Subscribe & Save 20% off Premium or Families plans
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
The cybersecurity landscape is continually evolving, adapting to trends like remote work and incorporating new technologies like AI and machine learning. As cyber criminals develop even more effective cyber attacks to gain or maintain an edge against their intended victims, companies must stay on top of rapidly shifting cyber threats. Here's a look at three major developments in the cyber security landscape – zero trust, cyber extortion, and the new National Security Strategy – and what they mean for businesses today.
The rise in zero trust
Until the arrival of cloud computing and mobile devices, most businesses' IT teams used a traditional perimeter-based security model to secure critical data and systems. Under that old approach, businesses deployed firewalls and other cybersecurity tools to keep bad actors from penetrating their office network environments, which were typically located on site. The problem with this method was that it assumed anyone who already gotten into the network had permission to be there. So, if an attacker managed to gain entry, they often had free rein to access nearly anything they wished. Things have changed. Most office networks are now decentralized, scattered across a constellation of endpoints. Businesses heavily rely on cloud services and often support remote or hybrid workforces, which means it is no longer possible to implement perimeter-based security. Zero trust acknowledges the inherent complexity of today's cybersecurity landscape and, in response, proposes an entirely different strategy for protecting business data and systems. According to the World Economic Forum, zero trust is "a cybersecurity model that shifts how organizations approach security from reliance solely on perimeter defenses to a proactive strategy that allows only known good activity across ecosystems and data pipelines." This security framework mandates that all users, no matter where they are, be properly authenticated and continuously validated throughout the course of their sessions. With this approach, attackers are far less likely to gain access to all of a company's resources even if they do manage to slip past its cyber defenses in one area. Given the rise of sophisticated threats like cyber extortion, businesses need to embrace this vigilant stance more now than ever.Cyber extortion continues
Cyber extortion usually takes place when an attacker breaks into a company's systems, makes those systems unusable or holds sensitive data hostage, and then demands that the business pay a fee if they want the assault to stop. This kind of attack often halts business productivity and causes serious financial and reputational damage. Sadly, cyber extortion has evolved alongside the broader cybersecurity landscape, spinning off into several sophisticated variations, each of which represents a serious threat on its own. Take ransomware-as-a-service (RaaS) as an example. Whereas bad actors once launched ransomware attacks on their own, they can now outsource their criminal activities to comparatively unskilled hackers by launching paid subscription services featuring ready-made RaaS kits. Those novice hackers can then make slight modifications to the kits and launch their own attacks. Through this malicious innovation, which takes inspiration from cloud-based subscription services, cyber criminals can propagate cyber extortion schemes on a massive scale and enjoy a continuous stream of passive income. Supply chain attacks offer bad actors another effective way to simultaneously reach a huge number of potential victims in one fell swoop, using the third-party technology they trust and rely on to do their daily business. As we've seen with the Colonial Pipeline incident in 2021 and again with the Nvidia ransomware attack in 2022, cyber criminals are increasingly weaving cyber extortion schemes into these attacks. This is a worrisome development considering how challenging it is for the average business to identify cyber risks within its supply chain. Always on the lookout for tactical advantages, hackers are also leveraging AI and machine learning to inflict more damage on businesses and individuals. These tools can effectively analyze large quantities of data, allowing hackers to develop even more sophisticated attacks than they could using manual methods. For example, hackers can scrape publicly available information about a target, harvest stolen data about them that has appeared in a breach, and then task AI with crafting an effective, highly personalized phishing email based on that information. This means, among other things, that the average employee will no longer be able to identify a phishing email based on awkward phrasing or stilted language alone.A new National Cybersecurity Strategy
In an endeavor to address concerning developments in the cyber threat landscape, the United States has recently released a new National Cybersecurity Strategy. Recognizing how paramount good cybersecurity is to a healthy, stable economy, this strategy recognizes the need to shift the burden of proper cyber defenses away from small businesses, individuals, and local governments toward the public and private sector organizations that are better positioned to handle the scale of the problem. Accordingly, the updated National Cybersecurity Strategy includes a strong focus on protecting critical infrastructure facilities, such as public water systems. Should these types of facilities be infiltrated, they could be used to contaminate drinking water or cause grave harm to the U.S. population in other ways. Unfortunately, not enough of these public water systems have adopted cybersecurity best practices in response to the growing threat. With this in mind, the Biden administration is requiring the creation of regulatory frameworks that establish minimum cybersecurity requirements for critical infrastructure.Understand the evolving cybersecurity landscape
Cyber attackers are nothing if not opportunistic, always keeping tabs on changing trends that could give them an advantage. They have developed increasingly innovative cyber extortion schemes such as ransomware-as-a-service, taking a page from cloud computing models in the process. Companies, recognizing the increasing risks they face, are responding with stricter cybersecurity stances such as zero trust approaches and staying on top of government-level initiatives like the new National Cybersecurity Strategy. Those that do will have a far better chance of future proofing their businesses against evolving cyber threats. Need the tools to better equip your company against ever changing and expanding cyber risk? Learn how LastPass improves employee password hygiene and security.Share this post via:
Subscribe & Save 20% off Premium or Families plans
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
