If the four horsemen of the cyber apocalypse posed a threat to your network, would you recognize them in time to turn the odds in your favor? The biblical version of an apocalypse involves conquest, war, famine and death. In cybersecurity, I believe the current “four horsemen of the apocalypse” would be as follows:
- Security by Obscurity
- Supply Chain Attacks
- Collaboration Among Threat Actors
- Reactive Network Defense
These horsemen are already here. Their associated implications should inform enterprise cybersecurity strategies as we look ahead to 2023 and beyond.
Horsemen of the Cyber Apocalypse
There are many factors that could have made the list, but I believe these four reflect high-level risks hurtling toward organizations right now — spanning across industry verticals and geographies.
1. Security by Obscurity
Ransomware and advanced persistent threat (APT) operators have changed cyber risk for every organization. For those companies that assume they are too insignificant to be targeted, the outlook is stark — threat actors don’t target businesses based on their size or location alone. For ransomware attacks, it’s about how much an organization is willing to pay, while for APTs, it may be more about enterprise connections and third parties.
Who wants your organization’s data even if you’re a small or medium-sized business (SMB) or local government? The answer is, you do — and ransomware threat actors know many organizations will pay to get their data decrypted. APT actors also want your data, or simply your credentials to gain access to a juicier target. Zero immunity should be assumed when assessing the attack surface and threat horizon for any industry sector.
2. Supply Chain Attacks
Nation-state threat actors represent the second horseman riding in the shadows, going largely unnoticed for far too long. If cybersecurity professionals look back at some of the most prominent supply chain attacks during the last couple of years, then names like SolarWinds, Kaseya and Okta come to mind. Attackers targeting the software supply chain frequently exploit systems and services that are in widescale use within industries and across geographies.
This attack vector typically requires skill and planning to execute, making it well-suited to APT adversaries that have the resources to create bespoke tools and exploits that can maximize the stealth and reach of their campaigns.
These types of attacks are why I so often write about “locking shields” in the cybersecurity ecosystem — because if suppliers or vendors aren’t protected from this type of attack, then neither are you.
3. Collaboration Among Threat Actors
Our third apocalyptic rider travels with the herd, expanding the threat landscape as they go. There is increasing evidence of collaboration between discrete attack groups and the use of initial access brokers (IABs). These brokers gain access to networks and establish backdoors before advertising and selling that access to attack groups on the dark web.
These groups and their affiliates are increasingly sharing knowledge and tools with each other. In a recent case, a threat group offered a bug bounty to others to help improve its code. This collaboration is a significant driving force behind the pace and sophistication of attacks.
4. Reactive Defense Strategy
The final horseman of the apocalypse in this cyber scenario is actually ourselves — as cybersecurity professionals race to head off the other horsemen galloping toward our networks. Unfortunately, we often represent organizations choosing to take a solely reactive approach to their cybersecurity defenses, placing ourselves at great risk of getting run over by the incoming steeds.
Hands-on-keyboard attacks are certainly one reason why this is the case. The speed at which these attacks can unfold means responding in real time, something that lies beyond the abilities of most organizations.
Meanwhile, supply chain attacks and the sophistication of the general cybercrime ecosystem are increasing. Because of the stealthy nature of these attacks and their use of genuine compromised credentials — usually remote access or admin and service accounts — the initial access activity typically evades traditional monitoring tools. Without proactive and preventative measures in place, initial detections often arrive too late.
But this reactive horseman need not be one against which we are defenseless. Instead, we must now sidle on over to a proactively preventative security path.
Stopping the Cyber Apocalypse
In addition to applying patches and attending to other security hygiene measures as quickly and effectively as possible and practical — I believe cybersecurity best practices should involve deploying defensive technologies that leverage artificial intelligence (AI) and machine learning (ML) techniques to anticipate and prevent malicious activities.
While many security providers’ claims around using AI or ML in their offerings may be true, they may use AI to optimize and automate some aspects of their heuristics or signature-generation processes. But they fall short of the full promise of AI — preventing cyber threats.
It is important to choose an AI that has trained on billions of diverse threat data sets over several years of real-world operation and has been tested across an array of cybersecurity applications to identify and prevent malware.
In the final analysis, a layered defense relying on AI-based network and host visibility, capable of blocking most threats before they can execute, stands the best chance of detecting threats and defeating the four horsemen of the cybersecurity apocalypse — both now and in the future.
