Where did cyber defenders go wrong in 2023? What can they do right this year? Will GenAI reset their hard-earned progress?

Given how eventful the year 2023 was in terms of sophisticated cyberattacks, fraud and scams, readers must be anxious about what cyber threat actors have planned for 2024.

What can APAC enterprises and governments do in the year ahead to mitigate the expanded threats?

Will the continuing democratization of generative AI and the fast exploitation by state-sponsored threat actors make 2024 an even more eventful year of cyber threats?

CybersecAsia.net interviewed Philip Lee, Head, Orange CyberDefense (APAC), to address some burning questions that linger in everyone’s mind…

CybersecAsia: Given the widespread reports of increases in cyber threats by many other cybersecurity and intelligence firms, what can APAC enterprises and governments do in the year ahead to mitigate the expanded threats?

Philip Lee (PL): A core strategy for enterprises and governments to mitigate such threats is to firstly develop capabilities in threat intelligence so that enterprises and governments in the region can detect, investigate, and respond to emerging cyber threats more effectively. 

For instance, the use of AI-driven cyber threat intelligence data platforms can help these organizations to pinpoint Indicators of Compromise within the emerging global threat landscape. Sources of threat intelligence include:

    • internet backbone services
    • closed and open-source threat intelligence feeds
    • intelligence platform customers and partners including Europol, the European Union’s law enforcement agency, and other Computer Emergency Response Teams (CERTs)
    • the entire global threat landscape including malware, phishing, ransomware, and Advanced Persistent Threats.
    • the Application Programming Interfaces (APIs) developer community
    • Security Information and Event Management; Security Orchestration, Automation and Response; and Endpoint Detection and Response communities.

Such global networks provide organizations with invaluable intelligence to act on, while also saving time and money that would otherwise be wasted in sifting through gargantuan amounts of data in-house while sieving out false positives. 

Threat intelligence is also central to vulnerability management, an effort that leverages on services and tools that report on newly identified vulnerabilities, regular vulnerability scans on networks, systems and applications, and punctual identification of other vulnerabilities in the IT system. 

By keeping up to date with the latest vulnerabilities, enterprises and governments can ensure visibility and focus on proactive defense by effectively remediate gaps in their security before bad actors can exploit them. 

CybersecAsia: Can you share your perspectives around the democratization of generative AI and the fast exploitation by state-sponsored threat actors that will likely make 2024 an even more eventful year of cyber threats?

PL: Phishing attacks will become increasingly complex to identify by its form or content. 

Generative AI (GenAI) enables attackers to write content in each victim’s language, without syntax or grammatical errors and, above all, by adapting to their behavioral patterns. This year, the increased sophistication will continue to expand to vishing (phishing carried out by telephone or voice message), which is even more complex to combat.

We are already seeing the impact of GenAI abuse, in the increase in ransomware in certain geographic areas. In the past, most of the targeted countries were English-speaking. Soon, an even wider variety of countries will be included in the threat actors’ targets due to language barriers being taken down by GenAI’s real-time, high-quality machine translation capabilities, as well as automation of the early phases of ransom payment negotiations.

However, there should not be panic over the malicious possibilities of GenAI: they exist, but we are not defenseless. We must always consider possible mitigations and look at the potential upsides of AI from a cybersecurity perspective. 

As with most enabling technologies, GenAI has the potential to be either a weapon or a tool. For every attacker that chooses to use it irresponsibly, there are an equal — or even greater — number of engineers creating powerful cybersecurity tools that could be used to deter threats.

CybersecAsia: While all operational technology industries and strategic sectors will be affected, why was the manufacturing sector so vulnerable in 2023? What can the sector do to mitigate the potentially higher risks in 2024?

PL: The vulnerability of the manufacturing industry has been glaring lately, especially with the sector recording a 42% increase in victims throughout 2023, as compared to 2022 based on our own findings. Approximately 28% all our clients are from the manufacturing sector and, to put things into perspective, they contributed to 31% of all potential incidents.

Our experience working with our clients in the manufacturing industry has helped us recognize:

    • many industrial systems are legacy technologies that were not designed with security in mind
    • retrofitting security measures into these systems can be difficult
    • the gap between IT and Operational Technology (OT) teams will therefore need to be bridged
    • to do so, manufacturing firms will need to evaluate their security posture with full transparency and understand and define the operational risks at stake
    • one of the most basic security issues found when tracing back successful breaches is, once attackers had compromised an entry point, they could move fairly easy within the network. So, while the outside perimeter proved to be resilient, there was virtually no control that could restrict on what is known as “lateral movement” within the victims’ network.
    • a possible solution is for manufacturing firms to extend their security programs through the separation and secure management of IT and OT networks. This approach helps enhance cybersecurity by minimizing the potential for cyber threats that could impact critical operational systems.

IT/OT segmentation services are crucial for organizations with both IT and OT systems, especially in industries where operational continuity and reliability are paramount. These services aim to strike a balance between maintaining operational efficiency and bolstering cybersecurity defenses. 

CybersecAsia: Further to a previous interview with your organization, how in your opinion should cyber defense pros caught in a high-level game of wits between shadow governments update their defense posture strategies especially in 2024 — the year of the always-eventful US presidential election and other potent geopolitical flashpoint events?

PL: The dynamics of current geopolitical crises have amplified the effects of globalization on cyber security. The lasting state of war around the world remind us that security remains and will increasingly be at the heart of human and technological development strategies for organizations, governments, and society at large.

Disruptions that combine geopolitical, economic, and social dimensions are intensified by the accelerated digitalization in our lives and work. Our environment has become more unstable and less predictable. Cyber threat actors leverage this environment to seize and develop all attack opportunities for espionage, influence, or extortion.

As such, engaging in a high-stakes game of wits between cyber defence professionals and shadow governments, especially during sensitive events like a presidential election and geopolitical flashpoints, requires a dynamic and strategic approach. 

Governments and organizations need to continually measure the extent to which vulnerabilities pose a risk from moderate to major on their critical activities, their reputation, their people, and their customer data. The better these organizations can anticipate and detect threats, the higher the chance of avoiding or attenuating cyber crises via timely reaction and incident response. 

From 2024 and beyond, organizations need to step up on their capabilities to identify, prioritize and appropriately patch vulnerabilities on an ongoing basis, since many still fall short in this portfolio despite their increased awareness in cybersecurity.

CybersecAsia thanks Philip Lee for sharing his professional cyber insights with readers.