In today’s digital age, the threat landscape is constantly evolving, making cybersecurity a paramount concern for organisations worldwide.
How prepared is your organisation to fend off cyberattacks orchestrated by some of the most sophisticated digital adversaries?
The Dublin Tech Summit offered a prime platform for delving into this topic. During the panel discussion titled “How to Pull Off a Successful Cyberattack,” cybersecurity experts were brought together to dissect the tactics of cyber adversaries and outline robust defence strategies.
Moderated by investigative journalist Geoff White, the panel included Seamus Lennon, VP of Operations EMEA at Threatlocker; Onur Korucu, Managing Partner at GovernID and Global Ambassador at WomenTech; Christopher Fielder, Field CTO at Arctic Wolf; and Dmytro Tereshchenko, Chief Information Security Officer at Sigma Software Group.
Their combined expertise provided a comprehensive look at the current state of cybersecurity and the steps organisations must take to protect themselves.
The panel kicked off with a discussion on target selection and attacker motivations. Christopher Fielder set the scene by explaining, “It’s really about who you are and what your motivation is. For state-sponsored attacks, it’s often about intellectual property and trade secrets, particularly with China’s ‘China first’ policy. For opportunistic attackers, it’s about the easiest targets and biggest payoffs.” This highlights the dual nature of cyber threats, driven by both geopolitical ambitions and financial incentives.
Phishing emerged as a prevalent attack vector. Seamus Lennon elaborated, “Phishing is the most fertile way in. It takes just one successful click out of 10,000 attempts to breach an organisation. With AI, we can do focused phishing attacks that look incredibly genuine, making it much harder for targets to distinguish real messages from malicious ones.” The rise of AI-powered phishing underscores the need for heightened vigilance and advanced detection mechanisms.
Regulatory compliance is often seen as the cornerstone of cybersecurity. However, the panellists stressed that it is merely the starting point. Onur Korucu noted, “Regulations and compliance don’t necessarily make an organisation secure. They are important, but they’re just the beginning. You need to understand your threats and risks. Don’t trust generic compliance measures. Tailor everything to your specific situation.” This sentiment was echoed by Christopher Fielder, who shared, “Compliance is a great start, but it doesn’t mean you’re safe. I’ve seen compliant organisations get breached because they didn’t go further than just ticking the boxes.”
The message was clear: organisations must adopt a more nuanced and proactive approach to cybersecurity, one that goes beyond compliance checklists and addresses the unique challenges and vulnerabilities they face.
Artificial Intelligence (AI) plays a dual role in the realm of cybersecurity, offering both opportunities and challenges. Dmytro Tereshchenko highlighted, “AI can help both attackers and defenders. It provides more information about companies and targets, but manual effort is still needed to tailor the attacks. You need to identify which tools they’re using, look at finance capabilities, and cover non-business hours.”
Onur Korucu expanded on the rapid integration of AI in daily operations, stating, “After AI and generative AI tools like ChatGPT, the landscape has changed. Think about how much people use chatbots in their daily lives. Attackers can use AI to generate genuine-looking phishing emails or even deepfake videos to deceive targets.” The potential for AI to enhance both cyber offence and defence underscores the importance of continuous innovation and adaptation in cybersecurity strategies.
The panellists provided detailed insights into how attackers infiltrate and navigate through networks once initial access is gained. Seamus Lennon described the typical process, “After gaining access to one machine, you can spread through the network by using shared folders and network tools like Nmap. You just need to put a file in a shared folder that looks legitimate. When someone opens it, their machine gets infected too.”
Christopher Fielder highlighted the significant threat posed by malicious insiders, noting, “We’re seeing an uptick in malicious insiders. People who are disgruntled and feel undervalued can easily download the Tor browser, reach out to ransomware providers, and give them access in exchange for a cut of the ransom.” This insight underscores the need for robust internal security measures and a positive organisational culture to mitigate insider threats.
Once inside a network, attackers often seek to monetise their access through various means. Dmytro Tereshchenko suggested targeting cyber insurance policies, “Look for cyber insurance information. Companies with insurance are more likely to pay the ransom because they have the funds allocated for such incidents. You can also search for information about customers, projects, or sensitive information under NDA. Companies are sensitive about such data being leaked.”
Christopher Fielder discussed a troubling trend in ransomware attacks, “80% of ransomware situations involve data exfiltration. Often, attackers will not only encrypt your data but also steal it and demand payment not to release it. Sometimes, they don’t even tell you they’ve stolen it until after you’ve paid to decrypt your files, hitting you with a second ransom demand.” This highlights the multi-faceted nature of modern cyberattacks, where data theft and encryption are used in tandem to maximise financial gain.
The discussion concluded with recommendations for building robust cyber defences. Christopher Fielder emphasised the importance of incident response plans, “If I want to attack your environment, I’ll spend weeks doing recon to understand your weaknesses. The best defence is having a solid incident response plan to mitigate the damage. Have a plan B and ensure your team knows it inside out.”
Onur Korucu highlighted the necessity of a zero-trust framework, “In the world of cybersecurity, it’s not about if you’ll be attacked but when. You need to have an incident response plan that includes legal, risk, governance, and cybersecurity teams. All must work together.”
The insights from the Dublin Tech Summit’s panel on cyber defence underscore the critical need for a comprehensive and proactive approach to cybersecurity. Organisations must recognise that compliance alone is insufficient and that tailored strategies are essential for addressing unique threats. Leveraging AI for both defensive and offensive insights is crucial for staying ahead of attackers. Most importantly, developing and maintaining a robust incident response plan is vital for mitigating the impact of inevitable breaches. As cyber threats continue to evolve, so too must our defences, combining technology, strategy, and continuous vigilance to protect our digital assets.
Key Takeaways: