Cybersecurity trends: Looking over the horizon

• Today, cyberhacking is a multibillion-dollar enterprise, complete with institutional hierarchies and R&D budgets.
• Attackers use advanced tools.
• Ransomware as a service and cryptocurrencies have substantially reduced the cost of launching ransomware attacks, which have doubled each year since 2019.

Cyber risk management has not kept pace with the proliferation of digital and analytics transformations, and many companies are not sure how to identify and manage digital risks.

At the same time, companies face stiffer compliance requirements-a result of growing privacy concerns and high-profile breaches.

Mitigating the cybersecurity risks of on-demand access to ubiquitous data requires four cybersecurity capabilities: zero-trust capabilities, behavioural analytics, elastic log monitoring, and homomorphic encryption.

Shifts the focus of cyberdefense away from the static perimeters around physical networks and toward users, assets, and resources, thus mitigating the risk from decentralized data.

Behavioural analytics can monitor attributes such as access requests or the health of devices and establish a baseline to identify anomalous intentional or unintentional user behaviour or device activity.

Elastic log monitoring for large data sets allows companies to pull log data from anywhere in the organization into a single location and then to search, analyze, and visualize the data in real-time.

Homomorphic encryption allows users to work with encrypted data without first decrypting to give third parties and internal collaborators safer access to larger data sets and meet more stringent data privacy requirements

To counter more sophisticated attacks driven by AI and other advanced capabilities, organizations should take a risk-based approach to automation and automatic responses to attacks.

• Automation should focus on defensive capabilities like security operations centre (SOC) countermeasures and labour-intensive activities.
• Use of defensive AI and machine learning for cybersecurity.
• Technical and organizational responses to ransomware.
• The level of digitization accelerates, and organizations can use automation to handle lower-risk and rote processes, freeing up resources for higher-value activities.

• Secure software development.
• Have security and technology risk teams engage with developers at all times.
• Software bill of materials.
• Mitigate the administrative burden by formally detailing all components and supply chain relationships used in the software.
• Take advantage of X as a service.
• Infrastructure and security as code.
• Standardizing and codifying infrastructure and control-engineering processes can simplify the management of hybrid and multi-cloud environments.