Fabio Fratucello, Field CTO, International, CrowdStrike discusses the direction cloud security is headed in, and how best an organization can secure its cloud environments.
Enterprise Times: CrowdStrike 2024 Global Threat Report suggests that the number of cloud exploitations is increasing and the speed of cyberattacks continues to accelerate at an alarming rate, so what does that mean for Indian organizations? Which direction is cloud security headed in, and how best can an organization secure its cloud environments?
Fabio Fratucello: The CrowdStrike’s 2024 Global Threat Report reveals a significant rise in cloud conscious intrusions, increasing by 75%. This alarming trend underscores the growing threats faced by businesses, as adversaries increasingly target cloud environments amid widespread adoption.
Cloud security is facing escalating risks as threat actors, particularly eCrime groups like SCATTERED SPIDER, refine their strategies to bypass security controls and move laterally between cloud and on-premises systems. A significant concern highlighted is the utilization of stolen credentials and legitimate tools to initiate unauthorized access to cloud environments, blurring the line between malicious and legitimate user activities.
Nation-state actors like FANCY BEAR and COZY BEAR have been actively conducting credential harvesting campaigns, targeting services like Microsoft 365, Exchange, and others. These adversaries are leveraging various techniques, such as exploiting vulnerabilities, phishing, and social engineering, to obtain valid credentials.
To effectively manage and mitigate these cloud intrusions, Indian organizations must prioritize a cloud-native application protection platform (CNAPP) for comprehensive visibility and efficient monitoring, detection, and response to security risks. Additionally, gaining visibility across the on-prem and cloud environments by consolidating capabilities into a unified platform enables organizations to improve operational effectiveness, better discern malicious activity and ultimately provides organizations with an edge against the adversaries to stop the breach.
Ultimately to successfully secure cloud environments organizations need to adopt comprehensive cloud security solutions that provide the ability to secure identity and entitlements, protect run-time and the cloud control plane and provide controls that can be integrated with modern DevSecOps practices.
Enterprise Times: How does CrowdStrike identify insider threats that leverage known vulnerabilities?
Fabio Fratucello: As insider threats continue to rise, it’s crucial for organizations to implement proactive strategies to manage and mitigate these risks effectively. Analyzing incidents between January 2021 and April 2023, CrowdStrike observed that more than half (55%) of insider threats involved insiders escalating their privileges on their computers or the network with the remaining 45% downloading exploits or penetration testing tools like Metasploit to be used as offensive security capabilities
CrowdStrike employs multiple methods to detect such threats, including monitoring and analyzing suspicious processes, exploitation and post-exploitation behaviors and user behaviors to name a few. Additionally, by prioritizing awareness and compliance training, enforcing the principle of least privilege, and having robust controls protecting endpoints, identity and data, organizations can strengthen their cybersecurity posture and mitigate the risks posed by insider threats. As organizations navigate the evolving threat landscape, CrowdStrike’s Falcon Complete managed detection and response offering stands ready to detect and contain insider threat activities, safeguarding against both internal and external cyber threats leveraging known vulnerabilities.
Enterprise Times: Data privacy and security seem to be a leading concern surrounding Generative AI. How would you describe AI Blind Spots, and how risky are they? What are the dangers that AI represents in terms of cybersecurity?
Fabio Fratucello: As generative AI continues to advance, data privacy and security emerge as paramount concerns. One significant risk associated with generative AI is the potential for “AI blind spots” or AI hallucinations, where AI systems produce inaccurate, implausible, or irrational responses. In cybersecurity, these blind spots can lead to severe consequences such as missed threats, weakened risk posture, or disrupted operations. To safely leverage generative AI in cybersecurity, solutions must incorporate robust safeguards around accuracy, privacy, security controls, and transparent auditing of the AI’s information sources and reasoning process. Mitigations like limited training data scopes, differential privacy, and human-in-the-loop oversight are crucial to address these risks effectively. Moreover, privacy concerns arise as organizations must ensure that generative AI solutions do not share sensitive data through third-party services that could abuse it.
Additionally, generative AI presents dangers in enabling more sophisticated and scalable cyber-attacks. Adversaries can leverage it for highly convincing social engineering campaigns, generating malicious code, or perpetrating data poisoning attacks to corrupt AI models. Prompt injection attacks pose another risk, potentially causing AI assistants to take unintended actions or reveal sensitive information. Furthermore, the risks of malicious use of generative AI, such as creating deepfakes for misinformation campaigns or impersonating trusted figures in sophisticated attacks, highlight the importance of adjusting threat modeling and security awareness initiatives to combat evolving threats.
By prioritizing cybersecurity best practices and fostering responsible innovation, organizations can harness the potential of generative AI while effectively mitigating its associated risks in the ever-evolving cybersecurity landscape. *
