The cybersecurity landscape has undergone a number of changes in recent years. The frequency and scale of malware, phishing attacks, and data breaches are increasing, requiring organizations to invest more time and money in establishing cybersecurity practices. Organizations need to recognize the changing threat landscape and ask themselves what challenges they currently face and what practical steps they should take to reduce the risk of cybercrime. .
This was a discussion thread between tech monitor Associate Editor Jon Bernstein and Sophos Field Commercial CTO John Shier discuss how the security landscape is evolving with increasingly sophisticated cybercrime and what this means for the future of organizational security. I'll talk about it.
Mr. Scheier highlighted several key points, including how specialization and specialization in cybercrime has evolved. Layered defenses such as firewalls and multi-factor authentication (MFA) have become important additions to modern organizations' layers of defense to adapt to changing hacker tactics.
“Our detection capabilities are improving and we can catch people doing criminal activity faster, but they know that. Naturally, they act faster because they know they have better tools and services to help them in this quest to detect earlier,” Shire said. “The faster you attack, the more you can block these attacks, and the sooner you can break the rhythm of the attack and get in the way.”
Mr. Shier also discussed Sophos' recent report, “Stopping Active Adversaries,” which highlighted the most common and emerging ways for attackers to break into businesses. Based on an analysis of 232 major cyber incidents remediated by Sophos X-Ops incident responders, this report provides actionable insights to guide your security strategy. Among the keyf findings: credential leakage and vulnerability exploitation remain the primary entry vectors, and attacks are accelerating. In 2023, ransomware dwell time has decreased to 5 days compared to the previous year, and 91% of ransomware attacks in 2023 will occur during non-business hours, meaning organizations will This highlights the need to invest in system protection.
3 steps to strengthen security
To combat these threats, Shire emphasizes the importance of three elements for organizations: secure, monitor, and respond. “Ensuring security means using a robust layer of multi-factor authentication to increase friction wherever possible. We should,” Shire said.
Cybercriminals will only adapt if necessary, Shire cautions. The use of new technology and complex defensive tactics has raised the bar so high that some tactics against cybercriminals are “no longer worth it,” Scheyer suggests, but businesses can no longer manage their cybersecurity journeys. Maintain the tight security of your organization and employees reminding them that they don't have to go it alone and can seek advantageous partnerships.
“Getting security right is difficult, time-consuming, resource-intensive and expensive,” says Shire. “When you find yourself in a situation that you think is too difficult to do on your own, ask for help. There are many organizations that can help you and ask for help, including organizations and vendors you can partner with for your IT infrastructure. We are here to help. We do and we have the experience to keep you safe.”
During this wide-ranging conversation, Mr. Scheier provided further valuable insights and recommendations for organizations to establish a comprehensive cybersecurity strategy. The evolving cybercrime and security landscape emphasizes the importance of layered defense and the need for round-the-clock protection. By securing, monitoring, and proactively responding, businesses can stay ahead of cyber threats and keep their digital assets safe.
Watch the full conversation above and download the report. ”thwart an active adversary' For more information, see Sophos.
