Three-quarters of organizations surveyed by Forrester Research had sensitive data potentially compromised in the previous year, as attackers engage in a high-stakes tug of war with defenders.
Seventy-four percent of security professionals surveyed said they saw potential breaches or compromises of sensitive data at least once in the previous year, and 12 percent said they had potential breaches six times or more. Three percent said they had potential compromises of sensitive data 11 times or more during the year, according to Forrester’s Top Cybersecurity Threats In 2023 report..
Just 14 percent of those surveyed said their organizations’ sensitive data was potentially compromised only once during the year.
New Headaches for Security Teams
Defending is about to get even harder, wrote the authors of the Forrester report. Heightened geopolitical threats, increasing cloud complexity, and the launch of content-creating generative AI will give security teams difficult new challenges, Forrester said. Meanwhile, ransomware attacks aren’t going away.
Generative AI–tools like ChatGPT that can generate text, audio, or video content–will allow attackers to “scale and wreak havoc” in ways they previously couldn’t, the report said. While AI-based attacks won’t affect most organizations in the near future, they are coming.
Attackers will begin to use AI to poison data and cause algorithmic drift, Forrester said. For example, hackers could use AI to create new email messages that help them reverse engineer the machine learning model that marks phishing or other email messages as suspicious. Then, the attackers could use generative AI to create new email messages that weaken the machine learning tool’s effectiveness.
Meanwhile, geopolitical threats existed before Russia’s invasion of Ukraine, but will escalate, the report said. Countries will continue to leverage cyberattacks against companies to engage in espionage, use as leverage in negotiations, control resources, or demonstrate technological prowess, Forrester said.
The Forrester report echoes the geopolitical concerns highlighted in the 2023 Global Threat Report from CrowdStrike, an ExtraHop technology partner. CrowdStrike saw a growing threat from nation-state actors. The CrowdStrike report names several state-connected hacking groups and describes their attack methods.
Complexity in the Cloud
In addition, Forrester added that security threats will be exacerbated by a growing number of cloud computing and storage options and by the inability of IaaS providers to keep up. Consequently, the research firm advises organizations to continue watching for common cloud threats, including insecure configuration, configuration drift, and privilege escalation in guest operating systems and in SaaS apps. Network path monitoring and deep packet analysis in the cloud can be “exceedingly difficult” for many companies, the analyst firm added.
However, the ExtraHop Reveal(x) 360 network detection and response (NDR) solution can be used for network monitoring, packet inspection and cloud security. Once attackers compromise a cloud workload and steal credentials, most cloud security tools can't detect their lateral movement in the east-west traffic corridor. That blindness to post-compromise activity leads to longer dwell time, providing adversaries with days, weeks, or months to breach critical assets undetected.
Reveal(x) 360, however, uses network traffic–the ground source of truth in the cloud–to provide real-time visibility into suspicious access to cloud data stores and detect lateral movement. It provides full Layer 7 visibility and decrypts cloud traffic in real time at line rate to discover hidden threats in critical encrypted traffic to API servers and more. In addition, Reveal(x) 360 applies cloud-scale machine learning to automatically identify anomalous behavior and trace data transfers inside virtual private clouds (VPCs) to external endpoints, APIs and cloud services.
An earlier Forrester report, “The Network Analysis And Visibility Landscape, Q1 2023,” called NDR, or network analysis and visibility tools, essential for creating a zero trust security stance. NAV/NDR solutions are unique in the zero trust landscope, because they provide visibility into “...all aspects of the network, down to the endpoint and into the cloud,” the earlier report said.
The new Forrester report also warns that ransomware attacks will continue to be a major threat, particularly to critical infrastructure, and that attackers will continue to engage in double-extortion tactics where they demand additional money to prevent disclosure of data on top of the ransom demand to decrypt stolen data.
Reveal(x) 360 monitors user behavior for unusual activity on the network, such as accessing files for the first time, to alert security teams and stop potential ransomware attacks. To battle ransomware and other attacks, Reveal(x) also decrypts TLS 1.3, SMBv3, and other Microsoft protocols attackers use to mask lateral movement and other post-compromise activities.
Don't Trust That Email
Companies should also look out for business email compromise attacks, which combine social engineering and phishing tactics, the report said. These attacks, which start with phishing emails that appear to be from a trusted source, can lead to fraudulent wire transfers, financial fraud, or credential theft.
In the survey referenced by the report, a third of the sensitive data compromises reported by respondents came from external threats, while 26 percent were the result of an internal incident. They blamed another 23 percent of the compromises on attacks or incidents involving their external ecosystems, and 17 percent on lost or stolen assets. These 2022 numbers are all within 3 percentage points to responses to Forrester’s 2021 survey.