Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsManagementCyber Tactics ColumnSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

Cyber Tactics

The 4 horsemen of the cybersecurity apocalypse

There are four high-level risks hurtling toward your organization right now — spanning across industry verticals and geographies. 

By John McClurg
Cyber Tactics

Catya_Shok / iStock / Getty Images Plus via Getty Images 

cyber tactics
Cyber Tactics
cyber tactics
November 9, 2022

If the four horsemen of the cyber apocalypse posed a threat to your network, would you recognize them in time to turn the odds in your favor? The biblical version of an apocalypse involves conquest, war, famine and death. In cybersecurity, I believe the current “four horsemen of the apocalypse” would be as follows: 

  1. Security by Obscurity 
  2. Supply Chain Attacks 
  3. Collaboration Among Threat Actors 
  4. Reactive Network Defense 

These horsemen are already here. Their associated implications should inform enterprise cybersecurity strategies as we look ahead to 2023 and beyond. 

Horsemen of the Cyber Apocalypse 

There are many factors that could have made the list, but I believe these four reflect high-level risks hurtling toward organizations right now — spanning across industry verticals and geographies. 

1. Security by Obscurity 

Ransomware and advanced persistent threat (APT) operators have changed cyber risk for every organization. For those companies that assume they are too insignificant to be targeted, the outlook is stark — threat actors don’t target businesses based on their size or location alone.  For ransomware attacks, it’s about how much an organization is willing to pay, while for APTs, it may be more about enterprise connections and third parties. 

Who wants your organization’s data even if you’re a small or medium-sized business (SMB) or local government? The answer is, you do — and ransomware threat actors know many organizations will pay to get their data decrypted. APT actors also want your data, or simply your credentials to gain access to a juicier target. Zero immunity should be assumed when assessing the attack surface and threat horizon for any industry sector. 

2. Supply Chain Attacks 

Nation-state threat actors represent the second horseman riding in the shadows, going largely unnoticed for far too long. If cybersecurity professionals look back at some of the most prominent supply chain attacks during the last couple of years, then names like SolarWinds, Kaseya and Okta come to mind. Attackers targeting the software supply chain frequently exploit systems and services that are in widescale use within industries and across geographies. 

This attack vector typically requires skill and planning to execute, making it well-suited to APT adversaries that have the resources to create bespoke tools and exploits that can maximize the stealth and reach of their campaigns.   

These types of attacks are why I so often write about “locking shields” in the cybersecurity ecosystem — because if suppliers or vendors aren’t protected from this type of attack, then neither are you. 

3. Collaboration Among Threat Actors 

Our third apocalyptic rider travels with the herd, expanding the threat landscape as they go. There is increasing evidence of collaboration between discrete attack groups and the use of initial access brokers (IABs). These brokers gain access to networks and establish backdoors before advertising and selling that access to attack groups on the dark web.   

These groups and their affiliates are increasingly sharing knowledge and tools with each other. In a recent case, a threat group offered a bug bounty to others to help improve its code. This collaboration is a significant driving force behind the pace and sophistication of attacks. 

4. Reactive Defense Strategy 

The final horseman of the apocalypse in this cyber scenario is actually ourselves — as cybersecurity professionals race to head off the other horsemen galloping toward our networks. Unfortunately, we often represent organizations choosing to take a solely reactive approach to their cybersecurity defenses, placing ourselves at great risk of getting run over by the incoming steeds.   

Hands-on-keyboard attacks are certainly one reason why this is the case. The speed at which these attacks can unfold means responding in real time, something that lies beyond the abilities of most organizations.   

Meanwhile, supply chain attacks and the sophistication of the general cybercrime ecosystem are increasing. Because of the stealthy nature of these attacks and their use of genuine compromised credentials — usually remote access or admin and service accounts — the initial access activity typically evades traditional monitoring tools.  Without proactive and preventative measures in place, initial detections often arrive too late. 

But this reactive horseman need not be one against which we are defenseless. Instead, we must now sidle on over to a proactively preventative security path. 

Stopping the Cyber Apocalypse   

In addition to applying patches and attending to other security hygiene measures as quickly and effectively as possible and practical — I believe cybersecurity best practices should involve deploying defensive technologies that leverage artificial intelligence (AI) and machine learning (ML) techniques to anticipate and prevent malicious activities. 

While many security providers’ claims around using AI or ML in their offerings may be true, they may use AI to optimize and automate some aspects of their heuristics or signature-generation processes. But they fall short of the full promise of AI — preventing cyber threats. 

It is important to choose an AI that has trained on billions of diverse threat data sets over several years of real-world operation and has been tested across an array of cybersecurity applications to identify and prevent malware. 

In the final analysis, a layered defense relying on AI-based network and host visibility, capable of blocking most threats before they can execute, stands the best chance of detecting threats and defeating the four horsemen of the cybersecurity apocalypse — both now and in the future. 

KEYWORDS: cybersecurity information security risk management security vulnerabilities threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber tactics

    2023: The year for contextual cyber threat intelligence

    See More
  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing