Thanks to new technological tools, cybercriminals are working faster and faster. How do you ensure your security is always one step ahead? We look ahead to trends in cybersecurity.

“Cybersecurity is a race: you have less and less time to intervene.” Bruno Durand, who heads the security company Sophos’ divisions in the Benelux and France, sets the tone almost immediately in our conversation. In the recently published Active opponentIn this report, Sophos looks back at developments in the world of cybersecurity.

One trend stands out to Durand the most: “It’s getting faster and faster.” One parameter that Sophos uses to compare the speed of cyber attacks is Dwell timeor the average time attackers spend sneaking around your systems before doing their thing. In 2022 there were eighteen days, this year the average has fallen to five days. “Attackers often know the systems we use better than we do ourselves.” “In addition, they can also buy a complete ransomware service on the dark web, with other criminal organizations doing the work for them,” says Durand, citing possible explanations.

Ransomware with a legitimate flair

However, there are several studies that claim that ransomware attacks are decreasing due to improved defenses. But Durand warns that it is still far too early to declare ransomware dead: “69 percent of attacks still involve ransomware.” Behind this, data exfiltration is on the rise.”

The way ransomware is used is changing, Durand sees. “At one time, attackers primarily looked for vulnerabilities in popular software, but now they first try to inject ransomware through ‘legitimate’ channels. You don’t have to drive them in anymore, you just register.”

This can be done in different ways, explains Durand. “Attacks often occur in different phases. It may start with an email to collect information about you. The aim is to ultimately gain your qualifications and develop further. The tactic of “living away from the land” is also becoming increasingly popular. Additionally, attackers abuse legitimate tools to remain undetected. Suspicious activities are therefore difficult to detect, but it is also more difficult to intervene as they can disrupt the functionality of legitimate tools.”

Cybersecurity: #9 to #5

Faster attacks mean security teams need to be constantly on alert to respond quickly. During, before and after the working day, because criminals don’t rest in the evenings and on weekends. Durand: “Almost ninety percent of attacks now take place outside of office hours. You need people and services that can keep an eye on your business 24/7.”

This trend reveals a larger structural problem facing the security industry: a lack of human workers. “There is a global shortage of four million skilled workers,” estimates Durand. “But the gap is smaller than everyone thinks. Partly it is also a mentality problem: companies are always looking for the same profiles. Expertise is certainly important, but the passion for acquiring that expertise is just as important.”

For Durand, it’s not exactly how many security experts you employ, but how you support them in their work. “Seven out of ten specialists say they are ‘drowning’ in the number of incident reports they deal with on a daily basis. I assume that the acceptance of managed services will increase significantly in the coming years, especially in the SME segment. In the past, criminals focused primarily on companies, but with the help of artificial intelligence they can now also attack SMEs on a large scale. SMEs rarely have the means to defend themselves, while the costs to them of an attack are very high.”

AI: friend or foe?

In 2023, it has become almost impossible not to talk about artificial intelligence. Predictions vary widely about what AI will mean for the security industry. Sophos seems to want to keep the ball in the middle. Durand sees opportunities for security, but also risks if the technology falls into the wrong hands.

“AI is not new, but we are only now realizing the power of the technology. The dark side is that it can be used to speed up attacks even more. “In addition, AI can be used to create more realistic phishing emails and deepfakes and enable new forms of fraud, such as election fraud,” says Durand.

Every disadvantage also has an advantage, he continues. “AI certainly also has the potential to increase security capabilities. Incident data can be collected, classified and analyzed much more quickly. Human experts only need to consider complex data. Both attackers and defenders are becoming more intelligent thanks to AI. But I don’t see it as anything more than a useful addition.”

AI itself can just as easily become a target for cybercriminals. Durand: “For AI to work, you need large amounts of data. What if this data itself is corrupted? This leads to unreliable results that people consider reliable. We see that criminals are now also trying to “poison” data lakes.

For AI to work, large amounts of data are required. What if this data itself is corrupted?

Bruno Durand, VP Sophos France and Benelux

Prevention and healing

A manager warned is worth two and in case it wasn’t already clear: every company, large or small, is in the crosshairs. Durand also gives his personal advice on how companies should prevent this. “Complete visibility into what is happening in your IT infrastructure is the start. Attackers are simply looking for “blind” hiding places. Analyze your defense capabilities and where potential risks lie. This does not have to be done once a year, but is an ongoing process. Also address your risks proactively: Many companies know their weaknesses but wait until it is too late to address them.”

No matter how good your prevention may be, sometimes things can go wrong. You also have to be prepared for that, emphasizes Durand. “Companies don’t always have a recovery plan in place in case their defense goes wrong. Who will you call in the event of an attack, where are your backups, etc. Recovery is about much more than just whether or not to pay the ransom. It’s about getting your business restored as quickly as possible.”

A managed security provider can be a lifeline at all stages of a cyberattack, Durand concludes, although of course he speaks like his employer. “I remember a customer who found out that his business was attacked during a family dinner on Sunday. We were able to help him the same day and the incident report was ready on Monday. A security service provider must always be there for you.”

This editorial article was created in collaboration with Sophos.