Cybersecurity and the changing threat landscape present new challenges for organizations: For example, the use of artificial intelligence (AI) is making cyber attacks – such as phishing emails – harder to detect. Frank Jonas, Head of Enterprise Sales Germany at Kaspersky, shares the latest trends in the threat market.
United Innovations: Frank, what are the biggest challenges in the current threat landscape?
Frank Jonas: «Analyses from the Kaspersky Security Bulletin (1) show that cybercrime is increasingly becoming a business model. Cybercriminals are optimizing their business in much the same way as legitimate companies (2). They are expanding their operations and outsource certain activities. Malware-as-a-Service (MaaS) is booming. This makes it relatively easy for less sophisticated cybercriminals to launch cyber attacks by renting the appropriate malware tools. At the same time, attack methods are becoming more complex.»
Do organizations know how important it is to stay on top of current threats?
«According to a Kaspersky study, the C-suite recognizes that cyber attacks pose the greatest threat to businesses. However, technical jargon and complicated industry terms often scare off senior executives. 38% of enterprise C-suite decision makers find even basic cybersecurity terms like malware, phishing, and ransomware confusing (3). In addition to this knowledge gap, the current shortage of IT security professionals (4), budget constraints, and untrained staff are worsening the risk (5).»
What do companies need to consider in their cyber protection efforts?
«The current threat landscape and new regulatory requirements, such as NIS 2 (6), are forcing companies to address all levels of cybersecurity: technology, processes and people. In addition to technical protection tools such as powerful anti-malware or rollback of malicious actions, companies need efficient IT security processes. They also need to make their team aware of cybersecurity. According to the latest Kaspersky Managed Detection and Response (MDR) Report, 25 percent of serious security incidents are caused by human actions (7).»
What specific measures should companies take in this context?
«In terms of business processes, companies should think about having a crisis plan for cyber incidents – an incident response plan. This will help organizations prepare to respond quickly in the event of a cyber attack. My colleagues like to quote John F. Kennedy, who said in 1962: “The best time to repair the roof is when the sun is shining.” Companies should also implement policies for strong passwords and regular software patches.
In addition, cyber hygiene is becoming increasingly important; companies need to prepare their teams for current attack scenarios through security awareness trainings, regardless of position or department. And let’s not forget the C-suite: they also need support with understanding cyber threats and with taking the right decisions when planning budgets or in the event of an attack. Training and policy enforcement should be high on the agenda.»
Where do companies stand in terms of protec-tion?
«Unfortunately, there is still a lot of room for improvement. A recent survey conducted by Kaspersky among IT decision makers in Germany shows that the actual level of cybersecurity implemented is rather sobering. Even the most basic security measures are lacking: Only 65% have a password policy that is monitored; just over half, 58%, create regular backups; and only 15% conduct attack simulations. Moreover, only 21% have an incident response plan in place (8).»
Can the internal IT handle all of this?
«In times of staff shortages – which, in addition to budget constraints, affect mid-sized companies in particular – companies usually need support. Today, organizations of all sizes are increasingly turning to external expertise to cover all facets of cybersecurity. A reliable cybersecurity partner offers its customers state-of-the-art cyber protection technology, services and awareness training as a complete package. At Kaspersky, we call this All-in-one cyber protection (9).»
What other trends are you seeing in the current threat landscape?
«Kaspersky operates in more than 200 countries and territories, gathering real-time intelligence from around the world. Our elite group of international experts – Kaspersky’s Global Research and Analysis Team (GReAT) – is recognized worldwide. This enables us to give companies a 360-degree view of the current threat landscape. Based on our Threat Intelligence (TI) they can prepare for new risks and proactively protect their systems against upcoming attacks (10).
One key observation is that operational technolo-gy is a growing target for cybercriminals (11). As a result, we strongly recommend that industrial companies deploy a dedicated industrial cyber-security solution and ICS Threat Intelligence re-porting (12).
Another trend is the increase in mobile threats. Our researchers have seen a significant increase in attacks on mobile devices worldwide in 2023, to approximately 33.8 million. That’s nearly 52% more than previous year. Therefore, it is critical to remain vigilant and implement robust security measures on mobile devices to adequately pro-tect against the ever-evolving cyber threats (13).»
How do you perceive the role of artificial intelli-gence in terms of cybersecurity?
«Artificial intelligence in cybersecurity is a double-edged sword. AI and machine learning (ML) can improve tasks such as malware detection and phishing prevention. Kaspersky has been using AI and ML to solve specific problems for nearly two decades already. However, the same dynamic also poses risks as cybercriminals use it for more sophisticated attacks (14).
On top of that: The current AI hype gives rise to an additional kind of risk. Our Digital Footprint Intelligence Service has discovered thousands of stolen credentials for popular AI tools like Chat-GPT, Grammarly, and Canva on the darknet (15). The compromised credentials come from in-fostealers, a specific type of malware that steals user credentials. Effective enterprise security so-lutions that monitor compromised accounts on the darknet and notify organizations when users of their online services have been compromised are becoming increasingly important (16).»
Frank Jonas
Head of Enterprise Sales
Germany
Kaspersky