
Smaller businesses were affected more severely. Although two-thirds reported
falling victim to ransomware, 73% of those who acknowledged suffering
a ransomware attack were from companies with 1,000-5,000 employees.
6
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

DON’T
SaaSSS
GET YOUR
KICKED! !
TAKE CONTROL NOW AND
PROTECT YOUR SaaS DATA
Global SaaS vendors like Microsoft, Google and Salesforce
don’t assume any responsibility for your data hosted
in their applications. So, it’s up to you to take control
and fully protect your SaaS data from cyber threats or
accidental loss. Arcserve SaaS Backup offers complete
protection for your SaaS data, eliminating business
interruptions due to unrecoverable data loss.
Arcserve SaaS Backup
Complete protection for all your SaaS data.
arcserve.com
The unified data resilience platform

news
Sukru Ilker Birakoglu.
SUPPORT-LINE AIMS TO WARD OFF ATTACKERS
With almost a third of UK businesses reporting a cyber
breach or attack in the past 12 months, a cyber and
data security support-line has been launched.
The 'My Cyber Clinic' support-line - from consultancy
CSS Assure - is described as a "low-cost and
comprehensive solution, which provides businesses with
a highly experienced taskforce of cyber and data security
experts on speed dial to safeguard them from threats
and breaches".
Charlotte Riley, director of information security at
technology at CSS Assure, comments: "Too often,
Charlotte Riley.
businesses are put off from protecting themselves from
a cyber-attack or data breach due to the associated costs and not knowing where to
start. However, with virtually everything connected to the internet in today's digital
world, the need to protect valuable data is more important than ever."
IF YOU'RE FEELING VULNERABLE…
SAP patch monitoring and configuration
automated to boost protection
A new offering from Logpoint - the
Vulnerability Monitoring Analyzer - is
focused on enabling organisations to
automate the assessment of SAP patches
and ease how these are prioritised.
"As SAP patching is carried out manually,
automating the patch review process will
bolster the protection of SAP systems and
help safeguard against cybercriminals
looking to exploit systems lacking critical
security updates," states the company.
Comments Sükrü Ilker Birakoglu, who
is senior director at Logpoint: "With the
Vulnerability Monitoring Analyzer, we
aim to help SAP basis managers and
administrators and SAP security
consultants enhance efficiency, amplify
the security posture and improve
the uptime of their most valuable
applications by automating SAP patch
monitoring and configuration."
And he adds: "We provide actionable
insights to help customers work
effectively on remediating the most
critical issues faster."
PLATFORM TARGETS BOOST TO CYBER RESILIENCE
Commvault Cloud, powered by Metallic AI, takes on the
attackers
The new Commvault Cloudplatform, claims the company,
can "radically improve cyber resilience in an era of non-stop
ransomware and malicious cyberattacks".
Commvault Cloud has been designed specifically, it states,
in order to enable users to predict threats faster, ensure
clean recoveries and accelerate threat response times.
Comments Sanjay Mirchandani, president and CEO,
Commvault: "Achieving enterprise-grade cyber resilience
is more than building taller walls or deeper moats. It Sanjay Mirchandani.
requires a new approach that looks holistically across the
entire landscape, from best-in-class data protection and security to AI-powered data
intelligence and lightning-fast recovery."
SOLUTION AIMS TO SAFEGUARD STUDENTS FROM HARMFUL CONTENT
J
amf Safe Internet, said to be a comprehensive content filtering and web security
solution optimised for education, is now available on Chromebook.
"Jamf Safe Internet is designed to help schools protect students from harmful
content on the internet, inappropriate websites and phishing attacks," says Jamf,
"while also allowing admins to enforce acceptable-use policies in a seamless way."
Adds Suraj Mohandas, vice president of strategy, Jamf: "With technology now firmly
embedded in the student experience, there is a growing need for digital safety
across all devices to eliminate cyberattacks and prevent students from accessing
unsafe content."
8
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

Simplify work,
protect devices
and data
with Jamf’s award-winning solution
Trusted Access is Jamf’s vision for
a zero trust experience that users
love and organisations trust. Only
authorised users, on enrolled devices
that are secure and compliant,
can access sensitive data.
Visiting Black Hat Europe
on 6–7 December?
Join us at stand 513.
www.jamf.com
REQUEST
Y O U R
F R E E
TRIAL
TODAY

2024 predictions
THROUGH THE ‘LURKING’ GLASS
HOW MIGHT THE 'DARKER FORCES' OF CYBER SECURITY IMPACT THE INDUSTRY IN 2024?
HERE, SEVERAL OBSERVERS OFFER THEIR THOUGHTS ON WHAT MIGHT BE LURKING UP AHEAD
It's the question that so many in the cyber
security industry have all been asking
themselves of late, even when escaping the
office, home or away, for a welcome festive
break: what can we expect in the year ahead?
Lots of positives to underpin a thriving
business, hopefully, but also recognition that
the darker forces that threaten organisations
at large will not be going away. What do
some of those 'in the field' make of it all?
Yvonne Bernard, CTO, Hornetsecurity:
It's no secret that generative artificial
intelligence (gen AI) has quickly become
a force to be reckoned with. Since the public
release of ChatGPT in November 2022 and its
following viral popularity, gen AI has turned
the cybersecurity industry on its head, with
OpenAI's ChatGPT registering more than
180 million unique visitors as of August 2023,
according to Reuters.
In 2024, cybercriminals can be expected
to continue developing their understanding
of dark web variants of ChatGPT - such as
DarkBERT and WormGPT - to automate
additional portions of a cyberattack chain
(also known as a cyber kill chain). If successful
in their endeavours, it will likely mean that
cybercriminals will have the ability to speed
up the rate of their attacks even further.
These AI tools allow even inexperienced
cybercriminals to not only launch attacks, but
also learn how to facilitate attacks. As such,
it has driven an increase in cyberattacks
throughout 2023. Spear-phishing remains
the most popular type of attack and, with
the popularity of gen AI, it is likely not only
to remain popular, but notably increase,
given that spear-phishing attack chains can
be completely automated and thus
significantly simplified, due to
personalised spear-phishing methods. With
gen AI, users now only need a few pieces of
information, such as an email address or place
of employment, to initiate spear-phishing
attacks.
On top of all that, with the advent of new
technology also comes new opportunities for
criminal activity from bad actors - consider the
potential for a cyberattack against a gen
AI service. The goal of an attack of this kind
likely would be to poison the gen AI tool's
responses to spread misinformation. So,
what are businesses to do? AI seems like a
challenging opponent to best, but companies
that have stringent training and tools in place
among their employees are well set up to
defend against even the most sophisticated
AI-aided cyberattacks.
The latest security tools are already using AI
for good, to help detect attacks. Additionally,
the risks of account hijacking can be reduced
with the use of innovative two-factor identification
(2FA) methods, such as FIDO2 (Fast
IDentity Online).
Effective cybersecurity also comes down to
people. It is imperative to implement a 'human
firewall', whereby employees are trained to
recognise potential cyberattacks. This includes
establishing the 'mindset-skillset-toolset' triad:
Mindset: raise employee awareness of
growing cyber threats
Skillset: implement awareness training
from classic learning forms with simulations
Toolset: include tools to support employee
security behaviour, such as password managers
to protect against log-in data theft.
Companies that remain vigilant and up to
date on these gen AI and other emerging
technological developments, and adjust their
security accordingly, will be best equipped
for cyber safety in 2024 and beyond.
Usman Choudhary, chief product and
technology officer at VIPRE Security Group
Generative AI will drive self-service security
and help to alleviate the cyber talent shortage.
Historically, security has been considered a
highly specialised and technical profession.
As a result, security teams in enterprises have
borne the burden of keeping the organisation
safe, alongside attempts to encourage involvement
from technology users and staff to also
take ownership by staying vigilant to help
thwart phishing attacks and other scams.
Generative AI will change this in 2024,
initiating a drive towards self-service cybersecurity.
This technology will commoditise and
democratise security by providing Natural
Language Processing-based tools to
enable employees to identify fraudulent
10
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

2024 predictions
activity independently and accurately, to
effectively escalate to infosecurity teams as
appropriate. Likewise, infosecurity teams
will have at their disposal capabilities that
automate time- and resource-intensive
processes across the cybersecurity spectrum.
All this combined will make a marked stride
in helping to alleviate the global cyber talent
shortage.
Investment in security will see an upsurge to
reflect generative AI. As much as AI is a tool
that will help to make strides in strengthening
cybersecurity defences, it is also a technique
that is being widely deployed by threat actors
to breach those safeguards with success.
Following a period of relatively stationary
budgets, enterprises will increase spending
in security, investing especially in generative
AI-based products, services and cybersecurity
skills.
Aaron Kiemele, CISO at Jamf
In 2024, cybersecurity teams will need to be
extra vigilant about nation state threats. Major
elections taking place across the world, as well
as the continued conflict in Ukraine and Israel,
will drive increased cyberattacks from statesponsored
groups. Advanced persistent threat
(APT) groups linked to foreign governments
will expand their targets beyond large organisations
in critical infrastructure or sensitive
industries. Smaller businesses in the supply
chain or partner ecosystem will increasingly
be attacked as vectors to the true targets.
Collaboration, management and cloud tools
used by smaller suppliers will be attractive
targets for nation state actors. These tools
hold sensitive data and access that could
provide an easy pathway for lateral movement
towards a larger primary target. Organisations
of all sizes will need to ensure they are not
the weak link that allows adversaries access
to their partners and customers. Cybersecurity
teams should expand their protection, detection
and response capabilities, with nation
state campaigns in mind. Partnering closely
with governments and information-sharing
organisations will also be key to identify and
defend against threats early.
Ultimately, the APT landscape in 2024 will be
highly complex. But with robust preparation
and cooperation, organisations can develop
appropriate resilience against even significant
nation state capabilities.
Simon Hodgkinson, former BP CISO
and strategic adviser to Semperis
Businesses are finally starting to understand
that cyber isn't a topic for the IT department,
but an enterprise risk. Earlier this year, Uber's
former chief security officer was sentenced for
his role in covering up a data breach. Such
headlines drive home an important message:
Organisations are waking up to the fact that
security and operational resilience need to
be owned by the boardroom. Incoming
regulations such as NIS2, as well as the
general rise in cyber awareness, reinforce
this. Operational technology is one area
that's particularly difficult to protect and
organisations will need to put mitigating
controls in place to counter the risks.
Guido Grillenmeier, principal technologist,
Semperis
Attackers are still exploiting basic vulnerabilities
- with the help of AI. The core weak
spots used by attackers haven't changed
over the years and are still being exploited
successfully. Take Active Directory as an
example, Microsoft's core identity service,
which is used by hackers to gain user
privileges and penetrate deeper into their
victim's network. Attackers' initial entry
methods are evolving, though, with Artificial
Intelligence allowing cybercriminals to create
ever more sophisticated and convincing
phishing campaigns that play tricks with
users' emotions. Even users with a high level
of security awareness can now get caught out
by such incredibly well-engineered phishing
attempts. The release of Windows Server
2025 towards the end of 2024 recognises
the need to reinforce identity security, with
the introduction of some additional security
Yvonne Bernard, Hornetsecurity: with the
advent of new technology also comes
new opportunities for criminal activity
from bad actors.
Usman Choudhary, VIPRE: generative AI will
drive self-service security and help to alleviate
the cyber talent shortage.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
11

2024 predictions
Aaron Kiemele, Jamf: smaller businesses
in the supply chain or partner ecosystem
will increasingly be attacked as vectors to
the true targets.
Simon Hodgkinson, Semperis: Businesses
are finally starting to understand that cyber
is an enterprise risk.
features in Active Directory. It is good to see
that there is a bigger focus placed on identity
protection.
Zscaler
AI and machine learning (ML) will resurface
the data privacy debate. We are starting
to see customers asking about how best to
protect their own data when working with
third-party providers. There is a growing
concern that, as cloud providers and other
vendors have access to an organisation's
data, they are more likely to become a
target of bad actors to acquire a company's
data using AI and ML solutions.
Additionally, there is also a legislation
discussion to be had, as GDPR currently
puts AI models in jeopardy. As models are
trained on datasets, organisations need
a stable and consistent set of data, in
order to be as accurate as possible. GDPR
currently says that companies should only
keep data for as long as it is necessary
to process it, which could have serious
implications for AI models moving forward.
In 2024, we expect companies to revisit
their data privacy statutes and strive to
enforce more bespoke data loss prevention
(DLP) tools to secure their datasets and
ensure data privacy is at the top of the
cybersecurity agenda.
Organisations will need to learn to hide
their attack surface at a data level. The
influx of generative AI, such as ChatGPT,
has forced businesses to realise that, if their
data is available on the internet, then it
can be used by generative AI and therefore
competitors, no matter if it is an owned IP
or not. So, if organisations want to avoid
their IP getting utilised by AI tools, then
they will need to ensure their attack surface
is now hidden on a data level, rather than
just at an application level. Based on this
trend, we predict we will see initiatives
to classify data into risk categories and
implement security measurements
accordingly to prevent leakage of IP.
Amit Sinha, CEO, DigiCert
AI may be a coup for defenders, but in 2024
attackers are going to use it to develop new
tactics and launch ever-more sophisticated
attacks. At the most basic level, they'll be
able to use generative AIs like ChatGPT or
malicious versions like FraudGPT to educate
themselves on how to plan and perpetrate
cyberattacks, with little pre-existing technical
knowledge or coding experience. Even fledgling
attackers will be able to use AI capabilities
to scrape key information about potential
victims, harvesting crucial data from
around the internet to enable social engineering
attacks and perpetrate identity fraud.
Generative AIs will be increasingly used to
create sophisticated malware that can avoid
detection by using advanced techniques like
Steganography. Indeed, examples of this
have already emerged. These 'intelligent'
malware strains will be harder to anticipate
and many legacy detection systems will
struggle to keep up against these new
threats.
Just as AI technologies will grant the ability
to create websites quickly, it will allow attackers
to create fake websites, watering holes
and phishing websites like never before -
because of AI's ability to write, build and
render a page as fast as a search result can
be delivered.
Generative AIs are also capable of impersonating
others by learning their writing style
and tone of voice. This sets the stage for
advanced phishing attacks that can better
impersonate a victim's colleagues, friends or
family than a real human can. This will give
spear-phishing and highly targeted phishing
attacks a much greater degree of authenticity,
especially because they'll emanate from
trusted accounts that the intended victim
supposedly knows well. Better and more
realistic Deepfakes will also emerge, which
will fuel social engineering and
12
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

2024 predictions
disinformation campaigns. The threat of AIempowered
cyber-attacks are understood by
many. A 2023 survey showed that 81% of
respondents were concerned about the
potential risks associated with the rise of
generative AIs like ChatGPT, while only 7%
were optimistic that AI tools could enhance
internet safety. In 2024, those concerns may
be vindicated.
Brian Martin, director of product
management, Integrity360
In 2024, we foresee the evolution of threat
exposure management taking hold as a
concept in the market. With many prevalent
and upcoming technologies centred on CTEM
[Continuous Threat Exposure Management]
at present, it suggests that it's going to start
becoming mainstream next year.
CTEM will enable organisations to be more
proactive about identifying and assessing key
problem areas in the attack surface that has
grown substantially in the last couple of years.
However, this will extend beyond simply
identifying and addressing vulnerabilities,
enabling organisations to alter their posture,
looking at users, security controls and other
key pieces of the puzzle needed to change
to ensure best practices are embraced. A more
widespread embrace of CTEM is also likely to
accelerate the convergence of key security
tools.
When we talk about threat exposure
management, there's a few different pillars,
products and capabilities, including: external
attack surface management, cyber asset
management, attack path management,
digital risk protection, vulnerability assessment
and management, and continuous testing.
Currently, these are all separate products -
that's likely to change in the year ahead.
Consolidation is going to be a theme for
2024, as previously standalone products
continue to become features of broader
overarching solutions, such as CTEM
programmes.
Jamal Elmellas, chief operating officer
at Focus-on-Security
Skills shortages will begin to be felt, due to
them being cumulative. There is an annual
shortfall of 11,200 cybersecurity employees,
according to UK Government research, and
this is cumulative, which means year-on-year
the shortage is intensifying.
Moreover, an increase in demand for cyber
roles of 30% and growth in employment
of 10% over the course of 2022 indicates
demand is also on the up. In 2024, the
shortages of skilled cybersecurity employees
will start to bite and businesses will no
longer be able to keep doing what they have
been doing and recruit from the same small
pool of talent. Recruitment strategies will
have to become more creative in a bid to
identify raw talent, if security teams don't
want to be left short staffed.
Emergence of more low cost or free
training schemes to boost intake. Industry
bodies have already taken proactive action,
with the likes of (ISC)2 offering a million free
entry level certification courses and exams,
while in the US a number of universities have
launched free online courses. Advances in
the provision of courses online mean this is
now a viable low-cost alternative. So, next
year we can expect to see more subsidised or
free training, in a bid to attract more people
into the sector or to upskill professionals to
fill those roles that are in high demand.
A brain drain as more senior execs leave the
field, due to stress and burnout. Stress levels
continue to be high, with incidents and alert
levels on the rise, which means we are on
track to realise Gartner's prediction of 50%
of cybersecurity leaders changing jobs and
25% leaving by 2025. Thus far that exodus
has been tempered by the cost-of-living
crisis, but, as inflation stabilises and confidence
returns, there will be an exodus at the
top. Given the years of experience needed to
fill these roles, this could seriously destabilise
security teams and stall security projects.
Guido Grillenmeier, Semperis: good to
see that there is a bigger focus placed
on identity protection.
Amit Sinha, DigiCert: AI technologies will
allow attackers to create fake websites,
watering holes and phishing websites
like never before.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
13

training
SAFEGUARDING HR IN THE AGE OF INCESSANT THREAT
ROBERT O'BRIEN OF METACOMPLIANCE HIGHLIGHTS HOW DEPARTMENTAL CYBER SECURITY
TRAINING CAN HELP PROTECT AGAINST THE RELENTLESS CYBER THREATS FACED BY HR TEAMS
MetaCompliance chief evangelist Robert
O'Brien: AI-related cybercrime has led to
a surge in targeted attacks, with the
human resources department of
particular focus.
Imagine that you had the opportunity
to hire a talent management professional
whose qualifications were
unparalleled, suggests Robert O'Brien,
chief evangelist, MetaCompliance. "They
possess not only an in-depth understanding
of HR systems, people management
processes and recruitment strategies, but
also an extensive knowledge of sociology,
behavioural economics and a myriad
of other skills. Enter the era of AI, the
epitome of this visionary professional."
Whether you embrace it or resist it,
AI is an indomitable force that is here to
stay, he points out, with its impact set to
dwarf the transformative influence of the
internet in the workplace. "The world of
tomorrow, shaped by AI, will make our
current interactions with technology
seem as rudimentary as child's play."
Most organisations are currently
grappling with the challenges posed
by employees incorporating AI, such as
chatbots and GPTs, into their daily work
routines, O'Brien continues. "These challenges
encompass a wide array of issues,
with two critical concerns rising to the
surface: PR vulnerability and the fallibility
of AI responses, which are at the forefront
of the problems organisations must
navigate as they embrace AI adoption.
"On the flip side, cybercriminals exhibit
no hesitation in embracing AI and are
eagerly leveraging this technology to
amplify their assaults on organisations,
motivated by both mischief and financial
gain." For specific departments in the
organisation, this enthusiasm for AIrelated
cybercrime has led to a surge in
targeted attacks,
with the human resources
department of particular focus.
Cybercriminals are harnessing the
wealth of knowledge provided by AI to
impersonate HR personnel, their trusted
suppliers and other high-ranking executive
functions. This deception enables
them to infiltrate confidential data
stores and exploit the authority of the
HR department, often manipulating
privileged interactions within the
organisation for their deceitful ends."
SURGE IN ATTACKS ON HR
Traditionally, cyber threats involved
remote hackers employing social
engineering techniques or leveraging
vulnerabilities in outdated software
systems," states O'Brien. "While these
methods are still prevalent, the advent
of AI technology has opened a Pandora's
box of possibilities for cybercriminals.
This evolution is driven by the increased
sophistication of AI, allowing it to
automate and enhance the effectiveness
of various cyberattack vectors.
"The potential consequences of AIdriven
attacks are nothing short of
alarming. We're no longer dealing solely
14
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

training
LEFT: The increased sophistication of AI
has allowed it to enhance the effectiveness
of cyberattack vectors.
with
stolen
passwords
or isolated cyber
incidents. Instead, we face a
multi-faceted threat landscape that can
have devastating repercussions for organisations
and individuals alike. Among
these consequences, three aspects loom
large: data breaches, reputational
damage and legal implications. Each
poses a unique set of challenges for HR
teams and the organisations they serve."
He adds: "In a survey conducted in
August 2023, involving 205 IT security
decision-makers, undertaken by a
prominent pan-European cyber security
organisation, it became evident that
mounting concerns surround the use of
AI, with deepfakes taking centre stage.
A staggering 68% of the respondents
expressed apprehension regarding cybercriminals
exploiting deepfake technology
to breach their organisations, skilfully
circumventing people's natural
defences."
HACKERS AND THE DARK WEB
And he cautions: "Hackers now have their
own AI arsenal and it goes by the name
of WormGPT. Drawing from a vast corpus
of human-generated text, WormGPT
crafts content that is remarkably
convincing, enabling it to masquerade as
a trusted figure within a business email
system. Unbelievably, hackers can gain
access to WormGPT by subscribing
through the dark web, granting them
entry to a web interface where they can
input prompts and receive responses that
closely mimic human communication.
"Primarily designed for phishing emails
and business email compromise attacks,
tests conducted by researchers uncovered
that this chatbot possesses the ability
to draft a persuasive email, seemingly
from a company's top executive, coercing
an employee to pay a fraudulent invoice,
for example."
Confronted with these ever-evolving
threats, the question, he says, is this:
what can HR leadership do to shield their
teams from such threats?
"First and foremost," he points out,
"it's crucial to acknowledge that HR
departments stand as prime targets
for cybercriminals. These departments
manage personal data and hold confidential
information that is immensely
valuable to malicious actors. Moreover,
other parts of the organisation often
take their cues from HR, making it a
tempting gateway for cybercriminals
to exploit their access to the broader
network."
The first step in fortifying your HR team
against these threats is to initiate a
dialogue with HR team members, he
says. "Educate them on how they are
being specifically targeted and empower
them with the knowledge needed to
thwart these scams. It's vital that this
training is tailored to your organisation,
taking into account the unique roles
and responsibilities of your employees.
"Ideally, this training should be
tailored to the HR department, highlighting
the unique threats to the HR
team and what they can do to avoid
them."
VITAL TRAINING COMPONENT
To make this training even more
impactful, it should be delivered in the
trainee's native language. "By doing so,
you reduce resistance and enhance
engagement, making it a vital component
of their cyber security awareness.
Ultimately, this personalised approach
to security awareness is your best
defence in safeguarding your HR
department from the relentless tide of
AI-driven cyber-attacks," he concludes.
MetaCompliance's new departmental
cyber security training series is designed
to address 12 common cyber threats
and specifically tailored to eight
departments, including marketing,
sales, finance, procurement, human
resources, privileged users, legal and
executive teams.
To learn more about the series, visit:
https://www.metacompliance.com/depa
rtmental-series
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
15

cybersecurity
THE TOP-LEVEL FIBRE BEHIND CYBER
VIPRE SECURITY OFFERS ITS KEY POINTS FOR GETTING EXECUTIVE SUPPORT
FOR CYBERSECURITY: A STRATEGIC IMPERATIVE FOR MODERN BUSINESSES
In today's fast-paced digital landscape,
cybersecurity has shifted from being
merely an IT concern to a critical business
imperative, says VIPRE Security. "While
executives are increasingly aware of its
importance, many chief information security
officers (CISOs) struggle to secure the necessary
support and understanding for a
robust defence strategy." The solution to
this challenge lies in effective communication,
states the company.
THE NEED TO TELL A COMPELLING
CYBERSECURITY STORY
Steve Jobs once emphasised the power of
storytelling, asserting that storytellers shape
the vision of generations. "CISOs must
embrace this wisdom, crafting a narrative
that resonates with executives who may lack
technical expertise," argues VIPRE Security.
"Instead of drowning them in jargon, CISOs
should articulate how cybersecurity aligns
with the organisation's overarching goals.
By elucidating potential threats and the
adversaries seeking to harm the company,
a realistic picture of the current threat
landscape emerges, facilitating a deeper
understanding among executives."
FOCUSING ON EXISTENTIAL RISKS
AND REALISM IS ESSENTIAL
"Rather than attempting to address all
possible risks, CISOs should concentrate
on existential threats - those that could
potentially jeopardise the company's
existence. Taking a data-driven approach,
CISOs can develop a pragmatic cybersecurity
strategy tailored to these high-priority
risks. This focused approach ensures that
resources are allocated efficiently, maximising
the effectiveness of the security
programme."
CYBERSECURITY CARES:
FRAMEWORK FOR SUCCESS
"The CARE framework - Consistent,
Adequate, Reasonable and Effective -
provides a robust foundation for cybersecurity
efforts," says VIPRE Security.
"By demonstrating that proposed controls
adhere to these principles, CISOs can assure
executives that the cybersecurity programme
is not only aligned with business objectives,
but also regulatory requirements. This alignment
not only safeguards the organisation,
but also enhances its ability to achieve
strategic goals without the hindrance of
disruptive breaches or compliance fines."
ROLE OF VIPRE SECURITY GROUP
IN ENSURING CYBERSECURITY
Implementing a layered cybersecurity
approach is paramount in the current threat
landscape. "VIPRE Security Group offers
solutions that go beyond mere technology,
acknowledging the significance of the
human element," it comments. "Their
SafeSend tool, when integrated with other
VIPRE solutions, forms a comprehensive
defence against cyber threats.
"SafeSend not only enhances security and
compliance, but also boosts employee
productivity. By preventing accidental
data leakage and ensuring the accuracy
of outgoing communications, SafeSend
mitigates risks associated with sensitive
information mishandling. Through this tool,
executives can feel secure in the knowledge
that their communications are safeguarded,
bolstering their confidence in the organisation's
cybersecurity posture."
In conclusion, advises the company, the
path to securing executive support for cybersecurity
lies in effective communication, a
focus on existential risks and the implementation
of frameworks like CARE. "By adopting
these strategies and leveraging advanced
solutions like SafeSend from VIPRE Security
Group, businesses can navigate the digital
landscape with confidence, ensuring not
only their security, but also their continued
success in an increasingly complex world.
"Don't leave your organisation's fate to
chance - invest in cybersecurity measures
that empower your business to thrive
securely in the digital age."
16
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

REGISTER
FOR YOUR
FREE TICKET
WWW.CLOUDSECURITYEXPO.COM/BTC

artificial intelligence
AI - WHERE NEXT?
WITH EVER MORE ALARMING NEWS EMERGING ABOUT THE PERILS OF AI, HOW MIGHT THE TECHNOLOGY
ADVANCE AND MUTATE FROM HERE - AND WHAT WILL THAT MEAN FOR THE SECURITY INDUSTRY?
As AI technologies become ever more
sophisticated, the security risks
associated with their use and the
potential for misuse will increase
correspondingly. "Hackers and malicious
actors can harness the power of AI to
develop more advanced cyberattacks,
bypass security measures and exploit
vulnerabilities in systems," warns global
media company Forbes. It's a dispiriting
picture. Does it suggest that AI may
gradually spiral out of control, to the
point where it dictates, rather than
follows? And what might that dystopian
vision mean not just for our industry,
but for humanity as a whole?
However, as David Mahdi, CIO, Transmit
Security, points out, technology is
essentially "morally neutral" and can be
used for good or ill. Just as AI and Large
Language Models (LLMs) can be used for
positive purposes, they can similarly be
used with malicious intent. "It was not
even one year after the release of ChatGPT
that bad actors developed generative AIenabled
tools, such as FraudGPT and
EvilGPT," he points out. "Back in February
2023, we predicted that by 2024 attackers
would have a Generative AI service that
would include: reconnaissance information
on specific companies, malicious code,
software vulnerabilities, zero day vulnerabilities,
compromised identities, credit
cards, loyalty programme accounts,
customer and employee personally identifiable
information to help with social
engineering attacks and more. We were
right, if a few months off."
The sheer scale and velocity of attacks will
require organisations to start employing a
holistic AI-based approach, in order to
fight these new threats, Mahdi warns.
"They need to go from relying on toughto-scale
detection to overall automated
defence strategies which empower teams -
whatever size or level - to leverage AI/ML
tools that enhance real-time detection, as
well as offline analysis, case management,
model improvement and proactive
protection."
ECOSYSTEMS WILL BE STREAMLINED
As the industry's focus shifts towards
operational agility and acceleration,
companies will look to streamline their
security ecosystems, limiting suppliers to
a finite number of reliable and effective
vendors, predicts Mike Spanbauer, field
CTO at Juniper Networks. "The complexity
of multi-system integrations will give way
to vendors who can integrate efficiently
and provide technology that just works.
These vendors will be relied on to deploy
secure IT systems, underpinned by artificial
intelligence and machine learning [ML] that
ensure fully optimised user experiences.
This will be especially important as the
quantifiable benefits from the use of AI
related to analytics and operational
playbooks develop further. These benefits
will help bridge some of the heavy lifting
that Security Operations Center (SOC)
analysts do today. The technology will also
benefit how response and mitigation
capabilities translate into operational ones."
At the same time, AI will continue to
prove dangerous in the hands of threat
actors, accelerating their ability to write
and deliver effective threats. "Organisations
will need to adapt how they approach
defence measures and leverage new,
proven methods to detect and block
threats. We will see the rise of nearly realtime
measures that can identify a potentially
malicious file or variant of a known
threat at line rate." We can also expect
organisations to make larger investments
in Zero Trust network security strategies,"
Spanbauer continues.
ACCELERATED THINKING
One potential benefit to society that AI
offers, states David Trossell, CEO and CTO
of Bridgeworks, is the use of AI and ML in
WAN Acceleration. Why is that? "Well, with
increasing reliance on digital technologies,
latency and packet loss could have their
own field day by slowing down Wide Area
Networks, such as the internet. When
WANs are slow, hackers can intercept data
that's often unencrypted in flight. A slow
WAN can also extend the time it takes to
back up and restore sensitive data that is
required to maintain an organisation's
service continuity.
"WAN Optimisation doesn't live up to its
promise. Data is sent unencrypted and is
then re-encrypted at either end of the pipe.
WAN Optimisation often doesn't live up to
its data and network acceleration promise.
AI is being used with SD-WANs and it's a
great technology, but it, too, needs a boost
with WAN Acceleration to increase the
speed of encrypted data transfers.
"Organisations must consider how they
protect their data, and how they can
increase their bandwidth utilisation by
mitigating the effects of latency and packet
loss to improve their ability to maintain
service continuity and to prevent cyberattacks.
WAN Acceleration can be an
18
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

artificial intelligence
effective tool in the armoury of the security
industry; they need to deploy AI over WANs
to stop cybercriminals in their tracks. It
can ensure that regulatory compliance is
achieved and maintained."
SCALING NEW CYBERCRIME LEVELS
The UK government, for its part, has
warned that AI is likely to increase the
risk of cyberattacks by 2025 by allowing
cybercriminals to orchestrate more
effective and large-scale attacks at a faster
rate, points out Charl van der Walt,
head of security research at Orange
Cyberdefense. "Cybercriminal activity
has risen dramatically this year, which
correlates with the explosion of ChatGPT
and LLMs onto our collective consciousness.
In fact, our data shows that the
number of ransomware attacks that took
place between January-September has
increased by over three quarters YoY.
While correlation isn't causation, there’s no
doubt that AI is allowing cybercriminals to
scale at a rate we have never seen before."
A key trend he identifies is that LLMs
and machine translation are forcing an
increased 'internationalisation' of cyber
extortion as a crime - allowing actors from
different language groups to target and
extort victims in English-speaking countries,
and allowing victims in countries that don't
use 'common' languages to be extorted
more readily. "Think of places like China
and Japan where language may have
historically presented a barrier to criminals."
The UK Government's focus on AI and its
impact on cybercrime is therefore applaudable
and, while we await regulation, he
concludes, "it's vital that businesses are
aware of its impact on the cybersecurity
landscape and take every step possible to
defend against it".
"
DEEP CONCERNS
More than half (53%) of global IT decision
makers are concerned about ChatGPT's
ability to help hackers craft more believable
and legitimate sounding phishing emails,
says Gareth Lockwood, VP of product,
Censornet. It's also much easier to create
convincing deepfakes in manipulated
videos and images. "Now, more than ever,
bad actors can easily manipulate the
power of AI to automate and advance
attacks. Generative AI is helping hackers
create highly persuasive content for
phishing or business email compromise
(BEC) attacks.
"The pressing question that all cybersecurity
teams need to ask, he feels, is how
to adapt to these changes. "This comes at
a time when security leaders are feeling
overwhelmed. 35% of UK SMEs have two
or fewer people in their cybersecurity team.
And with this comes huge risk. One in five
cybersecurity professionals are losing sleep
over concerns - up from 9% on 2022,
contributing to lack of concentration and
inability to focus. Staffing shortfalls, coupled
with the relentless pace and complexity
of threats, places immense pressure on
existing teams."
Intelligent automation and integration
are the keys to regaining control. "In the
future, the evolution of AI in cybersecurity
is expected to focus on predictive analytics
and proactive threat mitigation. By harnessing
the power of machine learning and
data analysis, AI systems can anticipate
potential vulnerabilities and threats before
they materialise, allowing organisations to
adopt a more pre-emptive security
posture."
HUMAN-AUTOMATION BALANCE
AI is set to proliferate every aspect of the
working environment, as organisations
automate tasks and become more cost
effective and efficient. To remain competitive,
says Michelle Moody, managing
director, Technology Consulting at Protiviti,
"they will embark on the AI journey that
will include a variety of use cases from
supply chain optimisation, predictive/
Charl van der Walt, Orange Cyberdefense:
AI is allowing cybercriminals to scale at
a rate we have never seen before.
Mike Spanbauer, Juniper Networks: expect
organisations to make larger investments in
Zero Trust network security strategies.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
19

artificial intelligence
Gareth Lockwood, Censornet: intelligent
automation and integration are the keys
to regaining control.
David Mahdi, Transmit Security: the sheer
scale and velocity of attacks will require
organisations to start employing a holistic
AI-based approach.
prescriptive maintenance, customer
experience or organisational insights,
to name a few".
From a people perspective, organisations
will need a well-skilled workforce that
adapts to new/different job roles and
constant upskilling, she adds. "Processes
will be automated where possible with
use of AI, However, this will need to be
balanced with the human touch, as
well as privacy and ethical uses of data.
Technology will evolve rapidly, requiring
constant upskilling across the organisation.
There will be an increased demand for
security skills to keep data safe and
specialist resources to ensure compliance
as the regulatory environment changes.
New roles will be created around AI
and data specialist, for example, and
the demand for the right skills will outstrip
the market. It will be vital for organisations
to put a learning and development
programme in place to upskill/reskill the
workforce and instil critical-thinking skills
across all areas of the organisation and at
all levels."
Meanwhile, the regulatory environment
for AI is evolving worldwide and will
continue to do so as the global market
adopts the technology. "Regulation is good
and will provide the guardrails needed for
organisations to innovate and create public
trust by holding industries to account for
being ethical, unbiased, and fair, whilst
honouring data protection and privacy
obligations," states Moody.
DATA BIAS
Among the potential threats of AI usage
is data bias, points out John Farley, managing
director, Cyber Practice, Gallagher, in
which inaccurate or incomplete information
in AI systems can lead organisations
to make unfair or discriminatory assumptions.
"Another risk is the potential for
malicious actors to launch misinformation
campaigns through AI tools. Organisations
should also pay attention to privacy liability
risks - laws related to collecting, storing
and sharing personally identifiable
information could apply to AI usage.
"In addition, if intellectual property
becomes part of AI learning models and
ultimately their generated outputs,
organisations may expose themselves to
copyright, trademark and patent
infringement litigation. And although
regulation of AI usage is in its early stages,
expect increased regulatory scrutiny from a
variety of global regimes. Compliance
requirements may extend to those
contributing to AI development and to
those using it to provide goods and
services."
Given these risks, he advises, any organisation
embracing generative AI tools should
consider implementing a formal risk management
plan for AI usage. "Coordination is
essential across a variety of organisational
stakeholder groups, such as legal, compliance,
human resources, IT and communications.
When conducting a risk assessment,
an organisation should create
an inventory of its existing AI tools and
systems, and determine whether they have
dependencies that may heighten risk. An
organisation should be aware of the exact
data its AI tools can use and whether their
usage could lead to potentially harmful
outcomes. A risk assessment should also
address an organisation's governance
programmes toward AI usage, including
documented policies and procedures. In
addition, organisations should be familiar
with contractual liability risks, if agreements
with third parties provide AI system usage."
And of course, adds Gallagher, "an organisation's
risk management framework for
AI should address the emerging regulatory
landscape and corresponding compliance
requirements".
For more insights and views on AI,
see page 31.
20
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

zero trust
NO COMPROMISE ON TRUST
MACMON SECURE IS ADAMANT THAT NO DEVICE, NOR USER, SHOULD
BE TRUSTED UNTIL SECURE AUTHENTICATION HAS TAKEN PLACE
External network access to company
resources is the new normal these days,
says macmon secure. "Devices access
cloud services, email applications and other
potentially confidential company resources
from anywhere and at any time. Separating
cybersecurity efforts by technology is no
longer a sustainable approach. Companies
need to develop new integrated strategies
that combine IT, OT and IoT security efforts
and maximise the use of all the company's
cybersecurity resources. Developing a
comprehensive security strategy that
addresses the current and emerging risks of
digitalisation has never been more urgent."
ZERO TRUST NETWORK ACCESS
(ZTNA) - SECURITY CONCEPT FOR
IT AND OT NETWORKS
"The Zero Trust Network approach puts a stop
to the damage of the growing number of
cyberattacks and is based on the philosophy
that neither a device nor a user should be
trusted until secure authentication has taken
place," the company adds. "The focus of
ZTNA is on resources - and not on traditional
perimeter security at the interface between
a private or corporate network and a public
network such as the internet. The 'new
workers', or external service providers, access
tools and company data from anywhere,
using devices and apps. With ZTNA, it is
possible to guarantee data security in the
long term and meet modern network security
requirements."
OVERVIEW & CONTROL
IMPROVE SECURITY
ZTNA offers several advantages for
companies that want to improve their
network security. "ZTNA provides greater
flexibility and scalability for organisations
that need to adapt to changing
business requirements and digital
transformation. The concept of
ZTNA is based on restriction and
monitoring: Network Access Control
(NAC) solutions only allow defined
devices access to the network,
regardless of whether they are
iPads, laptops, medical or
technical devices. IT administrators
always know which
devices are logged into the local
network and can permanently
identify and monitor them
thanks to the complete
network overview. Any
device that has no
business in the network is denied access from
the outset.
"With the increasing networking of
production systems, which in some cases
extends into the office world, the complexity
and vulnerability of networks is increasing.
With ZTNA, unauthorized use of systems in
administration and production is therefore
virtually impossible."
A leading NAC solution should fulfil two
requirements, states macmon secure: a
complete overview of which devices are in
the IT and OT network, and where they are
located. "The type of device, such as clients,
printers, production systems, ATMs, medical
or technical devices, should not matter. This
means that only authorised resources can be
operated in the network. An efficient solution
should also offer a simple deployment and
maintenance, support of the industry
standard 802.1X and seamless integration
with a wide range of third-party security
solutions. This significantly increases IT and
OT network security."
Comments Christian Bücker, pictured left,
Global Product Line Software, macmon
secure: "Our solution is regularly rated very
positively in tests and has received several
awards from international trade journals.
Our clients come from public sector,
healthcare, financial services, science,
research, telecommunications, trade,
industry, transport or logistics. The acquisition
by Belden in 2022 puts us in a truly unique
position, as we combine IT expertise with OT
experience on many levels. We are part of
Belden's Industrial Automation Solution,
a global organisation headquartered in
the Stuttgart region that includes leading
network and connectivity brands."
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
21

phishing
PHISHING FOR THE ANSWERS
DOMAIN PHISHING SCAMS HAVE NOW REACHED LEVELS NEVER SEEN BEFORE.
CONSTANT VIGILANCE CAN ENSURE THAT THEY DON’T PROVE SUCCESSFUL
Businesses, consumers and individuals
all profit from advanced technology in
various aspects of their lives. However,
cybercriminals also reap the benefits of innovative
digital tools employing creative domain
name phishing methods, points out Brian
Lonergan, Identity Digital's vice president
of product strategy. "This underscores the
importance of domain names in cybersecurity
for any business - from international corporations
to local businesses. The good news is
that there are ample tips and measures to
ensure their safety," he states.
Security must be a key factor when buying
or upgrading a domain name, he adds,
and working with the right domain registrar
can make all the difference. Different
registrars and registries will offer varying
security measures, and it's important to
review everything they offer to make the
best decision for your organisation's specific
needs. "For instance, Identity Digital includes
Homographic Blocking for any Identity Digital
domain to enhance protection against
phishing attacks. In this type of phishing,
attackers use characters similar to legitimate
domain names, like replacing 'O' with '??'.
They may also manipulate domain names
using plurals or hyphens.
"Homographic blocking technology identifies
and blocks malicious domain name variants,
safeguarding the brand from compromise,"
comments Lonergan. "Additional practices
companies should be vigilant against are
domain name system [DNS] attacks, namely
cache poisoning.
"During a cache poisoning attack, a fraudster
sends malicious DNS responses to a DNS
server, which can contain false information,
associating a valid domain with a malicious IP
address, leaving victims vulnerable to spoofing
attacks. One way to help prevent this is by
working with a domain name registrar that
offers Domain Name System Security Extensions
[DNSSEC], which, when enabled, add
cryptographic security to DNS responses."
A quick and simple way to spot an attack, or
the possibility of one, is by paying attention
even to the tiniest variation in written communications,"
he adds. "Be it an email, a text
or a website's copy, all of that can indicate
something malicious afoot. Any deviation in
fonts, brand colour schemes or logos, website
designs and, of course, grammar and spelling
suggest that you might be looking at a poor
imitation. Cybercriminals perpetuating phishing
attacks do not put the same effort into maintaining
the high calibre of branding and visual
identity of the businesses they imitate."
Security of one's domain name should be part
of a business's overall security strategy, he says.
"Luckily, we have more helpful means at our
fingertips than ever before to stay ahead."
Domain phishing scams have now reached
unprecedented levels, says Steve Herbert, head
of service delivery, Nominet. "However, these
are not the phishing scams of old:
cybercriminals have evolved their tactics, now
meticulously crafting websites that mirror
legitimate domains with alarming precision,
making it increasingly challenging to
distinguish between the authentic and the
fraudulent."
TACTICS HAVE MOVED ON
In the three months prior to December 2023,
Nominet identified and blocked more than
450 fake shops using .UK domains, which
employed the same fake storefronts selling
popular high street brands. "The threat actors
got so desperate to reinstate these domains
that they attempted to impersonate Nominet
staff via LinkedIn," reveals Herbert. "These
efforts were unsuccessful, of course, which
is a great result for our staff and security
procedures."
22
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

phishing
Malicious actors who set up fake websites
are, of course, hoping to catch users off
guard. "The battle against domain phishing
scams demands unwavering vigilance," he
adds, "as most attacks prey on our busy
lifestyles, in the hope we won't notice things
are 'a little off', If something seems a little too
good to be true, or the website perhaps isn't
exactly how you remember it, it's always best
practice to double-check the domain URL or
the email address and language used in any
correspondence."
To be really sure, you can contact the
company independently to enquire about the
communication validity. Legitimate companies
will generally have a website accessible from
a search engine where anyone can find their
details. Taking a proactive approach will stand
you in good stead to pick up on anything
suspicious, says Herbert.
"We would recommend you visit the website
of the company that any questionable email
claims to be from to see if there are any
announce-ments about phishing attempts.
Having said that, just because there hasn't
been one before doesn't mean there won't
be a first!
"For businesses, implementing basic levels
of cyber hygiene, like technical measures of
threat identification and mitigation, is a good
first step, but unfortunately this often isn't
enough," he continues. "For peace of mind,
it's best practice to invest in a positive security
culture, regular security awareness training
and pen testing - these are simulated phishing
attacks that will help you determine the
effectiveness of staff awareness training.
Deficiencies in process or employee blind
spots can then be rectified."
STAY VIGILANT
Durali Cingit, incident response analyst
at Integrity360, states that the important
questions to ask when it comes to accessing
a website and establishing if it is legitimate
or a phishing one are: "How did I get here,
directly or indirectly? Did I click on a link from
an email? Did I use a search engine to get to
this website? Have I been redirected to this
website from a link?" These questions will help
to keep you safe.
"In order to distinguish the real from the
fake, there are a few details to look out for on
websites," he advises. "First, you want to check
the URL of the website; safe and secure websites
all begin with 'HTTPS://' and, depending
on the browser you use, you will see a green
padlock or the URL bar will be green as an
indicator that this website is secure.
However, threat actors have also adapted
and evolved into now making their websites
secure to fool users into thinking that the fake
website is legit, so it's not enough to rely on
this alone." Also, the 'About Us/Contact Us'
page should provide a contact form or an
email address, which can be a key indicator.
"These pages are normally populated with
different ways in which you can contact the
organisation, whereas a phishing website
may only contain one source of contact
information."
Finally, he suggests, you should ask yourself
the 'How did I get here?' question. "The main
tactic threat actors use to get users onto
a phishing website is either through email
or SMS message. Users should be alert and
cautious as to who sent the email. If they
were expecting an email form the sender, is
the email asking them to click on a link or an
attachment, which more often than not will
redirect the user to a phishing website.
"Same procedure with SMS text messages
where users fall prey to fake text messages -
eg, from the bank with a link that will ask the
user to log in, in order to steal their financial
login details."
He also advises organisations to sign up to
programmes that make it mandatory for all
employees to take part in being educated on
phishing and the signs to look out for.
Brian Lonergan, Identity Digital: we have
more helpful means at our fingertips
than ever before to stay ahead.
Steve Herbert, Nominet: in just three
months, his company identified and blocked
more than 450 fake shops using .UK
domains.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
23

ansomware
WE SHALL NOT BE MOVED!
SEVERAL COUNTRIES HAVE TAKEN A STAND AGAINST RANSOMWARE
ATTACKS BY AGREEING NOT TO MAKE PAYMENTS TO HACKERS
shoplifting. Ransomware is an epoch event
in information security: CISOs who have
promised to 'protect the business, if only
I have enough people and budget' are just
doing performance art," adds Gladwell.
The US government and dozens of its
international allies have pledged never
to pay ransom demands, in a bid to
discourage financially motivated hackers and
ransomware gangs profiteering from the
current onslaught of cyber-attacks.
The joint pledge is aimed at enhancing
international cooperation to combat the
growth of ransomware. It embraces 48
countries, as well as the European Union
and Interpol, making it the largest cyber
partnership in the world. (Anne Neuberger,
the White House's deputy national security
advisor for cyber and emerging technologies,
recently reported that another country has
joined the CRI since the meeting - bringing
the total number of countries to 49.)
The European Union and INTERPOL have
also signed the pledge, which stops short
of actually banning
companies from
making
ransom
payments, which the US government has for
long warned could inadvertently create opportunities
for further extortion by ransomware
gangs. However, Neuberger says that the
initiative will aim to "counter the illicit finance
that underpins the ransomware ecosystem".
Her argument is that ransom payments
not only fuel future attacks, but also don't
guarantee the safe return of stolen data - or
that all copies have been erased. Data provided
to the US government by ransomware
negotiators shows that companies with good
backups are able to recover "far more quickly"
than companies that pay a ransom. "Paying
a ransom not only encourages ongoing
ransomware attacks, it also is not necessarily
the fastest way to recover," she insists. "Do
those backups and do the basic cybersecurity
practices that we know make a difference."
RAD-ICAL THINKING
While the 'don't pay, won't pay' mantra serves
as a laudable goal for reducing the motivation
of attackers, organisations need to have
resilience to withstand attacks before they
are forced to take this position, states James
Blake, EMEA CISO at Cohesity. "Best-selling
author Malcom Gladwell nailed it in his
closing keynote at Mandiant's MWise
conference…when he talked about
'Radical Asymmetric Distribution' (RAD):
organisations are better off investing in the
ability to recover quickly and withstand
attacks than invest in the illusion that we
can stop all attacks."
CISOs have to start having adult conversations
with the business and stop suggesting
that "cyber risk is unlike any other risk. It needs
to be brought into the realm of every other
operational risk that is a cost of doing
business, such as pandemics, hurricanes and
"Only focusing on likelihood mitigations
when you're facing the inevitable is an act of
insanity - impact must be reduced and ideally
resilience achieved. We starve the adversary
of funds by organisations being able to
withstand attacks, not by legislation. That will
only criminalise the victims. Fundamentally
changing the perspective on the balance of
Protection/Detection to Response/Recovery is
where value will really be delivered. Legislation
like EU's DORA that promotes digital operational
resilience will deliver far better pragmatic
cyber risk management than simply locking
up executives."
BREACHED, BIT BY BIT
Satnam Narang, senior staff research engineer,
at Tenable, highlights how LockBit is breaching
some of the world's largest organisations -
many of whom have incredibly large security
budgets.
He also points to how threat researcher Kevin
Beaumont found that attackers have been
targeting a vulnerability in Citrix Netscaler,
called CitrixBleed, after tracking attacks against
various companies, including the Industrial
and Commercial Bank of China (ICBC), DP
World AU, Allen & Overy and Boeing.
Narang believes ransomware attacks are a
threat to civil society, as long as organisations
keep paying. Therefore, large-scale enterprises
need to be able to patch vulnerabilities like
CitrixBleed quickly. "Mass exploitation of CVE-
2023-4966, a critical sensitive information
disclosure vulnerability in Citrix's NetScaler
ADC and Gateway products, has been
ongoing since October 30 [2023]. Dubbed
'CitrixBleed' by researchers, at the time, there
were estimates of 30,000 internet-facing
assets that were vulnerable to this flaw.
Recent analysis suggests that the number has
24
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

ansomware
decreased to over 10,000 assets, with the
majority located in the United States," he says.
"With publicly available proof-of-concept
exploit code, a variety of threat actors have
been leveraging this flaw as part of their
attacks over the last few weeks, including
affiliates of the infamous LockBit ransomware
group and Medusa. Ransomware groups
are mostly indiscriminate in their attacks,
motivated by profits over anything else.
Organisations that use Netscaler ADC and
Gateway products must prioritise patching
these systems immediately, as the threat of
exploitation is extremely high, especially by
ransomware groups."
SMASH-AND-GRAB ATTACKS
Meanwhile, Sophos has revealed how these
active adversaries are now carrying out
ransomware 'fast' attacks in mere hours in its
'2023 Active Adversary Report for Security
Practitioners'. The Sophos X-Ops report
showcases the forensics of fast smash-andgrab
ransomware attacks and the precise
tactics, techniques and procedures (TTPs)
attackers are using to operate in this new
high-speed attack mode - including preferred
living-off-the-land binaries (LOLBins) and other
tools and behaviours that get them close to
crucial resources that they want to exploit.
This evidence in the report, along with
detailed explanations of how certain attacks
unfold, demonstrates the need for regularly
adapted security solutions to protect, detect
and disrupt intrusions as fast as possible on
the attack chain, states Sophos.
"In the face of fast-moving adversaries who
are continuously evolving their TTPs - and
often blend the use of legitimate tools - to
execute multi-stage attacks, cybersecurity
defences need to be dynamic and foresightful,"
state Raja Patel, chief product officer
at Sophos. "Sophos is taking a proactive,
protection-first approach to stopping threats
at the front door before they escalate. We're
evolving products with industry-first security
capabilities that are powered by Sophos X-
Ops' deep threat intelligence from more than
half a million organisations globally to identify
and counter threats at speed and scale."
Adds John Shier, field chief technology officer
at Sophos: "As attackers speed up their attack
timelines, one of the best things organisations
can do is increase friction whenever possible;
in other words, if their systems are well maintained,
attackers must do more to subvert
them. That takes time and increases the
detection window. Robust, layered defences
create more friction, increasing the skill level
the attacker needs to bring to the table. Many
simply won't have what it takes and will move
on to easier targets."
NO SAFE PLACE
In 2023, it seems ransomware was, well,
everywhere. The Kyocera AVX's attack, for
instance, impacted the personal data of over
39,000 individuals, while the attack at China's
largest bank (ICBC) resulted in the disruption
of global financial services, including the US
Treasury. Also prominent in the news was
the State of Maine data breach, linked to a
Russian ransomware gang, which was said to
have affected 1.3 million residents.
Little wonder, then, that Dr Ilia Kolochenko,
founder of ImmuniWeb and a member of
Europol Data Protection Experts Network,
reflects on the growth of ransomware and
why it won't slow down any time soon.
"Unfortunately, the [illicit] business model of
ransomware is both resilient and sustainable
for perpetrators. First, there is a plethora of
wealthy victims who are poorly protected
and are a 'perfect victim', even for technically
inexperienced criminals.
"Secondly, the risk of getting caught - despite
several prominent operations by law enforcement
agencies in 2023 - are still infinitesimal.
Moreover, many perpetrators are based in
non-extraditable jurisdictions and can act with
complete impunity. Thirdly, the abundance
of cryptocurrencies makes money laundering
very easy, allowing cybercriminals to fully
James Blake, Cohesity: only focusing on
likelihood mitigations when you're facing
the inevitable is an act of insanity.
Satnam Narang, Tenable: organisations that
use Netscaler ADC and Gateway products
must prioritise patching these systems
immediately.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
25

ansomware
Raja Patel - Sophos: cybersecurity
defences need to be dynamic and
foresightful.
Ilia Kolochenko, ImmuniWeb: the risk of
getting caught - despite several prominent
operations by law enforcement agencies in
2023 - are still infinitesimal.
enjoy the fruits of their crimes. In 2024, we
will likely see even more victims of ransomware
that is gradually dethroning other - less
profitable and more risky - types of cyberattacks."
INVERTING THE PRINCIPLE
In a bizarre twist to the principle of behaving
with all due probity in this murky world, it has
recently emerged that the ALPHV/BlackCat
ransomware operation (widely accredited as
being the first ransomware group to create
a public data leaks website on the open
internet) has filed a US Securities and
Exchange Commission complaint against one
of its alleged victims for not complying with
the four-day rule to disclose a cyber-attack.
Kolochenko, also adjunct professor of Cybersecurity
& Cyber Law at Capitol Technology
University, comments: "Misuse of the new SEC
rules to make additional pressure on publicly
traded companies was foreseeable. Moreover,
ransomware actors will likely start filing
complaints with other US and EU regulatory
agencies when the victims fail to disclose a
breach within the timeframe provided by law."
Having said that, not all security incidents are
data breaches and not all data breaches are
reportable data breaches, he points out.
"Therefore, regulatory agencies and
authorities should carefully scrutinise such
reports and probably even establish a new
rule to ignore reports uncorroborated with
trustworthy evidence, otherwise, exaggerated
or even completely false complaints will flood
their systems with noise and paralyse their
work."
REVISION TIME
Kolochenko also suggests that victims of data
breaches should urgently consider revising
their digital forensics and incident response
(DFIR) strategies by inviting corporate jurists
and external law firms specialised in cybersecurity
to participate in the creation, testing,
management and continuous improvement
of their DFIR plan. "Many large organisations
still have only technical people managing the
entire process, eventually triggering such
undesirable events as criminal prosecution of
CISOs and a broad spectrum of legal
ramifications for the entire organisation.
Transparent, well-thought-out and timely
response to a data breach can save millions."
ENHANCED EXTORTION
Thomas Barton, who is senior IR analyst at
Integrity360, addresses the very same issue:
"This shows that ransomware operations are
beginning to reach a maturity level where the
responsible threat actors are fully aware of
regulations affecting their target sector and
are able to use regulatory bodies to enhance
the threat of extortion. This highlights the
importance of engaging experienced legal
and cybersecurity profess-ionals before,
during and after an incident who can assist in
navigating the complex challenges that such
an attack can present."
Finally, and according to a new report by
MIT professor Stuart Madnick, there were
more ransomware attacks reported during
the first nine months of 2023 than in the
whole of 2022. It points to a stark increase in
cyberattacks, impacting as many as 360
million people up to and including August.
One reason for the jump, according to
Madnick, is that ransomware groups are
becoming far more organised, operating
as gangs and targeting organisations with
critical user data, such as government and
healthcare facilities.
The other cause for the jump, he points out,
is that cybercriminals are increasingly using
secondary vendors to gain access to their main
targets. "In today's interconnected world,
virtually every organisation relies on a wide
range of vendors and software. As a result,
hackers only need to exploit vulnerabilities in
third-party software or a vendor's system to
gain access to the data stored by every
organisation that relies on that vendor."
26
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

cloud security
LIFE INSIDE THE CLOUDS
TRADITIONAL CLOUD SECURITY IS FAILING THE MODERN ENTERPRISE,
STATES ILLUMIO, AS IT RELEASES NEW GLOBAL RESEARCH FINDINGS
New research just unveiled digs down
into the current global state of cloud
security, the impact of cloud breaches
and "why traditional cloud security technologies
fail to keep organisations secure in the
cloud".
The 'Cloud Security Index: Redefine Cloud
Security with Zero Trust Segmentation' from
Illumio is the result of a survey conducted by
independent research firm Vanson Bourne. It
canvassed the views of 1,600 IT and security
decision makers across nine countries and
found that "cloud risks are only getting
worse, traditional cloud security tools are
falling short and Zero Trust Segmentation
(ZTS) is essential for the modern landscape",
according to Illumio.
Key findings in the research include:
"Traditional cloud security is failing the
modern enterprise: in the last year, nearly
half of all data breaches (47%) originated
in the cloud, and more than six in 10
respondents believe cloud security is
lacking and poses a severe risk to their
business operations."
"Cloud breaches cost organisations
millions each year: The average organisation
that suffered a cloud breach last
year lost nearly $4.1 million, and yet 26%
are operating under the assumption that
breaches are not inevitable, posing
serious risks to the business and its
customers."
"Zero Trust Segmentation is critical for
cloud resilience: 97% [of those responding]
believe ZTS can greatly improve their
organisation's cloud security strategy,
because it improves digital trust (61%),
ensures business continuity (59%), and
bolsters cyber resilience (61%)."
According to Illumio: "As organisations take
their most sensitive data to the cloud, they
face increased complexity and risk. 98% of
organisations store their most sensitive data
in the cloud, including financial information,
business intelligence and customer or employee
personally identifiable information (PII). Yet
over 9 in 10 are concerned that unnecessary
or unauthorised connectivity between cloud
services increases their likelihood of a breach."
According to the research findings, the main
threats to organisations' cloud security are:
workloads and data overlapping traditional
boundaries (43%); a lack of understanding
of the division of responsibility between
cloud providers and vendors (41%); social
engineering attacks (36%); a lack of visibility
across multi-cloud deployments (32%); and
rising malware and ransomware attacks
(32%).
Some 93% of IT and security decision
makers believe that segmentation of critical
assets is a necessary step to secure cloudbased
projects. Additionally, organisations
with dedicated microsegmentation technology
were less likely to have suffered a cloud
breach in the last year (35%) than those
without it (43%).
"Because cloud environments are dynamic
and interconnected, they're increasingly
challenging for security teams to navigate
with legacy solutions," comments John
Kindervag, chief evangelist at Illumio -
pictured right. "Organisations need modern
security approaches that offer them real-time
visibility and containment by default to
mitigate risk and optimise opportunities
afforded by the cloud. I'm optimistic that
nearly every security team is prioritising
improving cloud security in the months
ahead and that they see solutions like ZTS as
an essential piece of their Zero Trust journey."
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
27

attack… attack
POINT OF IMPACT
IN 2023, SOME OF THE BIGGEST CORPORATE NAMES WERE BROUGHT
TO THEIR KNEES. CAN WE EXPECT ANY BETTER OUTCOME THIS YEAR?
If the number and ferocity of attacks on
organisations throughout 2023 is anything
to go by, many more can expect a torrid
time of it in 2024. Some of the biggest
corporate names have been brought to their
knees. It seems that even unlimited resources
to throw at self-protection may not be enough
against opponents who now have the kinds
of sophisticated weaponry that only a few
years ago would have seemed to belong in
a fantasy world.
Now, where the slightest opportunity to
launch an assault on a vulnerable target
exists, the wheels spring into action. Take
Russia-based ransomware group LockBit
3.0's attack on Boeing. In this instance,
the vulnerability that opened
up the route inside the
defences of the
aviation giant
was found
within
Citrix
RANSOMWARE
MALWARE
software, known as Citrix Bleed. The hackers
claimed they had obtained "a tremendous
amount" of sensitive data from the aerospace
giant and would dump it online, if Boeing
didn't pay a ransom by November 2.
Subsequently, the group removed Boeing's
name from the leak site and extended the
deadline to November 10. However, talks
between Boeing and LockBit 3.0, if any,
appear not to have been successful, as the
latter published about 50GB of data allegedly
stolen from Boeing's systems. It may serve as
little consolation to Boeing that it is not alone
- estimates suggest that LockBit may have
hacked as many as 800 organisations in
2023.
LockBit ransomware, first seen on Russianlanguage-based
cybercrime forums in January
2020, has been detected all over the world,
with organisations in the United States, India
and Brazil among common targets, according
to cybersecurity firm Trend Micro. Some of the
subsequent estimates put the ransomware
damage suffered by US organisations
that have been hit by LockBit at as
much as $90 million between 2020
and mid-2023, making LockBit as
one of the world's biggest hacking
groups since its formation in 2020.
William Hutchison, who is the
former senior military officer at
US Cyber Command, and CEO
of SimSpace, says that the attack
continues to highlight the urgent need for
proactive security and continuous testing to
prevent these situations. "Following a familiar
pattern, they have gone after a company that
deals with extremely sensitive military data,
including missiles and the next iteration of
Air Force One that could result in catastrophic
CYBER-ATTACK
consequences, should it fall into the wrong
hands. Even if Boeing use backup data and
resuscitate their webpages, they will be more
worried about stolen data from this breach
making it onto the dark web."
Could the attack have been better guarded
against? "This breach came via a zero-day
vulnerability, which means the only way
the company could have prepared was by
simulating a new attack with their defence
teams and helping them war game how to
respond," he states. "Cybercriminals like to go
quite 'low and slow' when they have gained
access to a company's systems, because they
do not want to be identified before they get
to their target. Typically, this dwell time will
last a period of days, weeks or months, and
this is why it's important for organisations to
train their staff, so they can recognise the
signs of these intruders in the network and
stop them before it becomes a critical
problem."
Threat actors are often underwritten or
enabled by well-funded nation-states and this
is why public and private organisations must
continue to invest in cybersecurity, he adds.
"This investment must be in people, processes
and technology. Any weakness in one is a
weakness in all. 85% of breaches are related
to human error. It is an exponential problem
now, because it drives crime, as there are too
many people paying, allowing hackers to
make a quick buck."
REACTIVE, NOT PROACTIVE
Meanwhile, Vanta has recently released its
annual 'State of Trust' Report, an in-depth
analysis uncovering global trends in security,
compliance and the future of trust, in which
nearly two-thirds of UK businesses (66%) say
that they need to improve their security and
28
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

attack… attack
compliance measures, with only one in four
(25%) rating their organisation's security
and compliance strategy as reactive.
For companies of all sizes, limited risk
visibility and resource constraints make it
challenging to improve their security. Fewer
than half (42%) of UK organisations rate their
risk visibility as strong. Equally concerning is
that 21% have downsized IT staff and 62%
have either already reduced IT budgets or are
planning to do so, as they continue grappling
with the on-going and challenging global
economic environment.
"Business and IT leaders alike know that they
need to improve their organisations' security
and compliance, especially because it
supports landing customers and improves
reputation - which is a clear theme in our
State of Trust report, " says Paulo Rodriguez,
head of international at Vanta. "Yet they have
blind spots getting in their way. Just as clearly,
there is an appetite for automation and AI to
help combat the pressures of improving and
demonstrating security; ultimately making
compliance a strategic imperative, rather than
a nice to have."
KEY TRENDS HIGHLIGHTED
Another recent release is Gatewatcher's 'Cyber
Threat Semester' Report, which explores cyber
threat trends between January-June 2023, as
seen by Gatewatcher CTI, the cybersecurity
software vendor's Threat Intelligence platform
and the active intelligence of its Purple Team
analysts.
The report is based around five key trends:
Identifying the malware most frequently used
by cyber attackers
Exposing the file types used
Revealing new threat actors
Alerting the main sectors targeted
Regions and sectors most affected
by ID leaks.
"In this third report, we have taken a close
look at ID leaks, as they remain an extremely
simple and effective means of intrusion,"
explains François Normand, who is head of
cyber threat intelligence at Gatewatcher.
"The risks associated with identification being
based on just a log in and password are
well documented and we encourage the
development of passwordless alternatives
as part of an 'Identity Intelligence' strategy,
to combat the risks of this attack surface
being exploited.
He adds: "More generally, this report serves
as a reminder, if one were really needed,
that monitoring trends in new threats and
ensuring they are visible are the most effective
methods for reducing cyber risks and mitigating
the impact of security incidents."
SEISMIC EVENT
At its annual Trust Summit conference,
DigiCert released the results of a global study
exploring how organisations are addressing
the post-quantum computing threat and
preparing for a safe post-quantum computing
future. Prominent findings reveal that,
while IT leaders are concerned about their
ability to prepare in the timeframes needed,
they are hampered by many obstacles, which
include lack of clear ownership, budget and
executive support.
Quantum computing harnesses the laws
of quantum mechanics to solve problems
too complex for classical computers. With
quantum computing, however, cracking
encryption becomes much easier, which
poses an enormous threat to data and user
security. "PQC [post quantum cryptography]
is a seismic event in cryptography that will
require IT leaders to begin preparation now,"
says Amit Sinha, CEO of DigiCert. "Forwardthinking
organisations that have invested
in crypto agility will be better positioned
to manage the transition to quantum-safe
algorithms when the final standards are
released in 2024."
Ponemon Institute surveyed 1,426 IT and IT
security practitioners in the United States
William Hutchison, SimSpace: data stolen
from Boeing, including missiles and the
next iteration of Air Force One, could
result in catastrophic consequences, if
it falls into the wrong hands.
Paulo Rodriguez, Vanta: organisations want
to improve their security and compliance, yet
they have blind spots getting in their way.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
29

attack… attack
Amit Sinha, DigiCert: post quantum
cryptography (PQC) is a seismic event
that will require IT leaders to begin
preparation now.
François Normand, head of cyber threat
intelligence at Gatewatcher: passwordless
alternatives should be developed as part
of an 'Identity Intelligence' strategy.
(605), EMEA (428) and Asia-Pacific (393) that
are knowledgeable about their organisations'
approach to PQC. Key findings from the
study, sponsored by DigiCert, include:
61% of respondents say their
organisations are not and will not
be prepared to address the security
implications of PQC
Almost half of respondents (49%) say
their organisations' leadership is only
somewhat aware (26%) or not aware
(23%) about the security implications
of quantum computing
Only 30% of respondents say their
organisations are allocating budget
for PQC readiness
525 of those surveyed say their
organisations are currently taking an
inventory of the types of cryptography
keys used and their characteristics.
FALSE DELIVERY
Equally concerning is a complex new attack
tactic that combines credible phone and
email communications, in an attempt to take
control of corporate networks and exfiltrate
data. During an investigation at a Swiss
company, Sophos X-Ops discovered that the
attack had begun with a telephone call that
may have seemed harmless. The targeted
employee was contacted directly by a man
who told the employee he had an urgent
delivery to make to one of the company's
sites and asked if the employee would accept
the delivery. To validate the new delivery -
allegedly for security reasons - the employee
had to read out a code sent by email during
the call.
The email, which was reported to have been
written in perfect French, contained no text
in the body of the message and featured
only a static image that appeared to be a
PDF attachment. Directed by the scammer
on the phone, the employee clicked on the
image, which then led to the malware being
downloaded. After verbally prompting the
employee to open the file, the attackers
began taking over the network.
"This attack was highly, highly targeted,"
says Andrew Brandt, principal researcher at
Sophos. "There was only one person in the
office that Friday and the attackers likely
knew who it was. The use of an image
masquerading as an email is also something
we haven't seen before. However, it's smart.
Attaching an actual PDF often triggers alarm
on systems, since they are so frequently used
to deliver malware, and emails with PDFs
often end up in spam filters."
NASTIEST MALWARE NAMED
Finally, OpenText has announced the Nastiest
Malware of 2023, an annual ranking of the
year's biggest malware threats. For six
consecutive years, OpenText Cybersecurity
threat intelligence experts have analysed the
threat landscape to determine the most
notorious malware trends. Ransomware
has been rapidly ascending the ranks, with
ransomware-as-a-service (RaaS) now the
weapon of choice for cybercriminals.
This year, four new ransomware gangs,
believed to be the next generation of previous
big players, topped the list. Newcomer Cl0p
took the prize for 2023's nastiest malware
after commanding exorbitant ransom
demands with its MOVEit campaign. Cl0p's
efforts helped skyrocket the average ransom
payment, which is rapidly approaching three
quarters of a million dollars, according to
OpenText. Black Cat, Akira, Royal and Black
Basta also made their debuts, joined by the
always-present Lockbit.
"A key finding this year is the RaaS business
model is another win for the bad guys," says
Muhi Majzoub, EVP and chief product officer,
OpenText. "Profit sharing and risk mitigation
are top contributors to RaaS success, along
with the ability to easily evade authorities.
There is a silver lining, as research shows
only 29% of businesses pay ransom, an alltime
low. These numbers indicate people are
taking threats seriously and investing in security
to be in a position where they do not need
to pay ransom," he concludes.
30
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

artificial intelligence
WHY AI IS ON ALL OUR MINDS
WE OFFER MORE REFLECTIONS ON ARTIFICIAL INTELLIGENCE,
FOLLOWING ON FROM OUR MAIN FEATURE ON PAGE 18
Tom McVey, the senior solutions
architect EMEA at Menlo Security,
believes that AI can be used in a
multitude of ways to detect and mitigate
threats, including "some that we haven't
even conceived yet, as it's still early days.
If we use the example of detecting
malicious websites, a product that
verifies whether any page was human or
AI will be very powerful. Without this,
the internet may become a bit like
the Wild West - similar to its early days.
Using AI to homologate and structure it
again will help us to defend against the
types of threats that leverage language
models".
He also points to how Security Incident
and Event Management (SIEM) software
is used by security analysts to determine
how a breach took place by collecting
logs, messages and events from every
piece of technology within an organisation.
"That's a huge wealth of data
and an incident response team member
only has traditional filtering tools to
sort through it - ie, by user name or
category. Once they have filtered down
the events that they think are relevant,
they've ultimately got to start making
human judgement calls on how an
attacker got in. It's a case of slowly
drilling down like a detective.
"Whilst I don't think that there is any
way that AI in its current state could
replace this function entirely," states
McVey, "it can certainly be used to
augment it in a certain way. In theory,
the incident response team could give
the huge amount of log data to an AI
language model and, as long as it was
trained with incident response in mind,
it should be able to correlate that data
and draw out the things that are
noteworthy. At the very least, the incident
response team member could compare
this to what their filtering came up with.
It must be said, however, that AI is not
always more correct than a human, but
it's a cheap and quick way to get a
second opinion. which may correlate
with what the team member believes
is correct."
THREATS AT LARGE
According to Brad Freeman, director
of technology at SenseOn, the biggest
risk from AI in 2024 is how LLMs (Large
Language Models) will allow highly
specific and tailored phishing messages.
"These messages will be sent both via
traditional email, instant message and
social networking, but increasingly via
real-time communications such as voice
and potentially via video. This will bring
a new edge to social engineering and is
likely to convince even the most vigilant
targets. The stakes are high, as many
whaling attacks generate millions of
dollars from stolen corporate funds.
"It makes sense that criminal groups
will invest their time to ensure the next
generation of attacks will be as convincing
as possible" he points out. "Many of
us would be persuaded, if we got a phone
call which sounded like somebody we
knew. Even if they were making an
unusual request, these types of
communications will be received by
many accounts departments in 2024,
requesting or amending payments."
Tom McVey, Menlo Security: AI can be
used in a multitude of ways to detect
and mitigate threats.
Brad Freeman, SenseOn: biggest risk from
AI is how Large Language Models will
allow highly specific and tailored phishing
messages.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
31

cybercrime
STAYING ABOVE THE WATER LINE
STEALERS, LOADERS, ZERO-DAY EXPLOITS, RANSOMWARE, BRUTE FORCE ATTACKS - THE LIST
OF VULNERABILITIES IS OVERWHELMING. HOW CAN ORGANISATIONS EVER HOPE TO COPE?
Lindy Cameron, NCSC: attacks can hit
finances, compromise customer data,
disrupt operational delivery, erode trust
and damage reputations.
As the ransomware threat has evolved,
victims now have the constant worry
of their sensitive data being exposed
to the world and with it face the risks of
reputational damage. "There will also be
additional considerations of the impact of
enforcement by a data protection authority
[such as the Information Commissioner's
Office in the UK] for not sufficiently protecting
customer data," adds the National Cyber
Security Centre (NCSC), as it releases its 2023
white paper addressing the impact that
cybercrime is now having on organisations
of all sizes, in all sectors, across all disciplines.
"More recently, some groups conduct data
theft and extortion only, without deploying
ransomware. Accordingly, cybercriminals will
now use whichever approach they believe
most likely to yield payment, deploying
ransomware attacks to disrupt logistics
companies that need the data to function,
but favouring extortion-only attacks against
healthcare services (where patient privacy
is paramount). And while some criminal
groups purport to follow a 'moral code'
and avoid attacks against critical national
infrastructure (CNI) and healthcare services,
"the reality of complex modern supply chains
means criminals cannot know if their attack
will impact such services," points out the
report, 'State of Cybersecurity Automation
Adoption.'
Lindy Cameron, CEO and head of the NCSC,
says that, as IT systems are now ubiquitous,
ransomware attacks can be truly devastating
for victims and their customers, which is why
it remains the most acute cyber threat for
most UK businesses and organisations.
"Attacks can affect every aspect of an
organisation's operation, hitting finances,
compromising customer data, disrupting
operational delivery, eroding trust and
damaging reputations. The impact will be felt
in the short and long term, particularly when
organisations are unprepared. Recovery is
often lengthy and costly."
OPPORTUNISTIC ATTACKS
The majority of the initial accesses to victims
are gained opportunistically, it seems, and are
not targeted against a particular organisation
or business sector, states the NCSC research.
"Cybercriminals are primarily concerned with
financial benefit and, while occasionally
a group will specifically target sectors they
have had previous success with [such as Vice
Society and the education sector], the
majority do not. Headlines such as 'company
X targeted in a ransomware attack' do not
reflect the reality. Most criminals take the
opportunities presented to them, either
through buying accesses that they deem
likely profitable, or by scanning for a
vulnerability in a product likely used in
enterprise networks.
32
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

cybercrime
"Moreover, most ransomware incidents are
not due to sophisticated attack techniques,
but usually the result of poor cyber hygiene.
"That's not to say that victims did not take
cyber security seriously; modern IT estates
are exceptionally complex, particularly for
organisations that have undergone acquisitions
and mergers, and security controls
can be difficult to implement effectively
across complex environments. Poor cyber
hygiene can include unpatched devices, poor
password protection or lack of multi-factor
authentication (MFA)."
Remedying these are not "silver bullets", but
implementing such measures would interrupt
the majority of ransomware attacks. MFA, in
particular, is often not in place, which enables
many ransomware attacks to be successful.
"Criminal use of exploits often surges shortly
after certain critical patches are released,
indicating they are being reverse-engineered
from the patches. In most cases, an exploit is
widely available in the criminal forums in less
than one week from the patch being
released."
ZERO-DAY TACTICS
As for zero-day exploits, cybercriminals don't
need to develop their own zero-day exploits,
as doing so is expensive and there are many
devices 'in the wild' that are not patched
regularly. "However, some actors have been
known to use zero-day exploits, most notably
there are public reports of Cl0p's use of
the Accellion, GoAnywhere and MOVEit
vulnerabilities." This would account for the
large spike in Cl0p victims in 2023, says
NCSC. "Actors conducting ransomware will
buy exploit code from other criminals or
modify exploit code from GitHub."
The NCSC strongly recommends creating a
vulnerability management plan that prioritises
vulnerabilities accessible from the internet.
The list of exploits being used changes
rapidly, based on the availability of vulnerable
systems and the introduction of new exploits
to the market, so it is not enough to just
patch those known to be currently in use.
Poor password practice is another common
access vector for enabling ransomware.
"In the same way actors can scan for known
vulnerable devices, it is equally straightforward
to scan for a device type and test
common passwords in brute force attacks.
In some cases, default passwords [that are
widely known and shared] have not been
changed. Tools like Crowbar, Hydra and
NLBrute, specifically designed for conducting
brute force attacks, make it easy for malicious
actors [who can also use the same approach
with certain network perimeter devices and
common services such as RDP or SSH] to
gain access."
STEALERS AND LOADERS
'Stealers' are a type of malware available
on criminal forums that are used to harvest
a variety of useful information (including
credentials), which other criminals can use in
fraud and/or ransomware attacks. In some
cases, versions of the stealers have been
leaked onto GitHub, making them widely
available for anyone to use. Prices range
from hundreds to thousands of US dollars
per month. Common features of stealers are:
Stealing passwords stored
in web browsers
Stealing cookies, browser version
and other configuration details
Stealing form entry data
from web browsers
Stealing stored credit card details
Taking screenshots
Capturing antivirus details
Logging keyboard presses from users.
This malware can evade detection by
antivirus software, due to the availability
of criminal services that specialise in 'crypting'
or modifying malware to ensure it's not
detected. It should be noted that, although
the credential-stealing malware described
above is used to access passwords stored in
web browsers, the NCSC's advice for general
members of the public remains to store
credentials in web browsers. "This prevents
the majority of users from using easily
guessed passwords [or re-using the same
passwords across multiple accounts], both
of which put people at risk following largescale
data leaks when online services are
compromised."
'Loaders' are another type of malware used
to gather basic system information, which is
then used to deploy other malware. Loaders
can be used to determine if a system is viable
for ransomware before deploying more
capable malware - and spending the time
necessary to take over the whole network.
"The shifts in the ecosystem around
ransomware and extortion demonstrate how
cyber criminals will adopt whichever technology
[or business model] allows them to best
exploit their victims. This means the threat
will continue to adapt and evolve as threat
actors seek to maximise profits. While on the
surface an attack can be attributed to a piece
of ransomware [such as Lockbit], the reality
is more nuanced, with a number of cybercriminal
actors involved throughout the
process.
"Tackling individual ransomware variants -
something which the NCSC and NCA
(National Crime Agency) are frequently
challenged on - is akin to treating the
symptoms of an illness and is of limited use,
unless the underlying disease is addressed.
Taking a more holistic view by understanding
the elements of the wider ecosystem allows
us to better target the threat actors further
upstream, in addition to playing 'whack-amole'
with the ransomware groups."
UNRELENTING PRESSURE
Threat Quotient's 2023 'State of Cybersecurity
Automation Adoption' report, which explores
cybersecurity automation adoption amongst
senior cybersecurity professionals, says that
the pressure on cybersecurity teams shows
no signs of abating. "While the global health
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security
33

cybercrime
crisis is behind us, the past 18 months
have brought a worldwide economic
uncertainty and geopolitical tension at
a level not seen for decades," says Threat
Quotient. "The resulting energy crisis,
supply chain impacts and effects on
employment are sending shockwaves
throughout the physical and digital
world, and, wherever there is disruption,
cybercriminals and nation-state actors
are always on hand to capitalise on the
situation.
"Right now, they are leveraging
new tools, such as automation and
generative artificial intelligence [AI], to
make attacks more sophisticated and
deceptive. As the volume and variety of
cyber threats increase exponentially, and
skilled cybersecurity workers remain in
short supply, senior cybersecurity leaders
face a relentless resource challenge:
how to protect the organisation in
an environment where budgets and
personnel are under pressure."
Over the three years that it has undertaken
this survey, Threat Quotient has tracked the
adoption of cybersecurity automation as a
solution to this problem. "Our 2023 State
of Cybersecurity Automation Adoption
research finds that organisations are leaning
on automation to handle a growing percentage
of cybersecurity use cases, with the goal
of increasing efficiency, responding to regulation
and compliance requirements and
increasing productivity. Overall, they consider
automation to be important in their organisation
and they are continuing to commit
budget to automation programmes - even
though they are having to cut back in other
areas to do so.
"However, our study also shows that the
problems highlighted in previous years remain
- in fact, they have grown. Every respondent
said they had experienced difficulties of some
kind when implementing cybersecurity automation.
These range from a lack of trust in
the outcomes of automated processes, slow
adoption by users, bad decisions resulting
from automation and a lack of skill among
users."
The company points to the progress that has
been made over the past year. "Organisations
have been actively using automation to
streamline routine tasks and improve their
cybersecurity posture." However, even with
this progress, significant challenges remain,
it adds. "Complex technological landscapes,
skill shortages and difficulties in securing
management support remain as roadblocks."
Threat Quotient offers several actionable
recommendations, tailored for security
professionals responsible for automation
efforts, to help them enhance the effectiveness
and efficiency of their cybersecurity
automation initiatives:
1. Invest in Smart Tools and Flexibility for
Wellbeing: To improve threat intelligence
analyst wellbeing and employee retention,
invest in smarter tools that simplify work
processes. Smart tools equipped with AI
capabilities empower analysts to make
faster and more accurate decisions
2. Choose Proven Use Cases for
Automation: Select cybersecurity
automation use cases that have
demonstrated value by saving time and
improving security procedures. Popular
choices, such as threat intelligence
management, incident response,
phishing analysis and vulnerability
management, offer tangible benefits in
terms of efficiency and effectiveness
3. Integrate Data Sources for Contextual
Insights: Emphasise the importance of
integration with multiple data sources
when selecting cybersecurity automation
solutions. This integration
enhances context for decision-making,
enabling automation to focus on
relevant and high-priority events
4. Address Implementation Challenges
through Training: Recognise that implementing
cybersecurity automation is not
without challenges. Combat issues like
"lack of trust in outcomes" and "slow user
adoption" by investing in comprehensive
training programmes
5. Align Automation Metrics with
Organisational Goals: Secure management
support for automation initiatives by defining
clear metrics for success and aligning them
with organisational goals. Balance quantitative
metrics - improved efficiency and
resource management - with qualitative
factors, like employee satisfaction and
retention.
By following these recommendations,
concludes Threat Quotient, "organisations can
navigate the complexities of cybersecurity
automation adoption, harness its potential
benefits, and effectively address challenges
to enhance overall security posture and
operational efficiency".
34
computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk

SAVE THE DATE
RDS, Dublin: 22-23 Nov 2023
Infrastructure • Services • Solutions
DataCentres Ireland combines a dedicated exhibition and
multi-streamed conference to address every aspect of planning,
designing and operating your Datacentre, Server/Comms room and
Digital storage solution – Whether internally, outsourced or in the Cloud.
DataCentres Ireland is the largest and most complete event in the country.
It is where you will meet the key decision makers as well as those directly
involved in the day to day operations.
EVENT HIGHLIGHTS INCLUDE:
Multi Stream Conference
25 Hours of Conference Content
International & Local Experts
60+ Speakers & Panellists
100+ Exhibitors
Networking Reception
Entry to ALL aspects of
DataCentres Ireland is FREE
• Market Overview
• Power Sessions
• Connectivity
• Regional Developments
• Open Compute Project
• Heat Networks and the Data Centre
• Renewable Energy
• Standby Generation
• Updating Legacy Data Centres
Meet your market
Lead Conference Sponsor Platinum Sponsor Lanyard Sponsor
Session Sponsors
For the latest information & to register online visit
www.datacentres-ireland.com

Computing
Security
Secure systems, secure data, secure people, secure business
e-newsletter
Are you receiving the Computing Security
monthly e-newsletter?
Computing Security always aims to help its readers as much as possible to do
their increasingly demanding jobs. With this in mind, we've now launched a
Computing Security e-newsletter which is produced every month and is available
free of charge. This will enable us to provide you with more content, more
frequently than ever before.
If you are not already receiving this please send your request to
christina.willis@btc.co.uk and advise her of the best email address for the
newsletter to be sent to.