Most businesses are well aware of the risks of cyber threats. However, they still often struggle to connect security risks, business goals, and strategies to effectively manage this risk. This whitepaper from the SANS Institute delves into emerging threats and details expert advice on how to address them. Some key findings from their research include:
Supply Chain Weaknesses
The Identity Theft Resource Center noted that 40% of breaches in 2022 were via supply chain partners. As an enterprise raises its level of security maturity, its supply chain partners often become the weakest point in its defense. These aren’t the only third-party sources of security failures. We’ve also seen malicious actors focusing on service providers as a means of compromising multiple targets simultaneously.
SEO Attacks and Malvertising
Because search engines are so widely used, user connections to and results returned from search engines are almost always allowed through web proxies. Legitimate businesses spend a lot of money on SEO to try to guarantee their content will appear at the top of search results. Bad actors are using the same SEO keywords and techniques that advertisers use to drive traffic to their malicious sites, as well as buying ads from search engine providers to try to get their content placed at the top of search results.
Generative AI as a social engineering tool presents a serious insider-impersonation risk. It’s being used by malicious attackers to impersonate people with ever more detailed and targeted phishing emails, and even realistic voice and video messages. AI is also being used to write code for malware and exploit development, lowering the bar to entry for less knowledgeable attackers.
To read about each of these areas in more detail and get best practices for improving defenses, get your free copy of the report.