Roland Daccache, Senior Manager for Sales Engineering at CrowdStrike MEA discusses the key elements of their latest Global Threat Report, including cloud security, the impact of AI on cybersecurity, and AI Blind spots and highlights the security challenges posed by antiquated end-of-life (EOL) products
CrowdStrike 2023 Global Threat Report suggests that the number of cloud exploitations and threat actors are increasing, so what does that mean for regional organizations? Which direction is cloud security headed in, and how best can an organisation secure its cloud?
Adversaries are aggressively targeting cloud infrastructure. The number of observed cloud exploitation cases grew by 95% year-over-year in 2022, and adversaries are using a broad array of tactics, techniques and procedures (TTPs) to compromise business data and applications in the cloud. In fact, there was a 288% increase in threat actors that know how to operate successfully in cloud environments.
The growth of cloud computing, the pace of DevOps, and the increased use of no and low-code development platforms have led to an explosion of applications and microservices running within cloud environments. The speed and dynamic nature of application development makes it impossible for organisations to maintain a full picture of every application, microservice, database, and associated dependencies running in their environments. This creates a massive risk profile that cloud-savvy adversaries continually look to exploit.
For regional organisations, in 2024 and beyond, cloud protection must become of the utmost priority. Organisations need to also realize that they must focus on securing their entire cloud estate – from both an application and infrastructure perspective.
CrowdStrike delivers a fully integrated Cloud-Native Application Protection Platform (CNAPP) solution that unifies cloud workload protection, cloud security posture management, cloud infrastructure entitlement management, threat intelligence and threat hunting in one platform across hybrid and multi-cloud environments.
In September 2023, CrowdStrike acquired Bionic, the pioneer of Application Security Posture Management (ASPM), extending CrowdStrike’s leading CNAPP solution with ASPM to deliver comprehensive risk visibility and protection across the entire cloud estate, from cloud infrastructure to the applications and services running inside of them. As a result, CrowdStrike will be the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform.
Organizations must stay informed about the latest developments in cloud security and continuously adapt their strategies to address emerging threats and challenges.
How is the Middle East cybersecurity market growing?
The region has witnessed rapid digitization and the adoption of emerging technologies, including the implementation of smart cities, IoT initiatives, and advancements in e-commerce. While these technologies bring various benefits, they also introduce new cybersecurity challenges. Adversaries are getting faster, according to CrowdStrike’s 2023 Threat Hunting Report, the average breakout time for interactive eCrime intrusion activity was only 79 minutes. The Middle East’s cybersecurity market is also projected to be worth USD 31 billion (AED 481.1 billion) by 2030 as governments take measures to protect their infrastructure, according to data from Frost & Sullivan.
What are the clear and present dangers that AI represents?
AI, specifically Generative AI, can be easily misused by threat actors for malicious purposes. Although AI, particularly in the field of cybersecurity, can detect anomalies, it can also be used by threat actors to create incredibly realistic spear phishing messages, help lower-skilled adversaries to author malicious code, compress the timeframe that companies must patch vulnerabilities and expedite the creation of new exploits.
At CrowdStrike, we firmly believe that the effective implementation of cybersecurity and AI necessitates tapping into the strengths of human involvement in the process. Humans play a crucial role in providing context to anomalous and unexpected behaviour detected by AI. In the ever-evolving landscape of combating sophisticated adversaries, CrowdStrike emphasizes the significance of a world-class team of human defenders, strategically augmented by AI. This approach aligns with the company’s commitment to addressing the inherent risks of AI, particularly in the realm of cybersecurity. By fostering collaboration between human expertise and generative AI, CrowdStrike aims to stay at the forefront of innovation while maintaining a vigilant stance against potential pitfalls, such as data privacy concerns, biases, and over-reliance on AI capabilities.
How would you describe AI Blind Spots, and how risky are they?
“AI Blind Spots” could be areas or scenarios in which AI fails to understand, predict, or respond to certain inputs or situations. These blind spots can arise due to inadequate training data, biased algorithms, the inability to generalize beyond training conditions, or the inherent complexity of some tasks – and they can pose real risks to organizations.
In 2024, CrowdStrike expects that threat actors will shift their attention to AI systems as the newest threat vector to target organizations, through vulnerabilities in sanctioned AI deployments and blind spots from employees’ unsanctioned use of AI tools.
After a year of explosive growth in AI use cases and adoption, security teams are still in the early stages of understanding the threat models around their AI deployments and tracking unsanctioned AI tools that have been introduced to their environments by employees. These blind spots and new technologies open the door to threat actors eager to infiltrate corporate networks or access sensitive data.
As employees use AI tools without oversight from their security team, companies will be forced to grapple with new data protection risks. Corporate data that is inputted into AI tools is not just at risk of threat actors targeting vulnerabilities in these tools to extract data, the data is also at risk of being leaked or shared with unauthorized parties as part of the system’s training protocol.
To avoid AI Blind Spots organizations will need to look internally to understand where AI has already been introduced into their organizations (through official and unofficial channels), assess their risk posture, and be strategic in creating guidelines to ensure secure and auditable usage that minimizes company risk and spend but maximizes value.
How to counter the security challenges posed by antiquated end-of-life (EOL) products?
It is paramount that the CIO and CISO work closely to counter the security challenges posed by legacy products. They should consolidate IT and security operations to seamlessly keep an up-to-date asset inventory, track impending software obsolescence and targeted systems, as well as update, mitigate or replace technology whenever possible.