CS2403

Computing
Security
Secure systems, secure data, secure people, secure business
CUTTING EDGE
Can AI overcome all
the doomsayers and
be a force for good?
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
SHAPING UP
More insights on what may
lie in wait for security during
the rest of 2024
EMBRACE YOUR ‘FOE’
AI and humanity can
partner up, but there
will be a price to pay
GETTING TO THE (END) POINT
How to identify the
system that’s right
for your organisation
Computing Security March/April 2024

comment
GEARING UP TO THE TASK
EDITOR: Brian Wall
(brian.wall@btc.co.uk)
LAYOUT/DESIGN: Ian Collis
(ian.collis@btc.co.uk)
SALES:
Edward O’Connor
(edward.oconnor@btc.co.uk)
+ 44 (0)1689 616 000
Daniella St Mart
(daniella.stmart@btc.co.uk)
+ 44 (0)1689 616 000
Stuart Leigh
(stuart.leigh@btc.co.uk)
+ 44 (0)1689 616 000
It's interesting to see that a new taskforce is being set up by a number of leading
accounting and security organisations in the UK, as cybersecurity threats hit
unprecedented levels.
The idea is that businesses can be supported and helped in their efforts to effect a
stronger security stance that serves to protect their corporate financial transactions. At
the heart of this enterprise is the Institute of Chartered Accountants in England and
Wales (ICAEW), operating in partnership with the National Cyber Security Centre
(NCSC).
It's a move that has been welcomed by Sylvain Cortes, VP Strategy, Hackuity. "It's
reassuring to see the ICAEW working with the NCSC to establish a cyber taskforce and
improve the security of their deals," he comments.
"The attack surface of these corporations is enormous, so any guidance will be
invaluable to companies striving to reduce their cyber risk," adds Cortes. "The finance
sector has become a prime target for attackers globally, due to the huge amounts of PII
and financial data they hold. Any type of breach, particularly in this sector, shatters both
the victim organisation's reputation and customer trust. The more help and guidance
for maximum defence, the better."
Brian Wall
Editor
Computing Security
brian.wall@btc.co.uk
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexions Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK: £35/year, £60/two years,
£80/three years;
Europe: £48/year, £85/two years,
£127/three years
R.O.W:£62/year, £115/two years,
£168/three years
Single copies can be bought for
£8.50 (includes postage & packaging).
Published 6 times a year.
© 2024 Barrow & Thompkins
Connexions Ltd. All rights reserved.
No part of the magazine may be
reproduced without prior consent,
in writing, from the publisher.
www.computingsecurity.co.uk March/April 2024 computing security
@CSMagAndAwards
3

Secure systems, secure data, secure people, secure business
Computing Security March/April 2024
inside this issue
CONTENTS
Computing
Security
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
CUTTING EDGE
SHAPING UP
More insights on what may
Can AI overcome all
lie in wait for security during
the doomsayers and
the rest of 2024
be a force for good?
EMBRACE YOUR ‘FOE’
AI and humanity can
partner up, but there
will be a price to pay
GETTING TO THE (END) POINT
COMMENT 3
Gearing up to the task
How to identify the
system that’s right
for your organisation
NEWS 6 & 8
Legacy IT systems at critical risk level
Data protection falling way short
Action call to solve skills shortages
ARTICLES
GETTING YOUR ACT TOGETHER 11
Core obligations of the upcoming Digital
Operational Resilience Act explained
AI: PARTNER, NOT PREDATOR? 12
AI and humanity are partners, not
adversaries, argues one observer, signalling
a future where the technology empowers,
rather than endangers, our species. This
isn't to say that AI won't pose threats and
safeguards will need to be put in place.
REMOTE ACCESS SCAM PANDEMIC 22
Cursor Insight's Tamas Zelczer discusses
how biometric cybersecurity can help
UNCERTAINTY THE ONLY CERTAINTY 18
prevent fraud
Part 2 of Computing Security's delve into how
the 'darker forces' of cyber security might
INFOSEC EUROPE 2024 BECKONS 24
impact the industry in the months ahead:
Showtime is approaching, with three days
at minimum, the volume and sophistication
of learning, discovery and insights lined up
of attacks will continue to rise, it is predicted,
as GenAI gets smarter and bad actors learn
DATA STATS ARE 'WAKE-UP CALL' 25
how to wield its power.
Emails soar from just over 2 million sent
per minute in 2013 to hit 241 million
a minute 10 years later
RANSOMWARE ATTACKS ROCKET 29
GONE NUCLEAR 26
Sophisticated attack methods surface,
The number of formal reports that serve
with healthcare a prominent target
to document security issues at the UK's
civil nuclear facilities has hit its highest level
TIME TO SAY 'PASS' TO PASSWORDS? 32
in at least 12 years, amidst a decline in
With Google moving towards a
inspections, according to The Guardian
passwordless future, others may follow
newspaper.
GETTING RIGHT TO THE (END)POINT 33
Why endpoint protection Is seen by many
as a 'must have'
PUT TO THE TEST 30
With penetration testing used to identify
the level of technical risk emanating from
BOOK REVIEW
software and hardware vulnerabilities, might
this be something that every organisation
AI - WEAPON OF WAR? 10
should be implementing?
A new book tackles the implications for
this controversial technology head on
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk
4

Layers aren’t just for cakes; they’re
essential in cybersecurity’s secret
recipe for protection!
Bake it happen with VIPRE Security Group. Secure your
bytes before you take a bite with Email Security, Endpoint
Security and User Protection
www.vipre.com

news
TORSION ANNOUNCES FILING OF PATENT-PENDING TECHNOLOGY
Solution 'automatically controls' access to digital resources
Torsion has had its patent application filed at the United
States Patent and Trademark Office for the core technology
underlying its data access security solution. The technology
provides a layer of intelligent automation of 'who has access
to what' within cloud-based collaboration systems, such as
Microsoft 365. It automatically controls access to digital
resources, based on understanding the business reasons why
a person needs access and their ever-changing professional
circumstances.
"Torsion's patent-pending technology is a breakthrough for
businesses wanting to automate the process of understanding
and controlling who has access to what data, to keep data
secure, and to prove that control under audit, to simplify
Peter Bradley, Torsion.
compliance," states Peter Bradley, company CEO and founder.
WIDENING THE 360 VISION
Integrity360 continues international
growth trajectory.
Integrity360 is expanding its portfolio
of Microsoft security services. The rollout
is scheduled to embrace the UK,
Ireland, Bulgaria, Italy, Spain and the
Nordic region.
As well as the expansion of services and
associated tools and processes, the
company states that it has invested in
the training and development of many
employees. It has also rolled out
product and platform development
and integration, as well as proprietary
threat detection content for the
Microsoft ecosystem and threat
response playbook production.
Integrity360's director of product
management, Brian Martin - pictured
above with Martina Naughton, global
partner sales director, Microsoft Ireland
- says that Integrity360's new partner
designations "will help us fulfil our
Microsoft services vision and cement
our position in the security marketplace,
while further growing our business".
And Martin then goes on to say: "We
expect great demand for Microsoft
Threat Protection services, as it is an
area in which many organisations lack
the required skills and capabilities".
STOLEN CREDENTIALS LIST HITS THE ONE BILLION MARK
Have I Been Pwned' confirms almost 71 million more
John Stringer, Next DLP.
seized email addresses
'Have I Been Pwned' recently confirmed it had added almost
71 million email addresses associated with stolen accounts in
the Naz.API dataset to its data breach notification service.
The dataset is home to a collection of one billion credentials
compiled using credential-stuffing lists and data appropriated
by information-stealing malware.
Comments John Stringer, head of product, Next DLP: "A single
credential can give threat actors access to multiple accounts
when used for various logins. This situation highlights the
urgent need for organisations to enhance their cybersecurity
strategies. It's imperative to emphasise employee training and
awareness programs to mitigate the risks of undetected,
malicious activity in organisational devices."
LEGACY IT SYSTEMS AT CRITICAL RISK LEVEL
Dozens of systems vulnerable across public sector
The Central Digital and Data Office IT Risk Assessment has
found that over 43 legacy IT systems in the UK public sector are
at a critical risk level. Mark Jow, technical evangelist EMEA at
Gigamon, says the Central Digital and Data Office's recent data
findings have highlighted the gap between where government
cyber-resilience is now and where it needs to be. "Government
CISOs are still contending with siloed systems, ranging from
complex legacy platforms to new digital hybrid environments,
struggling with scarce resources. These environments will remain
the prime candidates for bad actors to exploit until these CISOs
have the opportunity to get their house in order."
Mark Jow, Gigamon.
6
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

DON’T
SaaSSS
GET YOUR
KICKED! !
TAKE CONTROL NOW AND
PROTECT YOUR SaaS DATA
Global SaaS vendors like Microsoft, Google and Salesforce
don’t assume any responsibility for your data hosted
in their applications. So, it’s up to you to take control
and fully protect your SaaS data from cyber threats or
accidental loss. Arcserve SaaS Backup offers complete
protection for your SaaS data, eliminating business
interruptions due to unrecoverable data loss.
Arcserve SaaS Backup
Complete protection for all your SaaS data.
arcserve.com
The unified data resilience platform

news
Greg Wetmore,
Entrust.
TIME TO MIND YOUR PS AND QS?
Entrust launches Post-Quantum Ready
PKI-as-a-Service platform
Entrust has recently announced the general
availability of its Post-Quantum Ready PKIas-a-Service
(PKIaaS PQ) platform.
With this launch, the company's cloudbased
PKI-as-a-Service offering can now
provide both composite and pure quantumsafe
certificate authority hierarchies, it
states, enabling customers to test or
implement quantum-safe scenarios and
infrastructure. This makes it "the first
commercially available platform of its
type", it further claims.
"Although the quantum threat is up to
a decade away, we know the transition
to quantum-safe algorithms won't be just
another crypto refresh cycle," says Greg
Wetmore, vice president, Software
Development at Entrust. "To prepare, we
need to move today's public key cryptographic
systems from their current state
to new quantum-safe cryptographic
algorithms.
"This transition will be more complex than
anything we've done in the past, and will
touch just about every piece of digital
infrastructure and data we rely on today.
Organisations should be looking at their
Post Quantum (PQ) migration strategy
now, and implementing the tools and
technology needed to test and migrate to
quantum-safe security," he states.
PROTECTING DATA FALLING WAY SHORT
Companies and authorities still taking breach
AJ Thompson, Northdoor.
threats too lightly
Companies need to stop treating regulations as a tickbox
exercise and realise that the point of them is to
protect data, warns AJ Thompson, CCO, Northdoor.
"Equally, the ICO [Information Commissioner's Office]
also needs to up its efforts in implementing 'proper'
sanctions against those organisations that are failing
customers and partners."
The high-profile introduction of GDPR in 2018 was
meant to prove that the authorities were taking the
threat from cyber-criminals and the misuse of data
seriously, Thompson further points out. "There were
promises of major consequences for every business
that failed to adhere to the regulation, but, as the years
have gone by, we have seen that those organisations suffering data breaches have
been, frankly, wrapped on the knuckles, with no further consequences."
RAPID ACTION NEEDED TO SOLVE CRIPPLING SKILLS SHORTAGES
Traditional university education in cybersecurity is not sufficient
New research in the UK and US reveals that over three-quarters (78%) of
cybersecurity and IT professionals believe a traditional university education in
cybersecurity is not doing enough to prepare graduates for the modern workforce.
Meanwhile, nearly two-thirds (64%) of cyber industry professionals say current
recruitment processes inadequately assess candidates' practical skills.
This is according to a study called 'Securing the future of cybersecurity: From
classroom to every career stage' from Hack The Box, a leading cybersecurity
upskilling, certification and talent assessment platform.
The research highlights what it says is a gap between the essential practical skills
required to combat modern cyber-criminals in the workplace and the expertise
cultivated within university education.
An overwhelming 90% emphasise the need for cybersecurity and computer science
graduates to be prepared with hands-on, practical experience before their first role.
LOGPOINT AND SECURVALUE PARTNER UP TO SHARE THEIR EXPERTISE
Alliance aims to help customers detect and respond to cyber threats.
Armed with Logpoint's modern SIEM+SOAR solution, SecurValue can offer
more robust threat detection and response, real-time data analysis, early detection
of data breaches and easy implementation of compliance requirements, it is
claimed. "We're happy to partner with SecurValue to help organisations strengthen
security posture and cyber resilience. They share our vision for conducting long-term
business in Southern Europe," says Christian Pijoulat, regional director SEMEA at
Logpoint. "SecurValue has a tailored approach to their customers, based on skilled
cybersecurity professionals and trusted technologies, and we're proud that
Logpoint's solution is now a part of that."
8
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

ook review
AI - WEAPON OF WAR?
AI HAS BECOME A VAST TOPIC OF DEBATE: WILL IT HELP US THRIVE OR PROVE OUR NEMESIS?
A NEW BOOK TACKLES THE IMPLICATIONS FOR THIS CONTROVERSIAL TECHNOLOGY HEAD ON
When your subject matter is artificial
intelligence - and your mission is
to confront how this controversial
technology has already been armed and
equipped for malicious and adversarial
purposes, and will be even more so in the
days ahead - you know you are likely to
have an audience out there that will sit up
and take notice.
With his book, 'The Language of Deception:
Weaponizing Next Generation AI', author
Justin Hutchens will undoubtedly secure such
a reaction, not just because AI has arguably
become the most talked about topic on the
planet - yes, even more so than Taylor Swift -
but because the artificial intelligence and
cybersecurity veteran guides the reader
expertly along the path that has spawned
this technology.
In his hands, there is an inevitability about
all of this. We are at the crossroads we have
reached, Hutchens argues, because of our
past, a history he revisits with admirable
exactitude and in fine detail: from artificial
social intelligence to psychological exploitation;
from consciousness, sentience and
understanding to weaponising technical
intelligence; his wide-ranging powers of
observation and analysis are fully brought
to bear.
There is a grim irony in the fact that, with AI
now commanding masses of column inches
and often apocalyptic headlines in the media
every day, and with every politician, entrepreneur
and 'expert' seemingly having an opinion
about the technology and the dark places it
may take us, Hutchens recalls a time - way
back in June 2022 - when he presented
research at the world's largest annual hacking
convention, DEF CON, which itself enjoyed a
massive turnout. Not so the AI Village where
he was speaking. Only a small group of
doughty enthusiasts showed up. As he recalls
in his book, "most people were not paying
attention" - well, they certainly are now.
As Hutchens states, AI "is already poised to
transform every part of our lives. The world is
going to radically change in the coming years,
and emerging AI technology is going to be
at the center of it all. It is critical that people
understand the risks that come along with
these new capabilities, and how we can
safeguard ourselves against those risks".
Certainly, there is much to cause alarm in
what he imparts, but equally the book is a call
to action. "Unfortunately, there is no turning
back the sands of time, and there is no way
to universally unlearn this knowledge that
we now collectively possess. We are going to
have to find a way to live with this technology.
We are going to need to identify ways to
come together, establish global partnerships,
and address these problems on a unified
front. The consequences of next generation
AI will inevitably impact far more than one
culture or organization. If there has ever been
a time for the many factions of humanity to
set aside their differences and act on behalf
of the common good, that time is now."
ALL THE ESSENTIALS...
'The Language of Deception: Weaponizing Next Generation AI'
Author: Justin Hutchens (ISBN: 9781394222544)
Published January 2024 by Wiley
Paperback and ebook, priced £26.99
10
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

legal focus
GETTING YOUR ACT TOGETHER!
EDWARD MACHIN, OF ROPES & GRAY, SETS OUT THE CORE OBLIGATIONS
OF THE UPCOMING DIGITAL OPERATIONAL RESILIENCE ACT
The EU Digital Operational Resilience Act
(DORA), which comes into effect in
January next year, is designed to strengthen
IT security in the financial sector. It sets
requirements for the security of network and
information systems, and applies to financial
institutions and their third-party providers.
"In practice, this means harmonising and
strengthening existing obligations around ICT
governance, risk management and incident
reporting - with responsibility for compliance
going to the board level," says Edward Machin,
a counsel in the Ropes & Gray data, privacy &
cybersecurity team.
DORA applies to a wide range of financial
and financial-adjacent institutions and entities,
he adds. "Although most of these organisations
are already subject to some form of
cybersecurity regulation in the EU, DORA
significantly expands the scope of these laws
and will apply to most of an in-scope entity's
business activities in the EU - including on
an extra-territorial basis."
DORA has four core obligations:
1. Governance and controls. "Management
must approve and oversee the implementation
of an IT risk management compliance
programme that aligns with and reflects
the entity's risk profile and tolerance," states
Machin. "In other words, the board must
maintain an active role in understanding and
directing the company's approach to ICT risk -
including through regular training to keep
their knowledge up to date. Given the speed
at which the cybersecurity world is developing,
this won't always be an easy task."
2. ICT risk management. "In-scope entities
must have in place an appropriate and documented
IT risk management framework that
helps them address risks quickly and comprehensively.
As a minimum it will include (i)
implementing policies, procedures and tools,
including reporting lines, and (ii) adopting
robust security systems and advanced resilience
testing at least once every three years.
Helpfully, these measures can be applied on a
proportionate and risk-based basis…However,
DORA takes a prescriptive approach to certain
of its obligations, such as making in-scope
entities (i) conduct business impact analyses of
their exposure to severe business disruptions,
and (ii) establish a crisis management function
for handling internal and external
communications."
3. Incident reporting. "In-scope entities must
have processes in place to identify, manage
and notify ICT security incidents." Reporting
timelines are among the most involved in
the EU, including initial and secondary notifications
and a final report to competent
authorities, he points out.
4 Third parties. In-scope entities must ensure
that their (new and existing) contractual
arrangements with third-party ICT service
providers meet the prescriptive requirements
set out in DORA. These requirements are
similar to the EBA's guidelines on outsourcing
arrangements; the GDPR mandatory provisions
will also be required if the services
involve personal data (which is likely…).
"Although the requirements are different,"
says Machin, "you should leverage your GDPR
compliance programme - and the experience
gained through putting that in place - to
inform your DORA strategy. Given the impact
that DORA will have on in-scope entities, it
should be treated as seriously as the GDPR."
For the full text of Edwad Machin's blog on
DORA and its likely significance, see here.
Edward Machin, Ropes & Gray.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
11

artificial intelligence
THE WORDS 'GRIM' AND 'REAPER' ARE ALREADY BEING TOUTED AS APT DESCRIPTIONS FOR AI.
WE TURN TO CONSULTANCY AND IMPLEMENTATION AGENCY WEAREBRAIN FOR ITS TAKE ON
THE LIKELY FUTURE OF THIS CONTROVERSIAL TECHNOLOGY
IS AI ALREADY BEYOND CONTROL?
There is no denying that AI has
"revolutionised every major industry on
the planet, transforming the way we
live and work", as WeAreBrain states on its
website. Indeed, AI is continually pushing
the boundaries of conventional thinking.
"However, as it becomes more powerful and
autonomous, there is a growing concern
regarding AI control and the potential risks it
poses to humanity," states the consultancy
and implementation agency. "So, are we
really 'summoning the demon', as Elon Musk
eerily predicted? Or should we all just keep
scrolling and let the algorithms do their
thing?
Here is our comprehensive coverage
on what WeAreBrain has to say:
As artificial intelligence (AI) continues to be
the lifeblood of innovation in our digital
society, global spending is expected to surge
by 120% and hit $110 billion by 2024. This
surge in investment and adoption is largely
a result of the recent GenAI boom, where
everyday netizens are given access to
amazing AI-powered tools designed to push
the boundaries of content creation and
creativity.
With a few simple prompts, anyone can
now write engaging copy, code a website
or application, make music, design art and
images, make videos and create original
content. The possibilities for innovation,
collaboration and creation are seemingly
endless. Let's take a look at the leading AI
trends to supercharge your business in 2024.
LOW-CODE AND NO-CODE AI
By 2024, over 65% of application development
activity is expected to be driven by lowcode
application development. Similar to
low-code/no-code development for websites
or applications, low-code and no-code AI
systems allow users to drag and drop their
way to create smart programs and systems.
By combining pre-built templates and
modules, users simply need to feed the
system with their own domain data to create
a customised AI system tailored to their
needs. This democratisation of AI and IT
helps businesses create AI systems quickly
and affordably, with a faster time to market
and little risk/ROI ratio.
THE PAUSE OF CREATIVE AI
Although AI has been able to produce
creative content like music, art and literature
for a few years now, it has recently levelled
up its ability to mimic human creativity and
expression through art. With Chat-GPT and
GenAI propelling content creation into the
12
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

artificial intelligence
stratosphere in recent times, 2024 might see
a pause.
GenAI faces a sobering reality check, as
the actual costs, risks and complexities
overshadow the hype of 2023. The immense
enthusiasm surrounding generative AI might
have been overstated and significant hurdles
must be overcome to successfully bring it to
market. Added to this, there is a growing
anti-AI movement raising concerns about
the technology's pervasive implementation
that is raising societal and ethical questions.
CHATBOTS AND LLM MODELS
As ChatGPT-5 approaches, we anticipate
swift advancements in AI-driven chatbots.
There is a surge of software companies
actively developing their own Large Language
Model (LLM), with the aim of enabling
computers to emulate human language and
provide solutions to queries in a more
'human-like' manner. For example, Google's
Bard is another popular and free-to-use AI
chatbot relying on Google's search engine
data. Also, Microsoft's Bing Chat is free to use
and relies on the latest GPT 4 model. Be on
the lookout for the launch of Grok, X's (ex-
Twitter) latest AI product set to release in
2024.
Moreover, with Meta's beta release of a new
AI experience integrated into their suite of
apps (WhatsApp, Instagram and Facebook),
users can engage in conversations with AI
versions of celebrities like Snoop Dogg and
Kendall Jenner.
DEMAND FOR AI SPECIALISTS
As AI continues to impact various industries,
the need for skilled professionals who can
develop, maintain and advance AI technologies
becomes increasingly evident. Prompt
engineers and technicians play a vital role in
getting the algorithms to do what they are
required to do, ensuring their functionality
and efficiency. It takes skill to be able to
specify what you precisely require of AI tools
to enjoy the far-reaching benefits of this
technology. Trainers contribute by refining
AI models and teaching them to recognise
patterns or respond to specific inputs.
Additionally, ethicists play a crucial role in
navigating the ethical considerations associated
with AI development and deployment,
ensuring that these technologies align with
societal values and standards.
VOICE- AND LANGUAGE-
DRIVEN INTELLIGENCE
The voice and speech recognition market is
expected to hit $49.7 billion by 2029. The
remote working revolution created a surge
in smart speaker usage in homes and voice
solutions aimed at improving business
processes (ie, voice in meetings and voice
for business intelligence) will take centre
stage in 2023.
Voice assistants will increasingly be tailored
to specific business challenges and integrated
with internal systems, such as CRM and
business processes.
AI ETHICS AND LEGISLATION
As private companies power AI's advancements,
the lack of governmental oversight
has pushed the debate over the ethics of
responsible AI to the fore. In 2024, we will
likely see continued initiatives from global AI
partnerships on how to leverage AI to battle
against major global issues, such as climate
change, and inclusion and diversity.
Ethics will continue to play a major part in
the stimulation of innovation and economic
growth as more organisations realise the
need for responsible tech. Fairness of
algorithms and data transparency are issues
that will need to be addressed this year as
AI adoption is more widespread than ever.
In 2024, we will continue to see the
evolution of AI regulation and legislation
across the globe. From China's recent laws
regarding non-consensual deepfakes to
the UK's explosive proposed bill in 2024,
including the EU's proactive steps towards
settling on an AI act by 2025, it seems that
governing bodies aim to make 2024 a year
to get a handle on AI regulation.
GENERATIVE VIDEO TO
SET THE SCENE IN 2024
While the hype around GenAI might drop in
the coming months, the reality is that this
technology will continue to usher in a new
era of content generation and creativity. The
use of generative videos by content creators,
businesses and the general public will become
more evident - simply because it has never
been easier to create videos.
With generative video tools such as
Runway's Gen-2, Zeroscope, Midjourney
and others, anyone will be able to produce
professional-looking video content for a
fraction of the price in 2024.
Adobe Firefly's new video editing feature
generative fill allows you to pretty much
generate anything from nothing - from
turning a frown into a smile or changing the
item someone is holding, the capabilities of
video generation software will continue to
amaze us in 2024.
AI-POWERED CYBERSECURITY
As AI technology evolves, so do the tools
cybercriminals use to conduct nefarious
activity, leading businesses to level up their
cybersecurity game. In a world where data
is more valuable than oil and compliance is
the gateway to digital growth and customer
trust, 2024 will be the year where AIpowered
cybersecurity will be tested the
most. Unfortunately, cybercriminals are using
AI technology to bypass conventional IT
security systems to infiltrate systems housing
sensitive company and personal data.
But AI also helps in the fight against cyber
threats and this year we predict more
organisations placing more money into
securing their data through the use of
sophisticated cybersecurity technologies.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
13

artificial intelligence
WHY AI DOESN’T HAVE TO BE THE ENEMY
AI AND HUMANITY ARE PARTNERS, NOT ADVERSARIES, ARGUES ONE OBSERVER. RECOGNISING
THIS CAN BRING A FUTURE WHERE AI EMPOWERS, RATHER THAN ENDANGERS, OUR SPECIES
The question of whether AI has slipped
from our grasp, careening towards an
apocalyptic singularity, ignites a primal
fear within us, points out LiveAction founder
John Smith. "While Hollywood depictions
of sentient robots wreaking havoc paint
a chilling picture, the reality, for now, is far
less dramatic," he suggests. "True, we haven't
achieved the mythical 'general intelligence' in
AI. Today's systems, despite their impressive
feats, remain confined to narrow tasks and
often stumble with issues like accuracy,
bias and even hallucinatory outputs. It's like
handing a toddler a paintbrush: the results,
while undeniably creative, can be messy and
unpredictable."
However, dismissing AI as harmless would
be a dangerous oversight, warns Smith.
Despite its limitations, it's already deeply
woven into our lives, powering algorithms
that influence news feeds, filter financial
transactions and even diagnose diseases. This
raises a crucial question: who holds the reins?
"Thankfully, the answer isn't some renegade
Skynet. Companies and governments, for
all their flaws, are still the ones pulling the
strings. AI regulations, though nascent,
are evolving, striving to ensure ethical
deployment and safeguard against misuse.
This isn't foolproof, but it's a vital line of
defence."
Perhaps a more pressing concern lies not
in AI itself, but in the hands wielding it.
"Malicious actors, armed with AI tools, pose
a genuine threat. But let's not forget the
destructive track record of our own species.
Wars, social divisions, environmental devastation
- humanity, armed with primitive tools,
has already inflicted immense harm on itself
and the planet. This begs a critical question:
are we projecting our own flaws onto AI,
fearing the monster we ourselves created?
The truth is, AI isn't some external bogeyman.
It's a reflection of ourselves, a tool shaped by
our values and intentions."
Instead of succumbing to dystopian
fantasies, he advises, perhaps we should turn
the lens inward. "If we truly fear AI becoming
'out of control', then perhaps the question we
should be asking isn't 'can we control it?' but
'can we control ourselves?' Ultimately, AI can
be a powerful force for good or ill. The choice
lies not in some hypothetical singularity, but
in the present decisions we make, the values
we instil in both our technology and ourselves.
It's time to move beyond the 'AI vs. humanity'
narrative and recognise that, in this technological
dance, we’re partners, not adversaries.
Only then can we truly orchestrate a future
where AI empowers, rather than endangers,
our species."
FEAR OF EXPOSURE
As technology advances at an accelerated
rate, many organisations - particularly those
handling sensitive data or under public or
regulatory scrutiny - may feel a heightened
sense of exposure with the advancement
of AI, concurs Keiron Holyome, VP UKI
& Emerging Markets, BlackBerry.
"These concerns are valid. Our latest research
identified a 50% uptick in targeted cyberattacks
against national infrastructure. We
also saw a 70% increase in new malware
identified. These indicators suggest that
adversarial entities are taking advantage of
technological innovation - including AI -
against critical industries and organisations.
"Although it's difficult to tell if a hack has
come from a human or AI source, we'd be
naïve to deny that malicious actors are
employing AI in increasing efforts to broaden
their scope, increase effectiveness and amplify
the frequency of attacks to circumvent defensive
measures. For instance, threat actors can
abuse ChatGPT and other Large-Language
Models (LLMs) to generate potentially
malicious code or to create more authentic
and persuasive phishing content."
AI HAS ITS SAY
So, what might AI itself have to say about all
this? Well, here follow some thoughts along
that very line, partially rendered by AI and
partly by human input, namely Gareth Owen,
director, Redkey USB:
"The rapid advancement of artificial
intelligence (AI) has brought us to a critical
juncture in its evolution. AI's profound impact
on industries and our daily lives raises a vital
question: Is AI already beyond control? As we
integrate AI more deeply into our systems, the
echoes of cautionary tales like those depicted
in the film 'I, Robot' become increasingly
relevant. This classic film foresaw the need
for stringent rules to govern AI behaviour,
famously encapsulated in its 'Three Laws of
Robotics.'
"Today, as AI evolves and becomes more
autonomous, it's clear that the concerns and
considerations portrayed in 'I, Robot' years
ago are more than just science fiction; they
are rapidly becoming our reality. The film's
foresight underscores the urgency for the
industry to implement similar foundational
rules and ethical guidelines in AI development
to safeguard our future.
14
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

artificial intelligence
"In an intriguing plot twist, much like many
other contemporary writings, this article was
created with assistance from AI. And, in
alignment with its insights, one must ponder
the potential enhancements AI brings to
human capabilities. Are we on the cusp of
a new era of coexistence or are we approaching
a risky precedent?
"The 'black box' nature of AI makes its
decision-making process often inscrutable,
even to its creators. As AI systems grow in
complexity, the chances of unintended biases
and errors increase. This uncertainty raises
crucial questions about responsibility and
control in AI-driven decisions. Harnessing
AI's power responsibly is imperative. We must
not let AI run without oversight. The future
of AI should be a collaborative journey,
with humanity at the helm, guiding it with
wisdom and foresight. Only time will tell if
we are now already, in a sense, AI-enhanced.
"As we reflect on AI's role in our lives and its
creation of this article, we are reminded of
the need for thoughtful, proactive measures
in AI governance. Implementing robust,
ethical frameworks akin to the 'Three Laws'
envisioned in 'I, Robot' is no longer a futuristic
concept, but a present-day necessity."
That’s some collaboration, certainly. But
does it leave you more reassured about the
technology - or simply more queasy.
HIGHLY TRAINED ASSAILANTS
As of January 2024, the UK National Cyber
Security Centre (NCSC) has warned that AI
tools will increase the volume and impact of
cyberattacks, including ransomware, in the
next two years. It will allow unskilled threat
actors to conduct more sophisticated attacks.
Jovana Macakanja, intelligence analyst with
Cyjax, points out that threat actors are already
using AI tools based on ChatGPT, which itself
has had a profound influence on modern
society and is entering common parlance. "In
mid-July 2023, the generative AI cybercrime
tool WormGPT was advertised on underground
forums as a tool for launching
phishing and business email compromise
(BEC) attacks," she says. "Allegedly trained
on several undisclosed data sources
concentrating on malware-related data, it
can produce phishing emails which are
persuasive and sophisticated."
People have always been sceptical of AI
technology and its effect on humanity, she
continues. "These fears often play out in
popular fiction as evil robots taking over the
world. While that eventuality is far-off at
present, AI's continued maturation is resulting
in people losing jobs, which could gravely
impact the economy, and is making it difficult
to discern between AI-generated and humancreated
content. Students use ChatGPT to
write assignments, medical tools identify
various disorders or cancers, with diagnostic
capabilities rivalling those of specialists, and
a popular publishing house has used AI to
replace a range of editorial roles. AI also
poses significant ethical implications, as it
lacks real, logical human-thinking, and is
susceptible to inaccuracies and biases from
the data sources it has been fed."
While the technology is still developing
and may not yet be out of control itself,
Macakanja accepts, the use of it by humans
for nefarious ends is already uncontrollable.
"Its future technological applications could
easily spiral and get out of hand, as machine
learning advances. Due to the rapid growth
in AI capabilities, legislation surrounding the
technology will quickly become outdated and
need to be freshly examined."
UNPREDICTABLE AI
The baseline danger around AI springs from
the fact that we cannot predict what it will
do, says Aleksi Helakari, head of technical
office, EMEA - Spirent. "Traditional tools and
software were clearly defined and we could
accurately predict outcomes. AI, however,
learns and changes autonomously, and a
great deal of speculation around the future of
Keiron Holyome, BlackBerry Cybersecurity:
naïve to deny that malicious actors are
employing AI in increasing efforts to broaden
their scope.
John Smith, LiveAction: perhaps a more
pressing concern lies not in AI itself, but in
the hands wielding it.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
15

artificial intelligence
Gareth Owen, Redkey: the concerns and
considerations portrayed in 'I, Robot'
years ago are more than just science
fiction; they are becoming our reality.
Jovana Macakanja, Cyjax: legislation
surrounding AI technology will quickly
become outdated and need to be freshly
examined.
it is attempting to look into a black box
and imagining what could emerge out of it.
Getting to that future will be an iterative
process and crucial to ensuring the best
possible version of it is the careful development
of these technologies.
Continuous testing and validation will be
crucial to evaluate how these nascent
technologies learn and change and most
importantly, that they stay within the
boundaries that we set for it."
He accepts that this will be a very difficult
and complicated task to achieve, and
contains multiple layers of complexity. "That
process of testing and validating AIs will start
with the data that those AIs train on. These
huge datasets will need to be finely evaluated
and validated for accuracy. In turn, that will
require some measure of automation, due
to the sheer size of these datasets."
From that point, the AI can start to be
tested with some kind of deterministic
prompts to know what kind of responses
to expect, Helakari states. "On top of that,
testers will need to throw some unexpected
curve balls - which sit outside the scope of
the training data - to see how the AI
responds. That's just the beginning. The
peculiarities of AI mean that it can have a
different response to the same input every
time it's presented. Continual testing will
help anticipate those continual changes and
ensure the AI is staying within the bounds
that have been set for it."
The test parameters will also need to
constantly change to validate how the AI
learns and evolves, he adds. "If you test your
AI on one day with one dataset, you will need
to test it with a similar data set on other days
to track the changes that have been made.
"This is critical for establishing whether
biases have developed within the AI and
especially important when the AI has been
deployed, and it's integrating data from
sources outside of its original training data."
This isn't to say that AI won't pose threats
and safeguards will need to be in place to
protect against this kind of outcome, he
emphasises. "That means keeping thinking
about how we can stop AI code from leaking
or getting into the grips of malicious parties
and developing triggers, kill switches and
failsafes, which can alert us to these situations
and shut down malicious use, if need be."
CYBERCRIME ALREADY FLOURISHING
For Dr Ilia Kolochenko, CEO and chief architect at ImmuniWeb
and adjunct professor of cybersecurity and cyber law at
Capital Technology University (pictured right), the impact of
generative AI on cybercrime growth seems overestimated.
"First, most cybercrime groups have been successfully using
various forms of AI for years, including pre-LLMs forms of
generative AI, and the introduction of LLMs will unlikely
revolutionise their operations.
"Secondly, while LLMs can help with a variety of simple tasks, such as writing
attractive phishing emails or even generating primitive malware, it cannot do all
the foundational tasks, such as deploying abuse-resistant infrastructure to host
C&C servers or laundering the money received from the victims.
"Thirdly, the ransomware 'business' already works very well; it is a mature, highly
efficient and effective industry with its own players, economy, laws and hierarchy. "
16
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

Computing
Security
Secure systems, secure data, secure people, secure business
Product Review Service
VENDORS – HAS YOUR SOLUTION BEEN
REVIEWED BY COMPUTING SECURITY YET?
The Computing Security review service has been praised by vendors and
readers alike. Each solution is tested by an independent expert whose findings
are published in the magazine along with a photo or screenshot.
Hardware, software and services can all be reviewed.
Many vendors organise a review to coincide with a new launch. However,
please don’t feel that the service is reserved exclusively for new solutions.
A review can also be a good way of introducing an established solution to
a new audience. Are the readers of Computing Security as familiar with
your solution(s) as you would like them to be?
Contact Edward O’Connor on 01689 616000 or email
edward.oconnor@btc.co.uk to make it happen.

2024 predictions
UNCERTAINTY THE ONLY CERTAINTY
PART 2 OF COMPUTING SECURITY'S DELVE INTO HOW THE 'DARKER FORCES'
OF CYBER SECURITY MIGHT IMPACT THE INDUSTRY IN THE MONTHS AHEAD
With 2024 awell underway, how it is
likely to pan out for the security
industry is a matter of certainty,
conjecture, opinion and guesswork. What is
certain is that it won't be any easier a ride than
previous years when it comes to warding off
the hackers and attackers, the ransomware
demands, the less appealing aspects of AI or
the many other threats that have to be faced
up to and resisted. With those caveats in mind,
here are the thoughts on what lies ahead,
delivered by several of those in the know.
JEFF WILLIAMS, CTO AND CO-FOUNDER,
CONTRAST SECURITY:
"Now that many people are working from
home, due to coronavirus, businesses up and
down the land are facing unprecedented
cybersecurity challenges. Unfortunately, one of
those challenges is that hackers are already
attempting to capitalise on the crisis by
attacking with viruses of their own. In fact,
thousands of COVID-19-related websites are
being launched by
cybercriminals.
"As organisations and workers navigate this
new work-from-home world and the threats
that come with it, the World Economic Forum
has provided a checklist of ways that individual
users and businesses can protect from cyberattacks
during COVID-19 that are helpful:
"Better understand threats to the organisation.
Since more employees are working
from home, security teams need to identify
likely attack vectors and prioritise the protection
of their most sensitive information
and business-critical applications
"Provide clear guidance and encourage
communication. Companies need to
ensure that security policies for workers
are clear and easy to follow. This includes
instructing employees to communicate
with internal security teams about any
suspicious activities
"Ensure the right security capabilities.
Organisations need to ensure that all
corporate-owned or managed devices are
equipped with the best security capabilities,
extending the same network security best
practices that exist within the enterprise
to all remote environments."
PHILIP BRIDGE, PRESIDENT, ONTRACK:
"Changes in our work habits can cause us
to make mistakes that we might not have
ordinarily made. Remote working has added
a huge number of endpoints to organisations
that may not have been there previously.
Systems that are now being used to connect
to a company's infrastructure may not have
been vetted or provided by the employer.
These new endpoints may be lacking in the
security controls that corporate machines
would have.
"Remote working also gives corporations less
control over their employees - what they are
doing and when. More distractions at home
can lead to increased engagement in risky
behaviour such as clicking on links they
wouldn't usually click on if they were in the
office.
"We have to remember that cybersecurity is
mostly a human issue; the employee
controlling the computer will always be the
weakest point of any system, for example;
ransomware through a phishing email only
has legs, if an employee clicks on the link in
the email. Employees need to be extra vigilant
when remote working to ensure they are
keeping optimal security practices."
COREY NACHREINER, CHIEF SECURITY
OFFICER, WATCHGUARD TECHNOLOGIES
"The most prominent attacks and information
security trends the WatchGuard Threat Lab
believes will emerge in 2024 include: malicious
prompt engineering tricks targeting large
language models (LLMs); managed service
providers (MSPs) doubling down on unified
security platforms with heavy automation;
'Vishers' scaling their malicious operations with
AI-based voice chatbots; and hacks on modern
VR/MR headsets… to name a few.
"Every new technology trend opens up new
attack vectors for cybercriminals. In 2024,
we believe that emerging threats targeting
companies and individuals will be even more
intense, complicated and difficult to manage.
With an ongoing cybersecurity skills shortage,
the need for MSPs [managed service
providers], unified security, and automated
platforms to bolster cybersecurity and protect
organisations from the ever-evolving threat
landscape has never been greater.
"While people are experimenting with LLMs
to increase operational efficiency, threat actors
are learning how to maliciously exploit LLMs,"
states Nachreiner. "Using techniques like
prompt injection or prompt extraction, threat
18
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

2024 predictions
?? ?
actors can sometime bypass and LLMs
designer-imposed limits and access data they
shouldn't. During 2024, WatchGuard Threat
Lab predicts that a smart prompt engineer,
whether a criminal attacker or researcher, will
crack the code and manipulate an LLM into
leaking private data.
"With around 3.4 million open cybersecurity
jobs and fierce competition for available talent,
more SMEs will turn to trusted managed
service and security service providers, (MSPs
and MSSPs), to protect them in 2024. To
accommodate growing demand and scarce
staffing resources, MSPs and MSSPs will
double down on unified security platforms
with heavy automation, using artificial
intelligence and machine learning.
"Cybercriminals can buy dark web tools to
send spam email, automatically craft convincing
texts and scrape the Internet for a target's
information, but a lot of these tasks are still
manual and require attackers to target one
user at a time. Well-formatted tasks like these
are perfect for AI automation - making it likely
that AI-powered tools will emerge as 2024's
dark web best sellers.
"Finally, while QR codes have been around for
decades, we expect a major headline-stealing
hack in 2024, caused by an employee following
a QR code to a malicious destination."
DAVID MAHDI, CHIEF IDENTITY OFFICER,
TRANSMIT SECURITY
"Generative AI is enabling fraudsters to create
more deceptive phishing campaigns,
deepfakes and cyberthreats that evade
standard detection methods. While ChatGPT
can be used for malicious intent, it has some
security guardrails. So bad actors quickly
recognised they could build their own services
to create and proliferate fraud campaigns.
"Enter: FraudGPT, a service (among others) on
the dark web giving cybercriminals the power
of generative AI, with no security limitations.
Want malicious code? Just ask. Need language
translation and images for a phishing
campaign? Done to perfection. Phishing
attacks have increased over 1,200% in 2023 -
a meteoric rise since the release of GenAI.
"So, what can security leaders expect? At
minimum, the volume and sophistication of
attacks will continue to rise as GenAI gets
smarter and bad actors learn how to wield
its power. And it's not just phishing attacks.
Fraudsters are now able to create polished,
eye-catching ads for fake goods or services,
collecting payments for goods that are never
sent or leading victims to download remote
access trojans (RATs) or banking trojans. Once
installed, they log keystrokes or overlay fake
login forms to steal credentials, even one-time
passcodes.
"Perhaps more unsettling, scammers are
starting to use conversational bots on social
media to mimic local dialects, professional
language or gamer lingo, for example.
They can even respond to DMs to build
relationships and create positive, but fake,
reviews. We expect this type of manipulation
to grow and facilitate new types of fraudulent
schemes."
What can security leaders do? asks Mahdi.
"To protect against the expected increase in
volume and velocity of attacks, security leaders
need to prepare their teams, process and
technology. From a technology perspective,
it's crucial to implement identity and security
solutions that use equally powerful AI and ML.
Advanced cybersecurity and anti-fraud must
be fused with customer identity and access
management (CIAM). For accurate detection
of evasive threats, it's essential to leverage
hundreds of detection methods and analyse
anomalies within the full context of all that's
happening in real time. Orchestration is a
key component necessary for consolidating
capabilities and correlating data - for contextaware
risk and trust decisioning. From a
process perspective, fraud teams should
conduct table-top exercises and threat simulations
to ensure they're ready."
Jeff Williams, Contrast Security:
thousands of COVID-19-related websites
are being launched by cybercriminals.
Phil Bridge, Ontrack: cybersecurity is mostly
a human issue.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
19

2024 predictions
?? ?
Corey Nachreiner, WatchGuard
Technologies: expecting a major
headline-stealing hack in 2024.
David Mahdi, Transmit Security: phishing
attacks have increased over 1,200% in 2023
- a meteoric rise since the release of GenAI.
IRVIN SHILLINGFORD, REGIONAL
MANAGER, NORTHERN EUROPE,
HORNETSECURITY
"In 2024, businesses are faced with an everexpanding
landscape of options, configurations
and integrations to leverage the full
potential of cloud computing. However, this
rising complexity also amplifies the potential
scope for cybersecurity attacks. Intricate
systems may harbour vulnerabilities that, if
exploited, could compromise sensitive data
and pose significant threats to organisational
security.
"There's no doubt that the proliferation of
generative AI has ushered in a new era of
cyber-attacks, with sophisticated and adaptive
algorithms being employed to execute
unpredictable malicious activities.
"The growing prominence of AI, coupled
with the increasing complexity of cloud
systems, has heightened the potential for
cyber-attacks, as AI-driven threats ultimately
look to exploit intricate vulnerabilities within
cloud infrastructures.
"With the launch of ChatGPT, the most widely
known large language model (LLM), we've
seen some evidence of threat actors using
generative AI tools to prepare attacks and help
write malware. Whilst the media have largely
covered this malicious side of AI, the power
of LLMs will also be used increasingly to help
defenders. Two clear examples are log analysis
and report writing, but it'll be exciting to see
how it will help security analysts deal with
workload and better protect their businesses.
"There were countless examples of cloudrelated
cyber-attacks throughout 2023, from
Amazon S3 buckets being left unsecured, or
even the breach of 38TBs worth of data stolen
from Microsoft, due to a misconfigured Azure
storage account. These are just examples
involving cloud storage and don't include the
massive adoption of cloud APIs or increasingly
complex network configurations.
"The rise of AI has also played a role in enabling
cyber attackers to devise sophisticated
strategies to bypass Multi-Factor Authentication
(MFA) measures in businesses and
compromise security defences. This includes
fatigue attacks, which overwhelm users with
numerous prompts and cause them to
ultimately click 'accept' to prevent more
notifications.
"As businesses continue to adopt cloud
technologies at a rapid scale, and with the
increase in cloud-related innovation in the
industry, security sometimes seems like an
afterthought. Becoming cyber-resilient takes
time, effort and persistence. Organisations
must implement robust security measures,
understand the technology they use, and
ensure that employees are trained to recognise
potential attacks and know the escalation
process. By adopting a comprehensive
approach that combines technology, education
and proactive measures, businesses can
significantly enhance their cybersecurity
strategy."
IAN ROBINSON, CHIEF ARCHITECT,
TITANIA
"Following a record-breaking number of cyberattacks
in 2023, organisations are expecting
more of the same in 2024. And with 220,975
published CVEs (taken from https://www.cve.
org/ 5 Jan 24), it's not surprising that organisations
are looking for more effective ways to
analyse, understand and improve their risk
posture at any given time - to stay off the
'breached list'.
"No small feat when tasked with tens of
thousands of vulnerabilities, due to out-ofdate
software and misconfigurations across
the attack surface. Risk-based vulnerability
management (RBVM) therefore has to be the
priority, to understand, device-by-device, how
best to deploy resources to remediate the
most critical risks first. RBVM, coupled with a
focus on regularly assessing critical segments.
Not just at the perimeter (firewalls), but from
the interior, too, because router and switch
20
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

2024 predictions
?? ?
security is the key to maintaining effective zero
trust network segmentation that stops ransomware
in its tracks. And keeping critical applications
and data segmented, isolated and
protected from automated attacks.
"As any changes to device configurations -
planned or unplanned - can expose networks
and enable lateral movement through
privilege escalation, organisations have woken
up to the fact that it's no longer enough to
assess devices once a quarter. Particularly as
changes are potential indicators of compromise
(IOCs) and should be assessed immediately.
But achieving continuous network assurance
in a practical way has previously been a
challenge. 2024 should see organisations
investing in solutions that change all this.
"Proactively assessing network changes, as
they occur, to determine when changes result
in deviation away from a secure state - and
then overlaying this risk data with ATT&CK
vectors and adversary tactics, techniques and
procedures (TTP)s - takes RBVM to the next
level. Especially when we consider that less
than 4% of known exploited vulnerabilities,
according to CISA, have ever been used by
attackers in the wild."
And Robinson concludes: "Looking at
vulnerabilities through an attacker's lens
enables organisations to determine where they
need to deploy resources to harden their
networks to the best effect. Through this risk
lens, organisations can view both their current
posture to techniques being used in the wild
and inform threat hunting with historic
network posture analysis. Closing the loop,
channelling remediation efforts on known
exploited vulnerabilities that are most likely to
be exploited right now, will help prevent any
nasty surprises in 2024."
TIM FREESTONE, CHIEF STRATEGY AND
MARKETING OFFICER, KITEWORKS
Despite bans and restrictions, the number
of businesses using generative artificial
intelligence (GenAI) large language models
(LLMs) are increasing as the competitive
advantages become too significant to
ignore, insists Tim Freestone, chief strategy
and marketing officer, Kiteworks.
"Even with advances in security controls,
data breaches stemming from GenAI LLM
misuse will rise in 2024. This will force data
security to be a central part of GenAI LLM
strategies," he states.
"Managed file transfer (MFT) tools are
useful for the digital transfer of data.
However, many are based on decades-old
technology that have inherent security
deficiencies. Two major MFT tools experienced
zero-day exploits in 2023. It is likely
that rogue nation-states and cybercriminals
will continue to exploit such vulnerabilities
in legacy MFT solutions in 2024, too."
Email remains the number one attack
vector, he adds. "However, like legacy MFT
solutions, legacy email systems lack modern
security capabilities. Until organisations
embrace an email protection gateway
where email is sent, received and stored
using zero-trust policy management with
single-tenant hosting, email security will
remain a serious risk factor."
Data privacy is a global concern. "Gartner
predicts that personal data for threequarters
of the world's population will be
covered by data privacy regulations by the
end of 2024 and the average annual
budget for privacy in a company exceed
$2.5 million."
In 2024, businesses will be under
heightened strain to protect confidential
data, Freestone adds. "It is time for
organisations to hit the reset button.
"Only by adopting zero-trust architectures,
detailed security models based on content,
strong access management, integrated
DRM, DLP and the like, can organisations
mitigate the risks and uphold compliance."
Irvin Shillingford, Hornetsecurity: the
proliferation of generative AI has ushered
in a new era of cyber-attacks.
Tim Freestone, Kiteworks: data breaches
stemming from GenAI LLM misuse will
rise in 2024.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
21

iometric cybersecurity
STOPPING THE REMOTE
ACCESS SCAM PANDEMIC
SCAMMERS ARE STRIPPING
UNTOLD SUMS OF MONEY FROM
VICTIMS' BANK ACCOUNTS.
TAMAS ZELCZER, CEO AND
CO-FOUNDER OF CURSOR
INSIGHT, PICTURED BELOW,
DISCUSSES HOW BIOMETRIC
CYBERSECURITY CAN
PREVENT SUCH FRAUD
Hello? I'm calling from your
bank's tech support. Your
account has been
hacked. I need your urgent help
to stop criminals stealing your
money.' This is one of the typical
dreaded opening lines actual
cybercriminals use on unsuspecting
victims before tricking them into handing
over control of their online banking session
and inflicting damages equal to. or even
surpassing. all the assets on the account.
The professional fraudsters dismantle the
victims' instinctive defences by exploiting the
strong fear of financial loss and a sense of
urgency. They also quickly build some level
of trust over the phone, usually by quoting
personal details like the victim's name,
address and contact details that were
perhaps gathered from hacked databases or
even public sources. What happens next is
that the hacker asks the victim to download
and install a remote desktop tool, such as
Anydesk, log into their own account and
then hand over the control to the criminal
impersonating a helpful tech support
agent.
This scam might sound
like something few
people would fall for,
but, in fact, this is
one of the fastestgrowing
and most
effective types of
financial cyber
fraud. It's being
referred to as a
'remote access
scam', 'tech
support
scam' or
'Anydesk scam' after
the name of the most widely used remote
desktop application and, according to
ScamWatch research, is just as widespread as
Phishing Scams, where fraudsters coerce or
dupe victims into sharing online banking
login credentials and 2FA codes.
Approved push payment (APP) fraud -
where victims are tricked into executing,
thus 'approving', a fraudulent transaction
themselves - and classic online credit card
scams are still the most common types of
digital fraud by the number of cases.
However, remote access scams may represent
up to a staggering 80% of the financial
damages sustained by victims in some
markets or financial institutions. In many
cases, the ruthless remote access hackers,
exploiting a lengthy remote access session,
liquidate the victim's investments, even
apply for a personal loan in the name of
the victim, then pool all the money together
and transfer everything to the fraudster's
account, where the money typically instantly
disappears in an untraceable crypto wallet.
LOSSES SOAR 130%
The spreading of remote access scams seems
to be unstoppable for now. Statista reported
total losses of $806 million in 2022 in the
USA, a soaring 130% increase, compared to
22
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

iometric cybersecurity
the previous year, making it the
fastest-growing fraud category.
How can banks effectively protect their
clients from these kinds of financial losses
and minimise losses for themselves, as
obligatory fraud reimbursement regulations
are being introduced in the UK and around
the world? Traditional user authentication
and fraud detection tools, deployed by
many banks, typically use various device
fingerprinting techniques that are quite
effective against scams where the fraudster is
in an unusual location or accesses the online
banking application from a browser or device
that is not recognised as the standard for a
specific user. The problem is that when the
user hands over the cursor and keyboard
control to someone else who is remotely
transacting in the victim's account on the
victim's own device, through the usual
browser, and from the usual IP address,
device fingerprinting becomes completely
useless in spotting the fraud.
During a remote desktop session, the cursor
movements and typing of the remote agent
are instantly mirrored on the user's screen,
and these cannot be differentiated by a
human observer from the interactions of
the user working locally on their own
computer. A few years ago, there used to be
a slight time lag and some skipping cursor
movements, but the latest versions of the
common remote desktop tools are free from
these
issues.
Luckily, there are
still some very subtle
data patterns that can be
detected by the most sophisticated AI
systems, such as Cursor Insight's patentpending
Remote Access Detection solution,
which is part of the Graboxy Cybersecurity
Platform.
SUSPICIOUS ACTIVITY FLAGGED
Cursor Insight has been for years at the
forefront of innovation in the field of
biometric cybersecurity, with the Graboxy
Continuous Authentication tool winning
prestigious awards, including the 'Cyber
Product of the Year' at the National Cyber
Awards and the 'Remote Monitoring Security
Solution of the Year' at the Computing
Security Awards in 2023. A fundamental
feature of Graboxy is the continuous
monitoring of user interactions and the
use of AI to analyse data transmitted through
the user's web browser.
The data is only monitored and analysed on
the server side, so nothing has to be installed
by the client. The technology is capable of
building accurate biometric profiles by
finding behavioural patterns that can be
associated with individual users.
Graboxy can passively authenticate users
in the background by comparing real-time
interactions, including mouse movements,
to the biometric profile belonging to the
user. Suspicious sessions with a high
likelihood of an ongoing account takeover
or other types of unauthorised access can be
quickly flagged for further security checks or
additional re-authentication. This solution
can be effectively used to detect a fraudster
controlling the user account through a
remote desktop session.
The Graboxy Remote Access Detection
Solution adds an additional security layer on
top of passive continuous authentication. It is
able to, within a few seconds and in real time
identify any remote access session, which is
almost always a sign of a scam attempt in
online banking and payment applications.
The unique advantage of this solution is that
it uses predefined machine learning models
trained specifically to differentiate between
local and remote users. It means that no
individual profiles need to be built over time,
and no rule or algorithm calibration is
required, unlike most AI-based solutions. It
works straight out of the box and can easily
be combined with already deployed fraud
detection solutions through its API.
WINNING THE BATTLE
Fighting against cybercrime and online
financial fraud is a dynamic race where both
the attackers and the defenders tirelessly
innovate and try to outsmart the other side.
The stakes are high, especially with remote
access scams, where, unlike with the most
common types of scams, the hackers could
potentially steal complete life savings in a
matter of minutes. Educating banking clients
not to hand over the control of their devices
to strangers who are offering unwanted help
during a phone call is, of course, essential;
awareness can and should be raised to help
people protect themselves.
But, just like many customers still often
voluntarily share their login credentials,
PINs and SMS one-time passwords with
scammers, the human factor remains
the weakest link that fraudsters exploit in
the case of remote access scams as well.
Investing in technologies that offer protection
from the latest forms of cyber fraud
remains a necessary tool to win the fight.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
23

show preview
COUNTDOWN TO INFOSECURITY EUROPE 2024
SHOWTIME IS APPROACHING, WITH THREE DAYS OF LEARNING, DISCOVERY AND INSIGHTS LINED UP
Infosecurity Europe 2024 takes place
from 4-6 June at the ExCeL London.
retro competitive gaming and the chance to
relive classic nostalgic gaming moments.
Away from the show floor, the South
Gallery Rooms will feature more than 25
Security Workshops where vendors will
showcase and demonstrate their product
offerings, providing access to industry
experts.
Exhibitors, industry bodies and cybersecurity
peers will once again unite at
Infosecurity Europe - taking place from
the 4th-6th of June at the ExCeL London - to
share their technological arsenal and extensive
industry knowledge, all under one roof.
Infosecurity Europe is widely regarded as
the premier platform to explore cutting-edge
cybersecurity technologies, forge invaluable
connections, hone skills, and benefit from
exclusive insights and know-how from
experts immersed in the industry's latest
developments.
This year's Conference programme will
feature nine theatres, giving visitors access to
three days of learning, discovery and insights.
The range of theatres will offer information to
suit all levels of experience, from strategy talks
to tactical sessions, round tables and keynote
sessions, with an impressive line-up of
speakers soon to be announced.
The event is geared up to deliver the learning
opportunities and also to further professional
development in a practical setting. It also
provides a valuable means for registered
members to earn CPE credits. Working in
partnership with leading industry associations
(ISC)2 and ISACA, attending the varying
theatre sessions, enables attendees to earn
credits automatically.
New for 2024 is the 'Tomorrow's Topics'
theatre, which will address future industry
developments and how to be prepared to
seize these openings. Discussions will cover
everything from channel, diversity and access
to the industry, through to professional
development.
Infosecurity Europe is also committed to
supporting cutting-edge companies embarking
on growth, with the 'Start-up Showcase'
providing a launchpad to hear from them.
Exclusively for companies that are three years
in maturity, the dedicated stage gives voice to
industry newcomers. Attendees will be able
to hear about the latest innovations and
understand where collaboration can help
to build solid foundations for the future
success of companies.
For those looking for a fun way to unwind,
a stroll down to 'Arcade Alley' will offer some
The 90-minute tactical training sessions
allow visitors to the show to benefit from indepth,
practical sessions, offering advice on
strengthening information security posture.
Security workshop expert speakers will
provide learning-orientated sessions to help
to take skills to a higher level.
For the CISOs and heads of information
security in attendance, the 'Leaders'
Programme' offers an access-all-areas pass,
granting entry to the Leaders' Lounge in the
South Gallery Rooms, as well as exclusive
participation in Leaders' Roundtable discussions,
shaping security strategies and
exploring cutting-edge industry tech-nology
and solutions.
Meanwhile, this year's 'Women in Cybersecurity'
event will provide the opportunity
to hear from senior female leaders, as they
share their insights and expertise. The event
is registration only and is now open here.
The 2024 conference programme aims to
share best practices, case studies and reallife
insight. There will also be presentations
from end users, policymakers, government,
law enforcement and industry leaders
including interviews, panel discussions and
debates.
You can register now for Infosecurity
Europe and secure your spot at the forefront
of cyber resilience.
24
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

data management
NEW DATA STATS ARE A WAKE-UP CALL
REPORT REVEALS SURGE FROM JUST OVER 2 MILLION EMAILS SENT PER
MINUTE IN 2013 TO A STAGGERING 241 MILLION A MINUTE A DECADE LATER
Over the past decade, Domo has
tracked the world's data usage,
revealing remarkable increases in
activity across various online platforms,
from Instagram and X to Amazon,
Venmo and many others. The annual
'Data Never Sleeps' infographic offers
a big-picture glimpse into the immense
volume of data generated on the internet
every minute, showcasing how data
is constantly evolving and changing
as more people interact with digital
platforms and services. "This year's
findings reflect the ever-changing and
fast-paced digital landscape, which
has only been heightened by the
rapid popularity of AI models such
as ChatGPT," said Josh James, founder
and CEO, Domo.
"Data drives everything we do, from a
quick search online or sending an email,
to checking the latest headlines on our
way to work. Data Never Sleeps, now in
its eleventh year, depicts just how much
we rely on data and its impact on our
daily lives in one of the 525,600 minutes
in a year."
Some key highlights from this year's
'Data Never Sleeps 11.0' report include:
The AI Boom: Artificial Intelligence (AI)
is making big waves in the digital world.
AI-driven platforms such as ChatGPT
are reshaping the ways we work,
communicate and create, with users
submitting 6,944 prompts every minute.
However, users haven't forsaken their
search engine habits, as searches on
Google total more than 6.3 million
every minute (this is a substantial
increase from 5.9 million a year ago).
Entertainment Dominance: After a dip in
engagement last year, X (formerly Twitter)
now sees 360,000 posts from users every
minute, up from 347,000 in Data Never
Sleeps 10.0. Spotify users stream 24,000
hours of music, including 69,444 Taylor
Swift songs. Instagram users are sending
over 694,000 reels via direct message every
sixty seconds. And the world of streaming
continues to dominate, as collective
viewers watch more than 40 years of
streaming content every single minute.
As online platforms gain more activity and
engagement, the entertainment industry
promises to never be the same.
Transactions on a Tear: Digital spending
continues its vast expansion. E-commerce
giant Amazon sees more than £362k
in sales every minute and on digital
transaction app Venmo, users send
£369k worth of payments every minute,
up 6% year over year. In the food sector,
DoorDash diners place orders totaling
£97.7k, up 60% from last year, reflecting
the increased reliance (and potentially,
inflation) on food and food delivery
services in this digital age.
Cybersecurity Challenges: However,
as digital activities intensify, so do
cybersecurity threats. Cybercriminals
launch 30 DDoS attacks every minute,
highlighting the need for robust online
security measures to protect individuals
and businesses. Adds Domo's James: "Data
weaves the fabric of our digital lives, and
our annual Data Never Sleeps report
highlights some of the most meaningful
data for businesses and consumers alike."
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
25

energy industry
GONE NUCLEAR
SECURITY ISSUES AT UK CIVIL NUCLEAR FACILITIES HAVE BEEN ON THE UP, WHILE INSPECTION
LEVELS FALL AWAY. HOW VULNERABLE IS THAT LEAVING THE UK TO ACCIDENTS OR WORSE?
The number of formal reports that
document security issues at the
UK's civil nuclear facilities has hit its
highest level in at least 12 years amidst
a decline in inspections, according to
The Guardian newspaper.
Experts say that the worrying news
raises concerns about the regulator's
capacity to cope with planned expansion
in the sector.
How serious might the problem be?
Very, it would appear, considering a total
of 456 incident notification forms
documenting security issues at UK
nuclear facilities were
submitted to the
Office for Nuclear
Regulation (ONR)
during 2021
alone. That is
according to information obtained by The
Guardian and investigative journalism
organisation Point Source. This is 30%
higher than the 320 reports filed during
the whole of 2020 and more than double
the 213 reports that were filed in 2018.
Incidents include physical security issues,
such as unauthorised people gaining
unsupervised access to secure areas,
as well as cybersecurity issues such as
attacks by malicious software.
Dr
Paul Dorfman, the chair of the Nuclear
Consulting Group and a former secretary
of the government's committee examining
radiation risks of internal emitters (Cerrie),
says operators and the regulator needed
to take action to address the rise in
reported incidents. "The higher number
of security issues that we are seeing
documented at nuclear facilities is
extremely concerning. These figures seem
to show a relaxation in security standards
when it comes to the operation and
regulation of sites that have the potential
to cause great human and environmental
harm. When the stakes are so high, it
is important that ONR takes all these
security incidents seriously, looks at why
they happened, tries to address the
relevant issues, and reduces the number
of incidents that are occurring."
He adds: "The broader picture raises
significant concerns about ONR's
technical and human capacity to
regulate and monitor what is
potentially a very risky industry.
This is especially concerning in
the context of the UK's
ageing nuclear fleet as
well as the new-build
plans the govern-ment
is currently pushing."
During 2021, there
was an increase in the
number of "moderate"
security incidents
reported, according to
the data obtained from the
ONR using freedom of information
legislation. Over the year, 42 security
incidents documented were rated as
"moderate", up from the 24 moderate
26
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

energy industry
incidents in 2020 - the highest number
recorded in at least 12 years. Moderate is
the second-most severe category and is
described by the ONR as an incident
where there has been "a significant
departure from expected standards".
The rising number of reported incidents
comes amid a fall in security inspections
carried out by the regulator. There are
concerns that during 2021 the frequency
of nuclear security inspections carried out
by the ONR may have fallen to its lowest
level in at least four years. Data obtained
in a separate freedom of information
request shows that in 2021, up to 17
December, just 136 security inspections
had been carried out by the ONR, down
from the full-year figure of 144 in 2020
and 169 in 2019. Information security
inspections are among the types to have
seen the biggest decline, with only 40
carried out in 2021 up to 17 December,
down from 74 over the whole of 2020.
Dorfman said this was particularly
worrying, given the growing risk of cyberattacks
on nuclear infrastructure. "There
is no question that nuclear is operating
in an increasingly dangerous and unstable
world where the threat of statesponsored
or non-state cyber-attacks is
increasing."
In a statement, the ONR commented:
"We welcome the increase in reported
events, as our analysis indicates that
this reflects improvements in security
awareness and culture across the
industry. The vast majority of reported
events (80-90%) are minor breaches of
security arrangements, which have been
proactively reported to us." The regulator
also said it believed its engagement with
nuclear operators had increased over
recent years, despite the decline in official
inspections. It added: "The data we
provided under freedom of information
law relates only to on-site compliance
inspections and does not include other
assessment work. This separate regulatory
scrutiny, which is not represented in the
data, is essential to ensure site security
arrangements comply with the law and
includes site visits to reinforce regulatory
judgments."
COMPLEXITY OF CRITICAL
INFRASTRUCTURE
According to Allianz, critical infrastructure
systems like those driving power
generation, water treatment, electricity
production and other platforms are
interconnected to form the energy 'grid'.
Although beneficial to the public, this
grid is vulnerable to cyber-attack by
'hacktivists' or terrorists.
Imagine, during a particularly harsh
winter, a group of hacktivists spreading
panic by bringing down the US power
grid, millions of homes and businesses
plunged into darkness, communications
cut, banks going offline, hospitals closing
and air traffic grounded. While such
a scenario sounds apocalyptic, it is a
realistic threat, according to Idan Udi
Edry, chief executive officer at Nation-E,
a provider of cyber security solutions that
safely allow customers to connect their
infrastructure to the internet, thereby
enabling them to connect and control
critical assets remotely and safely.
Critical infrastructure, like power
generation and distribution, is becoming
more complex and reliant on networks
of connected devices. Just decades ago,
power grids and other critical infrastructure
operated in isolation. Now they
are far more interconnected, both in
terms of geography and across sectors.
As the US power grid scenario highlights,
the failure of one critical infrastructure
could result in a devastating chain
reaction, says Edry. Unsurprisingly, the
vulnerability of critical infrastructure to
cyber-attacks and technical failures has
become a big concern. And fears have
been given credence by recent events.
In December 2015, the world witnessed
the first-known power outage caused by
a malicious cyber-attack. Three utilities
companies in Ukraine were hit by
BlackEnergy malware, leaving hundreds
of thousands of homes without electricity
for six hours. Cyber security firm Trend
Micro says the malware targeted the
utility firms' SCADA (supervisory control
and data acquisition) systems and
probably began with a phishing attack.
The blackout was followed two months
later by the news that the Israel National
Electricity Authority had suffered a major
cyber-attack, although damage was
mitigated after the Israel Electricity
Corporation shut down systems to
prevent the spread of a virus.
The energy sector is one of the main
targets of cyber-attacks against critical
infrastructure, but it is far from being
the only one, of course. Transport, public
sector services, telecommunications and
critical manufacturing industries are also
vulnerable. In 2013, Iranian hackers
breached the Bowman Avenue Dam
in New York and gained control of the
floodgates. Oil rigs, ships, satellites,
airliners, airport and port systems are
all thought to be vulnerable, and media
reports suggest that breaches have
occurred.
SOARING CYBER-ATTACKS
Cyber-attacks against critical
infrastructure and key manufacturing
industries have soared, according to US
cyber-security officials at Industrial
Control Systems Cyber Emergency
Response Team (ICS-CERT), the US
government body that helps companies
investigate attacks against ICS and
corporate networks. It reported a 20%
increase in cyber investigations in 2015
and a doubling of attacks against US
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
27

energy industry
critical
manufacturing.
Over the years, a wide range
of sectors have become more reliant
on industrial control systems - such as
SCADA, Programmable Logic Controllers
(PLC) and Distributed Control Systems -
for monitoring processes and controlling
physical devices, such as pumps, valves,
motors, sensors etc.
The most high-profile example of a
cyber-attack against critical infrastructure
is the Stuxnet computer virus. The worm,
which targeted PLCs, disrupted the
Iranian nuclear program by damaging
centrifuges used to separate nuclear
material. The incident caused concern,
because Stuxnet could be adapted to
attack the SCADA systems used by many
critical infrastructure and manufacturing
industries in Europe and the US.
In one of the only public examples of
a SCADA attack, a German steel mill
suffered major damage after a cyberattack
forced the shutdown of a furnace,
the German Federal Office for Information
Security reported in 2014. The
attackers used various social engineering
techniques to gain control of the blast
furnace systems.
CONTROL SYSTEMS TARGETED
Cyber-attacks against critical infrastructure
and manufacturing are much
more likely to target industrial control
systems than steal data, according to the
Organization
of American States
and Trend Micro. Its research
found that 54% of the 500 US critical
infrastructure suppliers surveyed had
reported attempts to control systems,
while 40% had experienced attempts to
shut down systems. Over half said that
they had noticed an increase in attacks,
while three-quarters believed that those
attacks were becoming more
sophisticated.
HACKERS’ EYES ON WEAK SPOTS
According to Nation-E's Edry, hackers
are becoming much more interested
in operational technology: the physical
connected devices that support industrial
processes. "The vulnerability and lack of
knowledge of operational technology is
the most dangerous thing today," he says.
As an example, he cites a cyber-attack
against a New York City office block in
which a hacker accessed the building
management systems - which can control
power, communications, security and
environmental systems - via a connected
vending machine. The building shutdown
resulted in estimated damage of $350m
from lost business.
However, the security of industrial
control systems and connected devices
has fallen behind that of IT systems.
Many of the connected devices used by
industry are based on serial communication
technology - which Edry likens to
the beeps and squeals associated with the
old-style internet dial-up. He believes that
operational technology is a vulnerable
and poorly protected element of cyber
security. While IT infrastructure has given
rise
to an army of
cyber security
consultants, products and
services, industrial control systems by
comparison are not well served.
On top of that, he states, growing
digitalisation and the 'IoT' could create a
perfect cyber security storm. He notes
that, where a company would once have
control over its systems, physical
networks and servers, the trend has been
to run devices, software and data
through virtual networks, such as cloud
computing. "Even the network is now off
the network."
Confidence in data and systems security
is key, if society is to benefit from the
potential efficiencies that the IoT can
bring. "The digital age is here. We can't
prevent it. It is becoming part of us. But
we see news headlines of breach after
breach. We are losing our confidence in
the digital age."
Edry believes that more needs to be
done to deter cyber criminals and to
protect operational technology. The cost
of creating a successful attack is small for
cyber criminals, which is why there are
now so many attacks.
"We have seen that, as the cost of
launching a successful attack has gone
down, the number of attacks has risen,”
he comments. "So, we need to develop
technology to increase the cost of
successful attacks. We can't stop 100%
of attacks, but we can create technology
to increase the cost, so that the hacker
says: 'I don't want to deal with this
organisation, as it will cost me a lot of
time and computer resource'. If we can
prevent the damage, it will incentivise
insurers to offer higher limits and give
customers more incentive to buy."
28
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

ansomware
NEW THREAT ACTORS SEND RANSOMWARE ATTACKS SOARING
SOPHISTICATED ATTACK METHODS SURFACE, WITH HEALTHCARE BECOMING A PROMINENT TARGET
In December last year, global levels of
ransomware attacks fell by 12% from
November, with a total of 391 cases,
compared to 442 in the previous month,
according to NCC Group's December Threat
Pulse. Good news? Not really. The figure
for December took the total number of
ransomware attacks in 2023 to 4,667 -
far beyond NCC Group's initial expectations
that cases would hit 4,000. The annual total
marks an 84% increase from all recorded
ransomware attacks in 2022.
Despite the usual threat groups responsible
for ransomware attacks, December 2023
saw three new groups enter the top ten most
active. Data reveals that newcomer Hunters
ranked in fifth place with 22 cases (6% of
total). The group is believed to be a rebrand of
Hive, dismantled by Europol and the FBI earlier
in 2023. DragonForce ranked in sixth spot,
responsible for 21 cases (5%), and has been
active since Summer 2022. WereWolves also
joined the ranking in tenth spot, with
speculation that they are a LockBit affiliate.
North America and Europe remained the
two most targeted regions in December, with
80% of global attacks between them. North
America experienced 51% (199) of all attacks,
down from 219 in November, with 114
attacks in Europe marking a 29% regional
reduction in cases. Claiming third place,
Asia witnessed 37 attacks, also representing
a decrease of 20%.
Most notably, the data also reveals that
attacks in Russia rose in December to 12
cases, accounting for 11% of all attacks levied
against targets in Europe, compared to the
whole of 2023.
Despite healthcare not placing in the top
three most targeted sectors, it is now regarded
as frequently at risk of ransomware attacks.
Following October and November, where it
was in the top three most targeted sectors,
the total volume of ransomware attacks on
healthcare in 2023 has resulted in it being
considered at similar risk to other sectors.
INCREASED ACTIVITY
OF MALWARE FAMILIES
In December, malware families (a group of
applications with similar attack techniques)
were more active than previous months. Two
malware families, Hydra mobile malware and
the unexpected activity of Qakbot, following
the malware family's infrastructure take-down
at the end of August, were notable.
The infostealer Meduza Stealer also
resurfaced in December, with a new version
to help cybercriminals make their attacks
more sophisticated through methods such
as accounts takeover (ATO), online-banking
theft and financial fraud. The re-emergence
of significant malware families helps attackers
to develop their own methods of gathering
intelligence and understanding vulnerabilities,
to prepare for the delivery of ransomware to
their victims.
Matt Hull, global head of threat intelligence
at NCC Group, comments: ""Closing 2023
with over 4,000 global ransomware attacks is
reflective of the sharp rise of cyber-criminal
activity, compared with 2022. Over the year
we've seen the development of sophisticated
attack methods, allowing both new and old
threat groups to exploit vulnerabilities of
victims across a range of sectors and, in particular,
present threats to healthcare where we've
seen notable successful attacks over the last
12 months, with vast volumes of data being
compromised."
Matt Hull, NCC Group: sharp rise seen
in cyber-criminal activity in 2023.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
29

penetration testing
PUT TO THE TEST
WITH PENETRATION TESTING USED TO IDENTIFY THE LEVEL OF TECHNICAL RISK
EMANATING FROM SOFTWARE AND HARDWARE VULNERABILITIES, MIGHT THIS BE
SOMETHING THAT EVERY ORGANISATION SHOULD BE IMPLEMENTING?
Typically, penetration tests are
widely employed to identify the
level of technical risk emanating
from software and hardware vulnerabilities.
Exactly what techniques are used,
what targets are allowed, how much
knowledge of the system is given to
the testers beforehand and how much
knowledge of the test is given to system
administrators can vary within the same
test regime.
However, according to the National
Cyber Security Council (NCSC), such
testing can deliver a multitude of
patbacks. "A well-scoped penetration test
can give confidence that the products
and security controls tested have been
configured in accordance with good
practice, points out the council, "and
that there are no common or publicly
known vulnerabilities in the tested
components, at the time of the test."
PRIOR KNOWLEDGE
In an ideal world, you should know what
the penetration testers are going to find,
before they find it, adds the NCSC. "Armed
with a good understanding of the vulnerabilities
present in your system, you
can use third-party tests to verify your
own expectations.
"Highly experienced penetration testers
may find subtle issues, which your internal
processes have not picked up, but this
should be the exception, not the rule.
The aim should always be to use the
findings of a penetration test report
to improve your organisation's internal
vulnerability assessment and management
processes."
WHAT SHOULD A TESTING
REGIME LOOK LIKE?
"It's critically important to note that a
planned penetration test doesn't mean
your normal testing regime should cease
to include security tests on the target
system," cautions the NCSC. "Functional
testing of security controls should still
occur. Assessing whether defined security
controls are functioning is not a valuable
use of penetration testing resources."
A functional testing plan should always
include positive tests (such as 'The logon
box comes up every time that you attempt
to log in and you aren't just allowed in').
"Negative testing may be included in your
functional testing plan where the skills
to perform it are available within your
organisation (for example, verifying that
'You can't log in without the correct
password')."
A typical penetration test, according to
the NCSC, will follow this pattern: Initial
engagement, scoping, testing, reporting
and follow-up. There should be a severity
rating for any issues found. For this
model, it is assumed that:
You wish to know what the impact of
an attacker exploiting a vulnerability
would be and how likely it is to occur
You have an internal vulnerability
assessment and management process.
"You should ensure the external team has
the relevant qualifications and skills to
perform testing on your IT estate. If you
have any unusual systems (main-frames,
uncommon networking protocols, bespoke
hardware etc), these should be highlighted
in the bid process, so the external teams
know what skill sets will be required."
30
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

penetration testing
I.T. SYSTEMS RELIANCE
Today, virtually all organisations have come
to rely on their IT systems to carry out dayto-day
business operations and support
customers, points out Martin Walsham,
director of cyber security, AMR CyberSecurity,
so they are also dependent upon the
confidentially, integrity and availability
of their systems to protect their brand
reputation, avoid business disruption, and
protect customer information and trade
secrets.
"Equally, all organisations are at risk of
cyberattack," he points out, "including
hacktivists, disgruntled employees, hostile
foreign intelligence and cyber criminals
seeking financial gain, for example."
So, how does an organisation check
that its security posture is up to scratch?
"Penetration testing is a good start," he
confirms. "A penetration test is a systematic
security test of a hardware or software
component or IT system that tests the
current security posture and identifies
security vulnerabilities. Penetration testing
is becoming widely recognised as an effective
security tool and something many
organisations now regularly carry out."
When a penetration test should be carried
out, the type of testing carried out and the
frequency of testing is influenced by several
factors, such as the organisation's size,
maturity and the industry in which they
operate.
"We are seeing increased uptake in penetration
testing, especially in more regulated
sectors, such as finance and healthcare -
and areas where there is a higher need for
greater security, such as those concerned
with critical national infrastructure," adds
Walsham.
CONTRACTUAL OBLIGATIONS
"Nowadays, many large organisations and
government departments have specific
contractual requirements for security
penetration testing as part of their supply
chain assurance. The UK healthcare industry
requires supplier organisations to
carry out penetration testing to meet the
DTAC standard."
The Digital Technology Assessment
Criteria (DTAC) for health and social care
gives staff, patients and citizens confidence
that the digital health tools they use meet
its clinical safety, data protection, technical
security, interoperability and usability and
accessibility standards. The DTAC brings
together legislation and good practice
in these areas and serves as the national
baseline criteria for digital health technologies
entering and already used in the
NHS and social care.
Another example that Walsham offers is
the payment card industry, which requires
organisations that take payment card
transactions to comply with the PCI DSS,
(Data Security Standard), which has a
specific requirement for security penetration
testing.
BENEFITS OF REGULAR TESTING
There are a wide range of benefits to be
enjoyed by organisations that carry out
regular penetration tests, he says.
"Fundamentally, a penetration test reveals
gaps in organisational security posture,
which can then be improved. By testing
whether a security architecture is operating
as expected, free from known vulnerabilities
and security configuration errors,
an organisation will improve its security
posture, reduce risk and as a result
likely reduce the number and
severity of IT security
incidents.
"By building security
testing into the
development lifecycle,
organisations can
identify and address
security issues early on - leading to fewer
project delays and requirements for
rework, while reducing product
vulnerabilities."
BETTER PAYOFF
Moreover, states Walsham, IT services and
IT system providers are likely to achieve
better responses on bids and RFP
responses, if they can demonstrate that
they have carried out regular penetration
testing of the service or system to be
provided. "When clients, investors and
regulators are aware of an organisation's
regular pen testing schedule, this leads to
an improved reputation. And who doesn't
want that?"
Martin Walsham, AMR CyberSecurity:
penetration testing is a good way
for an organisation to check if its
security posture is up to scratch.
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
31

passwords
SHOULD YOU SAY ‘PASS’ TO PASSWORDS?
WITH GOOGLE MOVING TOWARDS A FUTURE WITHOUT PASSWORDS,
THE PATH HAS BEEN THROWN OPEN FOR OTHERS TO FOLLOW
Alex Laurie, Ping Identity: broken system
that needs to change.
Peter Barker, chief product officer at Ping
Identity, has been quick to identify why
he feels passwords are way past their
'best-before date' and how he hopes Google's
move to a passwordless future will prove to
be an inspirational force for change.
"Passwords have been a persistent security
challenge for the past seven decades, leaving
us susceptible to phishing attacks and the
looming threats of fraud and identity theft.
Consumers increasingly crave greater
convenience, without compromising on
security. The path we must embark on leads
us toward a passwordless future, though
this transition will undoubtedly require time
to be embraced on a grand scale.
"Notably, we have already witnessed the
widespread integration of biometric
authentication methods, such as facial
recognition and fingerprint scans, into our
daily lives. These technologies serve as
stepping stones towards the ultimate goal
of a world where the arduous task of logging
in becomes a thing of the past. However,
to truly reach this passwordless utopia,
the general public needs a better grasp of
the underlying technology.
"In light of these developments,", continues
Barker, "Google's decision to champion
passkeys as the default login option couldn't
have come at a better time. Sometimes, it
takes industry giants to take the lead, pushing
for change more assertively."
Meanwhile, Alex Laurie, SVP EMEA at Ping
Identity, points to how passwords also act
as a barrier to achieving a smoother user
experience. "Think back to the number of
times you've been locked out of a site or
app and had to go through the painstaking
process of resetting your password. It's a
broken system that needs to change."
Given such challenges, the most logical path
access management organisations could take
would be towards a passwordless future, he
continues. "While this transition will undoubtedly
require time to be embraced at scale on
both the B2B and B2C side, our research
shows that consumers welcome passwordless
authentication. In the UK, 59% said they'd be
happy to switch website/app/service, if a
passwordless authentication method was
offered."
Laurie feels that the move away from
passwords, led by major technology firms like
Google and Amazon, is the path that others
now need to go. "Passkeys signify a significant
leap forward, sparing users from the hassle
of remembering passwords and the constant
worry of someone stealing them. This proactive
move promises to reduce fraud, and
usher in a simpler, faster and more secure user
experience that we can all benefit from."
32
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

endpoint protection
GETTING STRAIGHT TO THE (END)POINT
ENDPOINT PROTECTION IS REGARDED AS A 'MUST HAVE' WHERE CYBER THREATS ARE CONCERNED.
BUT HOW DO YOU SET ABOUT IDENTIFYING THE SYSTEM THAT IS RIGHT FOR YOUR ORGANISATION?
An endpoint protection platform (EPP)
is a solution deployed on endpoint
devices to prevent file-based malware
attacks, detect malicious activity, and provide
the investigation and remediation capabilities
needed to respond to dynamic security
incidents and alerts.
Expending on this EPP take, Gartner
continues: "Detection capabilities will vary,
but advanced solutions will use multiple
detection techniques, ranging from static
IOCs to behavioural analysis. Desirable EPP
solutions are primarily cloud-managed,
allowing the continuous monitoring and
collection of activity data, along with the
ability to take remote remediation actions,
whether the endpoint is on the corporate
network or outside of the office. In addition,
these solutions are cloud-data-assisted,
meaning the endpoint agent does not have
to maintain a local database of all known
IOCs, but can check a cloud resource to
find the latest verdicts on objects that it is
unable to classify."
In the company's 'Hype Cycle for Endpoint
Security, 2023' report (Franz Hinner, Satarupa
Patnaik, Eric Grenier, Nikul Patel), Gartner
offers several key insights into endpoint
protection and why it matters.
"Endpoint security innovations focus on
faster, automated detection and prevention,
and remediation of threats powering
integrated, extended detection and response
(XDR) to correlate data points and telemetry
from solutions such as endpoint, network,
web, email and identity. Methods to provide
lightweight, secure remote access remain in
demand driving desktop as a service (DaaS)
and endpoint and browser isolation for
increased control and security posture.
"We see continued adoption of zero-trust
network access (ZTNA), increasingly as a part
of security service edge (SSE) or a wider
secure access service edge (SASE). This
enables application access from any device
over any network, with minimal impact on
user experience."
The Hype Cycle for Endpoint Security tracks
developments that help security executives
defend their companies. Two tendencies
occur when technology evolves, says Gartner:
New endpoint technologies include endpoint
access isolation, endpoint-agnostic
workspace security, along with endpoint
protection toolset integrations and
upgrades
Net new security investments may focus
on new technologies and suppliers since
most purchasers consolidate vendors.
"The operational burden of deploying
internal people for threat hunting demands
greater signal correlation and automation of
reaction to counter sophisticated, targeted
attacks. This Hype Cycle shows XDR spreading
again. Unified endpoint security (UES), which
integrates endpoint protection platform (EPP)
and MTD security assets, is rising in this Hype
Cycle. While usage is limited, endpoint
operations solutions that configure devices
for consistency of control and speedy
remedial activities are anticipated to grow.
"Endpoint detection and response (EDR)
adoption continues as EPP matures. This year,
business email compromise (BEC) security
will detect compromised accounts to prevent
phishing. Network-based secure web gateways
(SWGs) also prevent endpoint attacks,
especially cloud-based ones. SSE is absorbing
SWG capabilities," states Gartner.
NEW SKILLS MATURE AND SPREAD
"Bring your own PC (BYOPC), unified endpoint
management (UEM) and DaaS are mature in
tackling access and endpoint isolation issues,
but they are rigid, encouraging technologies
like enterprise application integration (EAI)
to ascend the hill. SSE empowers ZTNA to let
any device access any app over any network.
ZTNA alone exposes endpoints to online
attacks and loses control of SaaS programs.
ZTNA, SASE and new zero-trust philosophy
implementations, like automated moving
target defence (AMTD), are being embraced
at different paces. Edge security services are
touted. Buyers want platform-wide security
33
computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk

endpoint protection
tools. UES products encompass phones,
tablets and PCs. Attack surface management
(ASM) and breach simulation
provide unique adversary engagement
and understanding. XDR uses several
domains and data to identify threats
faster."
Transformational Technology: Gartner
has seen SASE defend any application,
network and endpoint, it reports. "Security
executives should use SASE to combine
network security point solutions like SWG,
cloud access security broker (CASB) and
ZTNA with SD-WAN transformations and
couple with other endpoint security to
secure endpoints, regardless of location."
Key Technologies: As XDR grows, Gartner
expects commercial and technological
application cases. "These applications
simulate bogus assaults to identify
hazards quickly. Endpoint detection and
response, UEM, and DaaS solutions will
become essential for BYOPC security, UES
and XDR. Endpoint malware protection
needs improvement. As generative AI
advances, corporations will prioritise BEC.
Attack surface assessment (ASA) and
breach attack simulation (BAS) are part
of a complete endpoint strategy. Attack
surface management (ASM) uses XDR
telemetry to catalogue attack surfaces
without using ASA or BAS, or creating
new deceptive technological use cases.
These technologies and exposure management
(EM) let defenders cross-correlate
detection and attack behaviour, and teach
machine learning and deep learning
algorithms new methods through
behaviour pattern improvement."
OFF THE HYPE CYCLE
Secure Corporate Data Transmissions: "Virtual
private network (VPN) architecture has
matured into a well-understood and reliable
solution for remote access problems. The
growing importance of ZTNA ideas and SASE
tools means that VPN-based secure business
data transfers are exiting the Hype Cycle.
Contextual, dynamic access restrictions for a
wide range of remote employees, enabled by
deploying these solutions in addition to, or in
substitute of, current VPN infrastructure."
Business Impact: "Existing security products
will continue to provide enterprises with
increasingly sophisticated levels of protection,
access control and reporting analytics," advises
the resach. However, many of these products
will extend functionality to support browsers
via strategic partnerships, integrations or
browser extensions. Enterprise browsers are
not likely to replace existing security controls
throughout the enterprise, but rather extend
the reach of these tools for additional usecase
coverage.
Drivers:
Enterprise browsers are embracing the
new remote-work paradigm to consolidate
secure remote access for contractors,
suppliers and branch locations relying
on non-standardised equipment
Existing security solutions often struggle
to support unmanaged devices. This is an
area where enterprise browsers have found
early traction in the market, by providing
an acceptable level of secure remote access
that is able to maintain a mostly familiar
end-user experience
Small and midsize organisations are also
expected to be early adopters of this
technology. Organisations with simpler
environments and requirements may see
early opportunities to displace existing or
add new security controls with an enterprise
browser as a cheaper, centrally
managed option that immediately raises
their maturity level
Many security vendors already offer
integration with browsers via extensions,
while others have sought strategic partnerships
and integrations with browser manufacturers.
Enterprise browsers represent
a new way of delivering security services to
an organisation, which extend the edge of
traditional network security solutions.
OBSTACLES:
Free browsers are ubiquitous, to the point
that organisations must have specific use
cases to justify the purchase of a separate
browser. These justifications will become
easier to identify as enterprises begin to realise
the extensible and flexible enterprise security
and management potential of the browser.
However, it is unlikely most companies will
dedicate budget to an enterprise browser
without the ability to offset that spend
elsewhere.
Larger organisations with mature
cybersecurity and infrastructure operations
are advised that they may find it impractical
to reduce the complexity of their existing
environments with enterprise browsers,
though specific use cases may exist to justify
a relatively small purchase (such as providing
Day 1 access for new organisations gained
through mergers and acquisitions, contractor
access management, or as layered security
controls on top of fragile critical
infrastructure).
www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security
34