Fighting ransomware, watching for deepfakes, and implementing network segmentation in complex enterprise environments are top-of-mind issues for today's security practitioners. New approaches are needed, says Cisco exec.
The networks that enable today's hyper-distributed enterprises face persistent and emerging security challenges. One of those challenges is ransomware. While it's not a new problem, "attacks are getting more and more sophisticated," said Neil Anderson, vice president of cloud, infrastructure and AI with technology services provider World Wide Technology. "On any given week, some of our customers are being attacked or have been breached – it's very frustrating that this issue hasn't gone away."
Threat actors engaged in data theft in about 70% of ransomware cases as of late 2022, according to a Palo Alto Unit 42 report. By comparison, the firm saw data theft in only about 40% of cases in a mid-2021 analysis. Extortion tactics include threats to leak stolen data on dark web sites, as well as harassment of individuals in an organization, often in the C-suite, via threats and unwanted communications.
The idea of attackers using AI and deepfakes to trick facial recognition programs and infiltrate systems has also raised enterprise concerns. Multiple published reports, including one from CNN, told of a finance worker at a multinational company who was duped into transferring $25 million to fraudsters who used deepfake technology to pose as the company's chief financial officer in a video conference call.
"So now, one of our hot topics is how to detect such fraud – our AI security team is all over it right now," Anderson said.
Network segmentation can help shore up enterprise security
Customers have to begin with the idea that attackers are already in their networks, said Jeetu Patel, executive vice president and general manager of Cisco security and collaboration, at the recent Cisco Live customer event.
"When attackers are in the system – and many are already infiltrated – the name of the game is preventing and containing lateral movement," Patel said.
"What do we need to do in order to contain lateral movement? We need to take security, melting [it] into the fabric of the network, so that we have distributed enforcement points. Every single place that could be exposed, we need to put a little bit of a mini security stack in there to stop the spread," Patel said.
But that's not a simple task for security practitioners.