What are some current trends in cybersecurity threat research? To get some insight, we spoke to Aamir Lakhani, cybersecurity researcher and practitioner with FortiGuard Labs.
Security magazine: What is your title and background?
Lakhani: I am a cybersecurity researcher and practitioner with FortiGuard Labs, the threat intelligence and research organization within Fortinet. I have a deep passion for helping organizations secure themselves better and combat cyber adversaries. I have more than 15 years of cybersecurity experience, working with companies across industries on technical security strategies and security implementation projects. I’ve designed offensive counter-defense measures for national intelligence agencies, and have assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups.
Security magazine: What are some of the current cybersecurity trends the Fortinet team is observing?
Lakhani: 2020 has been a banner year for ransomware, aided in large part by the mass shift to remote work. We expect to see this continue in 2021 as cyber criminals continue to evolve their methods, and as IT systems increasingly converge with operational technology (OT) systems.
Another thing we’re seeing is that the “intelligent edge” is becoming a bigger target. With the rise of remote work, IoT, the cloud and other multi-edge environments, the traditional network perimeter is becoming a thing of the past. And each of these environments carries its own set of risks. For cyber criminals, the big advantage here is that while all of these edges are interconnected, many organizations have sacrificed centralized visibility and unified control in favor of performance of digital transformation. And that means cyber criminals are starting to target this intelligent edge more frequently.
A third trend we’ve observed are advancements in social engineering. Smart devices and other home-based systems that interact with users are becoming conduits for deeper attacks. Using important contextual information about users, such as their daily routines or financial information, could make these attacks more successful. And smarter attacks could lead to worse ramifications that turning off security systems or hijacking smart appliances; it could lead to ransoming and extortion of additional data or stealth credential attacks.
Security magazine: Which of these trends should enterprise security, private security, and government leaders be particularly prepared for?
Lakhani: All of these trends are very important to keep an eye on, but they’re also linked. Once the pandemic ends, we expect that many companies across industries will continue to have at least some employees working remotely at least some of the time. And that means that as mentioned earlier, perimeter-only security will be less relevant. Organizations will need to really focus on finding security solutions that can address all users and edges, because cyber criminals have and will continue to leverage this intelligent edge. And one of the ways they will be doing so is with ransomware.
Security magazine: How can security leaders prepare?
Lakhani: Leaders need to take a close look at developing a long-term strategy that can address remote work, in-person work and hybrid work environments. For organizations who put in stopgap measures to enable remote work just to comply with lockdowns, now is the time to focus on a strategy that will adapt for the long haul. Solutions can no longer address just some parts – what’s needed are holistic solutions that address all of the edges.
Another key thing security leaders can do is promote better cyber hygiene among employees. All employees should be receiving basic cyber hygiene, with regards to things like watching out for phishing links and how to better create/store passwords. But with more people working from home and connecting with home networks, leaders also can take more steps in helping employees understand the risks and how to work securely even in a remote setting.
Another best practice is going to be the use of AI. AI must evolve to the next generation – it will be critical for future defense against evolving attacks. Humans alone will not be able to keep up with the vast amount of alerts and data coming into systems, which means automation, AI and ML technologies will play a key role. The primary role of humans will be to ensure that security systems have been fed enough intelligence to not only actively counter attacks but actually anticipate attacks so that they can be avoided.