EXECUTIVE SUMMARY:

What is the word ‘agile’ spelled backwards? CISO. (Just kidding, but it should be)

As we enter July of 2024, contending with the current cyber security landscape demands unprecedented levels of vigilance and strategic agility. This month brings a convergence of developments and challenges with far-reaching implications.

From a high-impact vulnerability in ubiquitous software, to the insidious spread of shadow IT, this article highlights five current cyber security trends that professionals should be attuned to, as to then recalibrate risk management approaches accordingly.

Protect your organization from the latest threats while driving innovation and implementing proactive cyber security mitigation measures.

5 CISO trends, July 2024

1. A critical Outlook vulnerability. Cyber security researchers have discovered a zero-click remote code execution vulnerability that, if exploited, could result in unauthorized access and data breaches.

Now patched by Microsoft, the vulnerability was perceived as “critical” by some researchers, and Microsoft rated it as “important.”

Immediate exploitation of the vulnerability isn’t terribly likely, but it remains a possibility, especially if this vulnerability is combined with another one.

Make sure that you organization updates all Microsoft Outlook and Office applications with the latest patches.

2. Google passkey support for executives. As part of its Advanced Protection Program (APP), Google is adding passkey support, which will better protect higher profile individuals from cyber threats.

Advanced Protection Program users typically have public-facing positions (CEOs, COOs, CTOs) or engage in controversial work (lawyers, journalists, human rights advocates).

“Security keys are super-duper strong. They are an un-phishable factor,” said Google’s APP project manager, Shuvo Chatterjee.

Organizations may wish to ensure that higher profile stakeholders leverage passkey support.

3. The rise of ‘Shadow SaaS’. In a survey of over 250 global cyber security professionals, nearly 75% admitted to the use of SaaS applications that the IT team had not specifically approved of.

Security professionals took this risk despite knowing the risk – 65% knew of the possibility of data loss, 62% noted lack of visibility and control, and 52% identified data breaches as an inherent risk accompanying the use of unauthorized tools.

Ten percent of cyber security professionals expressed certainty around having experienced an organizational data breach (or data loss) due to the use of shadow SaaS.

There is a clear gap between use of unauthorized tools and risk mitigation capabilities. Ensure that your organization closes this gap.

4. The impossibility of emails. After the emergence of ChatGPT, on a regular basis, phishing emails started to look nearly identical to typical email correspondences. The traditional red flags started to disappear. At this point, that’s old news.

What’s new is that as organizations have continued to send out emails, as organizations are wont to do, recipients have started to question the validity of the emails, as they arguably look like potential phishing emails.

At the end of the day, the issue here is that organizations need email security that both keeps phishing emails out and that users trust to keep their inboxes safe.

5. Fake network traffic. Last year, 18% of all network traffic was either automated or “invalid.” In other words, fraudsters used bots to commit fraud and compromise the security and integrity of websites, among other things.

Artificial intelligence has contributed to the proliferation and persistence of fake network traffic. In effect, AI has enabled bots to closely mimic human behavior, rendering traditional detection methods less effective.

In some cases, these bots aren’t actually harmful, but their presence means that CISOs and security teams have to deal with them – presenting a distraction from more significant cyber security tasks. The sooner that security leaders proactively address this issue, the sooner that everyone can get back to the more important stuff.

Further information

As your organization works to elevate its cyber security posture, turn towards cyber security tools that are AI-powered and cloud-delivered, enabling you to stay ahead of the latest threats.

For more insights like these, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.