Edition Five
New partner spotlight: Trend Micro
A new hotbed for challenges in Cyber Security. Trend Micro Executive Viewpoint
Jamie Scales, Channel Sales Manager at Trend Micro
As both economic and political terrains continue to undergo digitisation, enterprises will increasingly leverage artificial intelligence and machine learning (AI/ML), the cloud, and Web3 technologies. While these innovations are expected to lend a hand to organisations, they also provide opportunities for cybercriminals by promising big returns, more streamlined operations on wider impact zones, and more targeted victims.
In their pursuit of catering to their organisation’s evolving needs, business leaders are faced with a unique challenge: They must strike a balance between foresight and operational hardiness anchored in technological investments.
Here we detail the focal points of 2024's threat landscape, along with insights and recommended mitigation measures from Trend Micro’s team of cybersecurity experts that are designed to guide decision-makers toward well-informed choices for the year ahead.
Jamie Scales, Channel Sales Manager at Trend Micro
Cloud native worms will exploit security gaps in cloud environments
As cloud adoption becomes more critical to business transformation today, enterprises need to look beyond their routine malware and vulnerability scans. In 2024, cloud environments will be a playground for tailor-made worms crafted to exploit cloud technologies and misconfigurations will serve as an easy entry point for attackers.
With just a single successful exploit, particularly through misconfigured APIs in the likes of Kubernetes, Docker, and WeaveScope, attacks with worming capabilities can set off rapid propagation in cloud environments. In short, these worm attacks use interconnectivity — the very benefit for which the cloud was made — against cloud environments.
Generative AI will level up social engineering lures in targeted scams.
Spear phishing, harpoon whaling, and virtual kidnapping are just the tip of the iceberg when it comes to AI’s potential role in cybercriminal schemes. We predict that in 2024, voice cloning, already a powerful tool for identity theft and social engineering, will take centre stage in targeted scams.
Despite malicious large language model (LLM) WormGPT's shutdown in August 2023, we expect more of its spawn to populate the dark web. In the interim, threat actors will also find other ways to use AI for cybercrime. While legislation to regulate the use of generative AI is yet to be passed, it is paramount that defenders implement zero-trust policies and establish a vigilant mindset for their respective enterprises to avoid falling prey to AI-powered scams.
Data will be weaponised against cloud-based ML models.
Data poisoning will make machine-learning (ML) models an exciting and expansive attack surface for threat actors to explore as these promise a wide variety of high rewards with very few risks. A compromised ML model can open the floodgates to possibly divulging confidential data for extraction, writing malicious instructions, and providing biased content that could lead to user dissatisfaction or potential legal repercussions.
Validating and authenticating training datasets will become increasingly imperative, especially while ML remains an expensive integration for many businesses. Enterprises who take their algorithms off-premises to lower cost will also be more vulnerable since they rely on sourced data from third-party data lakes and federated learning systems. This means that they are completely dependent on datasets stored within cloud storage services guarded by systems outside their own.
To mitigate these potential risks, ensure that your approach to AI is defined at board level.
Enterprises making bold bets on ML models, generative AI tools, blockchain networks, and the cloud in the hopes of productivity gains should stay sharp for the unvarnished truths and unexpected pain points that will surely come with these engines of innovation. For defenders to hold the line against the ever-evolving cyberthreats that lie in wait next year, they will need to stay vigilant and practice resilience at every point of the threat life cycle, on top of enforcing a multi-dimensional security strategy grounded on trusted and forward-thinking threat.
See Trend Micro's full 2024 Report here.
Our partnership with Trend Micro, is about empowering your organisation with industry-leading cybersecurity solutions, enhanced visibility and control, comprehensive risk management, seamless integration, and expert guidance. Together, we are dedicated to safeguarding your digital assets, protecting your sensitive data, and ensuring business continuity in today’s challenging threat landscape.
Safeguard your organisation with expert protection from Ultima
Whether you need to tackle a specific concern, or are looking to evolve your security strategy so it’s fit for purpose in the digital world, this guide demonstrates how Ultima will help keep your business resilient in our unpredictable times.
