In this SJUK exclusive, Digital Content Editor, Eve Goode speaks with Michael Downs, VP of Global Sales, SecurEnvoy about cybersecurity and how the landscape continues to change as threats grow more sophisticated.
Recently, Anthropic released a report that reveals nation-state actors are using Claude AI to perform much of the heavy lifting involved in cyber-attacks.
Right now, there is a general fascination with AI, both its positives and its negatives.
From a security point of view however, it’s best not to get distracted by the latest “AI-powered threats” and instead focus on getting the basics right.
80% of data breaches occur due to leaked credential so that needs to be the first line of defense.
Organisations such as NIST and the NCSC make things very clear by recommending the implementation of Multi-Factor Authentication (MFA).
AI-driven attacks will become more prevalent, but the organisations least affected will be the ones that consistently follow basic security practices. A notable example is the in 2021 US Colonial Pipeline attack.
The Colonial Pipeline, which stretches from Texas to New York, supplies around 10,000 petrol stations and covers the entire Southeast of the US, spanning approximately 5,500 miles.
In the incident, a ransomware attack succeeded because a VPN connection was still active and protected only by a password.
Once that password was compromised, the entire system was disrupted, causing fuel supply outages and a spike in oil and petrol prices.
As a result of the significant impact of this ransomware attack, former President Biden and federal agencies mandated the use of MFA.
MFA is simple and easy to deploy but highly effective in preventing these types of attacks.
As AI becomes further embedded in technology, I believe MFA will increasingly be associated with AI-related risks, but businesses should keep their approach straightforward.
The first step is to implement what is known as privileged access and support it with secure authentication.
This enables organisations to monitor and control individual access, granting or removing it as needed.
Once someone has access, it must be secured with something stronger than a password.
This is where MFA comes in.
GSMA, the global federation for mobile operators, recommends in its security guidance that organisations use MFA to control access to their networks.
Ultimately, it is not only the assets that need protecting. It is also the networks themselves, where privileged access is required.
MFA bombing, MFA fatigue and MFA attacks all target the human element. These attacks do not compromise MFA technology directly. Instead, they overwhelm users with repeated authentication prompts.
As users become fatigued and simply want to stop the constant notifications, they may approve a request, giving the attacker access.
Several measures should now be put in place. Security agencies such as CISA and FBI in the US and the NCSC in UK, as well as Canadian and Australian agencies, have issued guidance stating that organisations should adopt a stronger form of MFA, specifically anti-phishing MFA using FIDO or FIDO2 standards.
government agencies are telling businesses to implement these protections due to the increasing volume attacks from groups such as Scattered Spider.
At SecurEnvoy, we go further, by implementing features such as anomaly detection.
Anomaly detection enables us to identify unusual login behaviour, for example, attempts made at unusual times, from unfamiliar locations or outside a user’s normal pattern. This adds an extra layer of security.
We also use what is known as impossible travel. For example, if you log in from London at 9:00 am and then a login attempt appears from Canada at 9:10 am, we know the travel is impossible and we block access.
These additional layers help support the human element. Other features include help desk validation, where an attempted login can trigger a verification process.
If the help desk suspects an attack, they can send a code to the user’s phone for confirmation.
In my view, organisations need to build on their MFA deployment. If they are not already using MFA and the tools surrounding it, they need to start now.
The simple answer is that organisations must know where their data is at all times. Ideally, the network should always be able to access and locate it.
In reality, this is becoming increasingly difficult.
My recommendation is that organisations ensure they have the capability to locate and retrieve data whenever required and that they continuously monitor their information to ensure it is not stored where it should not be.
This supports compliance requirements such as GDPR.
Regulatory compliance is just as important as legal compliance. By using tools that identify where data is stored, organisations can both manage and access their data effectively.
We have spent a lot of time ensuring that user experience works on two levels. It must be easy for end users to follow and it must not be time-consuming.
The two key questions are:
Organisations must be able to deploy MFA effectively and at scale.
66% of consumers say they trust a company more if it requires them to use MFA
By making authentication user friendly, organisations not only improve security but also build trust and confidence, encouraging customers to choose their service over others.
We will see numerous attacks, each becoming more sophisticated in how they are launched, potentially taking advantage of AI.
I also expect ransomware attacks to increase significantly due to their impact and financial rewards.
The human element will grow increasingly important as both attack methods and defensive technologies become more advanced.
Supporting the human factor will be one of the biggest changes.
Looking further ahead, we will see widespread adoption of post-quantum cryptography, which will have a major long-term impact.
As attacks become more sophisticated, businesses and individuals must ensure they implement the basics and deploy solutions like those of SecurEnvoy to quickly and effectively reduce the majority of potential breaches.
