Vector
Vector

Choose your topics

Blogs
What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
Blogs
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
Blogs
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Blogs
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Vector-1
Cyber Security

2019’s Cybersecurity Recap & Predicting 2020’s Digital Landscape

2019’s Cybersecurity Recap & Predicting 2020’s Digital Landscape
Written by

Elliot Thompson

Published on

1 Aug 2020

2019’s Cybersecurity Recap & Predicting 2020’s Digital Landscape

 
 

Read the original full article from Tech Radar Pro here.

 

As ever, the end of the calendar year is a useful time to look at the months ahead and make some predictions as to which security threats will afflict businesses over the next year. What can we learn from the tools and techniques being harnessed by cyber-criminals, in conjunction with the ways in which enterprise IT infrastructures are changing? And how can organisations best protect themselves in this changing world?

Cybersecurity practices are constantly improving, and increasing adoption of technologies like harder-to-crack multi-factor authentication, cyber-criminals are similarly evolving. Their combination of well-established infiltration and data extraction techniques with next-generation technologies can be highly sophisticated – and devastatingly effective.

 

Going phishing in the cloud

Social engineering and credential phishing techniques, for example, have been prominent in cyber-criminals’ arsenal for years now. Now, however, the infrastructure they can gain access to has dramatically evolved, with even the most reluctant organisations recognizing that the scalability, agility and flexibility of the cloud cannot be ignored. Criminals have demonstrated remarkable success in gaining access to Microsoft Azure and Amazon Web Services (AWS) cloud dashboards, usually through credential stuffing or phishing. All it takes is for one individual with admin access to production environments to fall victim to a social engineering or phishing email – and, in large organisations with an array of different user accounts, this is far more common than it should be. In 2020, then, expect to see more and more cloud infiltration which can ultimately be traced back to an individual being successfully tricked.

 

Ransomware evolves

Ransomware has undoubtedly matured into a stable business model and has truly become one of the most powerful and effective weapons that bad actors can deploy. We’ve seen fewer and fewer instances where ransomware’s poorly implemented cryptography can be exploited to unlock files for free. Likewise, we’ve seen fewer occurrences where an attacker takes over a large network and demands a small amount of money. Unfortunately, many threat actors are capitalising on incomplete backup coverage across organisations.

What does this mean for 2020? I’m predicting a large, fully deployed BlueKeep-based malware campaign. This security vulnerability in Microsoft’s Remote Desktop Protocol, which enables remote code execution on the part of cyber-criminals, could be the starting point for truly devastating attacks.

 

Machine learning and AI for protection – and nefarious ends

We all know how powerful machine learning and AI are proving for the cybersecurity industry, with more and more security tools and applications leveraging them in order to flag unusual network traffic or user behavior logs. Unfortunately, cyber-criminals have exactly the same tools at their fingertips.

Just as machine learning is being harnessed in exciting ways by security professionals, it is also offering criminals rather more devious possibilities. It will be used more and more frequently when generating malicious content attempting to bypass the already-prevalent machine learning-powered filters. We are truly in a machine learning arms race – and unfortunately there are still too many incidences where the so-called AI powering an apparent clever security tool is in fact just a series of nested ‘if’ statements. Security professionals need to take AI seriously and harness it properly – just as criminals are.

 

Read Blog 2 here – Learn about the 3 near-timeless classics that will most likely effect SME’s AND enterprises in 2020. 

 

Press

SC Magazine

 

About Elliott

Elliott Thompson OSCP, CTL/CCT-APP, one of SureCloud’s senior security consultants, delivers on a variety of large and unusual pen-testing engagements. Elliott engages targets throughout Europe, Asia, and the Middle East through infrastructure testing and reverse engineering to physical, social engineering and red teaming. Elliott has also appeared on the BBC as a cybersecurity expert, is a CVE identifier, CHECK Team Leader and CREST Registered Tester.

 

About SureCloud

SureCloud is a provider of Gartner recognised GRC software and Cyber & Risk Advisory services. Whether buying products or services your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling a seamless integration of information, taking your risk programmes to the next level.