Navigating Cybersecurity Challenges with Dr Kiri Addison

Cybersecurity teams continue to confront increasingly sophisticated attacks and data breaches.

Emerging threats to businesses include Quishing (QR code phishing) and the growing use of deepfake technology to mislead the public. As a result, organisations are having to work harder to confront these challenges by finding new and innovative ways to thwart bad actors. 

Part of the solution, says Dr Kiri Addison, is training and education.

Cyber Magazine speaks with Dr Kiri Addison, Senior Manager of Product Management at Mimecast, about how businesses can stay ahead of looming cyberattacks by adopting a risk-based approach to cybersecurity. Throughout her career, Kiri has been responsible for creating systems to detect and prevent cyberattacks and fraud and has expert insight into phishing attack tactics.

She has also been shortlisted for the Women of Influence Award at the 2024 SC Europe Awards.

Given your expertise in detecting and preventing cyberattacks, what new trends and tactics should organisations be aware of?

It is important for organisations to be vigilant regarding the emerging trend of QR Phishing or “Quishing” attacks. Cybercriminals are now using QR codes in emails or email attachments instead of regular links. These QR codes often redirect victims to fake login pages designed to steal their login credentials. 

This technique increases the success rate of attacks for two primary reasons: Firstly, some email security solutions cannot detect QR codes consistently, which leaves organisations vulnerable. 

Secondly, victims usually scan QR codes with their personal devices, which are generally less secure than their primary work devices. This is a smart strategy for attackers to exploit the organisation's digital infrastructure through the back door.

Detecting traditional phishing attacks is challenging, and with the incorporation of AI, the landscape becomes even more complex. What are the key challenges faced by cybersecurity professionals?

Organisations face several challenges in keeping up with cyber-attacks. Attackers are leveraging AI to automate the development and delivery of attacks, making it increasingly difficult to defend against them. 

Moreover, services available on the dark web streamline the attack process by providing ready-made tools like phishing templates and email delivery services. This allows attackers to focus on specific stages of the attack, enhancing their efficiency rather than focusing on all sections such as a phishing template, email delivery services, credentials for sales etc. 

Furthermore, cyber criminals are adopting a service model akin to software development companies, continuously improving their tactics to assist their customers in launching more successful attacks. To combat these evolving threats, organisations must ensure that their awareness training remains current and relevant. 

Employees need to be equipped with the latest knowledge and techniques to recognise and respond to emerging threats effectively.

Additionally, organisations must strike a delicate balance between the accuracy of threat detection and the challenge of distinguishing malicious emails from legitimate business correspondence. Attackers often leverage compromised accounts of known senders, making detection even more challenging. Implementing advanced detection mechanisms while minimising false positives is crucial in this scenario. 

How should cybersecurity teams adapt strategies and technologies to stay ahead of both evolving phishing tactics and the increasing use of AI in impersonation attacks? Are there specific defence tools that you recommend?

As the threat landscape becomes increasingly sophisticated in the face of AI threats, one crucial approach that cybersecurity teams can undertake to enhance their security measures is to integrate AI into their defence systems. 

Mimecast Threat Intelligence Q3 report found that impersonation attacks are on the rise with attacks focusing on SMBs, rather than using malicious URLs or attachments, an impersonation attack uses social engineering and personalisation to trick an employee into unwittingly transferring money to a fraudulent account or sharing sensitive data with cyber criminals. It is thus essential that organisations adopt a multi-layered approach to email security. 

Organisations should have processes such as email authentication, domain-based message authentication, reporting, and conformance (DMARC), and real-time scanning for suspicious URLs for high-value requests. 

Additionally, regular awareness training is essential to empower employees to recognise and respond to evolving phishing techniques. Training sessions should include real-life examples of current phishing emails and tactics, ensuring that employees are equipped to identify suspicious QR codes as well as AI-generated phishing emails. 

It's imperative to shift focus from merely being cautious of links to understanding the risks associated with various forms of digital communication. 

How can an organisation move from reactive patchwork cyber spending to a more strategic and effective approach?

To transition from reactive, patchwork cybersecurity spending to a more strategic and effective approach, businesses should first ensure they have an allocated budget for cybersecurity that is plentiful. They should then apply a risk-based approach which involves understanding key assets and factors that make them a target, alongside awareness of the current threat landscape and emerging trends. 

By comprehensively assessing weaknesses in relation to current and future threats, an organisation can prioritise mitigations based on the risks.   

Once the risks have been identified organisations should establish a clear and comprehensive cybersecurity strategy that aligns with the organisation's overall goals and objectives. This strategy should outline proactive measures for prevention, detection, response, and recovery from cyber threats. 

Having this measure can help save an organisation’s critical digital infrastructure and provide a smoother road to recovery. 

Alongside this, proactive measures should also be undertaken such as completing regular security assessments, threat intelligence and having consistent monitoring. This can help identify and mitigate risks before they are exploited.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand