Growth Drivers | October 30, 2024

Five security trends shaping the future

 

Cybersecurity Awareness Month is a great opportunity for public and private organisations to take stock of their cybersecurity goals, measure their progress and be prepared for what lies ahead. To that end, below are five emerging trends that are transforming how we drive our security programs to defend against cyber threats:


 

1. AI is a key player in the fight against cybercrime

 

AI offers significant benefits due to its ability to process vast amounts of data, identify patterns and detect signs of an attempted attack. It’s also a useful tool for detecting malicious activity in a system or network, and spotting anomalies or suspicious behaviors.

In addition, AI automates many manual and laborious cybersecurity tasks, freeing up time and resources for cybersecurity teams to focus on other key aspects of their work.

But while the cybersecurity industry is focused on how to use AI to stop bad actors, cybercriminals often use AI itself to increase the speed, scale and intensity of their attacks.

For example, phishing emails have evolved from simple deceptive emails to ones that have become more advanced, harder to spot and significantly more dangerous. Attackers are also successful at using deepfakes—a form of AI that can be used to create convincing hoax images, sounds and videos—to perpetrate fraud or manipulate an audience into action.

And AI's adaptive nature is one of its most potent features in social engineering attacks, which manipulate people into giving away sensitive information or compromising security.

By using AI in these attacks, cybercriminals can appear more credible and trustworthy, leading more victims to fall for fraud attempts or manipulation, which could lead to system compromise.



As AI technology has expanded rapidly over the past several years, it has found a growing place in cybersecurity. For example, our security experts at DXC help customers create automated AI-based security controls and response mechanisms to react faster and more accurately to cyberattacks, reducing possible downtime and protecting personal and business-critical data. 



2. Cyber, cyber everywhere

 

We’re more connected to our phones, apps, social channels, text message services and other things now more than ever, which can have devastating consequences for organisations and individuals if proper cyber awareness isn’t applied.

And the uptick in cybersecurity incidents has coincided with the shift to remote working, as criminals seek to take advantage of the increased attack surface available to target. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.

We use our phones and the apps in them for almost anything: from getting live updates and texts from friends on social media to posting job updates on LinkedIn to engaging with gaming apps. This has increased the opportunities for attackers to gain your attention and potentially target you or your family members for online fraud or abuse.

For example, a single click on a seemingly harmless link in WhatsApp can open the door to cyber threats and can compromise your personal information and potentially put your organisation’s data at risk. And by oversharing sensitive information about your life events or job on social channels, you can put yourself and your employer at risk.

For years we have looked to control Shadow IT devices and systems in the workplace that are connected to networks without permission, which can lead to security vulnerabilities, compliance issues and an increase in the risk of data breaches. Now, we are faced with Shadow AI (the use of AI systems and tools within an organisation without formal approval or oversight), which is a growing problem and has real consequences around the confidentiality of our data, and we must implement capabilities to continuously detect and control possible cyberattacks.



Unauthorised access to security controls as part of a zero-trust strategy (a cybersecurity model requiring users to be authorized at every level of network access) could prevent sensitive resource compromise in the workplace, even if a specific device is breached.

Remember, zero trust is not a discrete solution but rather a strategy driver and mindset backed by technology. And DXC experts can help guide customers on their zero-trust journey.



3. Attacks can target critical infrastructure–and our homes

 

When the lights go out or the gas is cut, most people are unlikely to think it’s the result of an industrial cybersecurity breach. But operational technology is an emerging battleground for cyberattacks, with the systems that control and automate factories and critical civil infrastructure (including power stations, water-treatment plants and dams) becoming a target.

With threat actors hell-bent on doing damage to our society, we have to be ready to respond to these kinds of incidents and recover from it as effectively as possible while minimising loss.

And with ongoing geopolitical tensions, the OT cyber threat could continue to grow, putting pressure on industries to ensure they stay one step ahead by baking in cybersecurity protection across their operations.



DXC threat intelligence is gathered from our global cyber intelligence services, partners and government agencies. Based on our broad IT security services portfolio we can also help enable intelligent security across OT providing consulting, planning, design, testing, implementation, operation, transition, transformation and other required services.



4. Global events can increase the threat level

 

In times of crisis, an upsurge in cyber-attacks is usual. Threat actors are often hard at work taking advantage of vulnerable individuals, systems and government resources for financial, political or other gain.

As a result, many companies’ data, potential access information, client information, source code and other critically sensitive data could end up in the hands of criminals or state-sponsored adversaries wanting to do harm.

Such attacks can have profound implications for critical infrastructure and industrial sectors around the world. For example, instead of targeting end-users directly, attackers now compromise the supply chain itself, becoming a primary vector for large-scale data breaches and cyber incidents. These supply chain effects have a profound effect on our modern technology landscape that relies on a shared responsibility model.



Being laser focused on third-party risk management and who you’re doing business with is critical. For example, our team of DXC security experts manage security risks associated with all third parties, including clients, vendor/suppliers, partners and others.  



5. AI is a force multiplier

 

As organisations confront the complexities of escalating cyber threats, they need people with the right skills to protect their data and systems.  

We hear a lot about how the global cybersecurity skills gap is widening, leaving many organisations vulnerable to increasing cyber threats. And the lack of qualified professionals is largely due to how quickly the cybersecurity industry and cyber threats have evolved. Almost overnight, companies have realised that they need a dedicated cybersecurity professional—or an entire team—on staff.

One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training. This can include candidates who might not have the specialised skills required, but come with analytical potential, problem-solving skills and technical promise. And by providing proper training to existing employees, organisations can empower them with career mobility and to become the first line of defence against potential threats.

In addition, AI and machine learning can work as a force multiplier for smaller security teams, which gives organisations a better chance against the newest strains of malware.

This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts, identity management professionals and incident responders who need to sort through an increasing amount of information to do their jobs. And with the help of AI to automate analyst functions at machine speed, security teams can focus their attention on higher-value tasks.



DXC continues to think outside of the box to expand the talent pool. For example, the DXC Dandelion Program helps individuals with autism, ADHD, dyslexia and other neurological conditions build careers in IT, including cybersecurity. We also participate in women in STEM programs that are focused on recruiting and retaining the most diverse, competent and prepared workforce around cybersecurity and other technologies.






 

The big picture

As one of the leading providers of cybersecurity solutions globally, DXC Technology is uniquely positioned to see how our threat landscape is evolving and drive opportunities to tackle them.

Our more than 3,500 security experts are dedicated to keeping customer data secure — every hour, every day. We take pride in securing the critical systems that organisations in different industries rely on, ensuring tailored security solutions to meet their unique needs. 




Author

Michael Baker is Vice President and IT Chief Information Security Officer for DXC Technology. He is responsible for executing DXC’s cyber program to protect the IT services and data used by DXC employees globally. Connect with him on LinkedIn.