Inhalt
Speed, intelligence and automation are becoming key factors in cyber defense. Five important recommendations for companies.
The threat situation for companies is also becoming more complex this year. In addition to state-sponsored attacks – primarily from Russia, China and, increasingly, North Korea – we are seeing more and more commercially motivated attacks that are carried out highly professionally using the CaaS model (Cybercrime as a Service). It is noticeable that the speed with which stolen data is offered for sale or exploited is constantly increasing. It is not uncommon for compromised accounts to be taken over after just a few minutes.
Phishing campaigns, which are becoming increasingly reliable thanks to the use of AI, pose a further potential threat.
Last but not least, criminals are increasingly using cross-platform malware that targets Linux and Mac OS as well as Windows. How can companies meet these new challenges?
Five recommendations for action
Increasing attack dynamics and more complex phishing methods require a higher degree of automation and shorter response times from cyber defense. After all, every minute counts when it comes to blocking user accounts in good time or isolating infected computers. Five recommendations for cyber security:
AI and automation
Faster attacks require shorter response times of hours to minutes. This can only be realized economically through automation and 24×7 monitoring. The basic technologies include Endpoint Detection and Response (EDR), Extended Detection and Response (XDR) and Incident Response. Security Information and Event Management (SIEM) provides the log files required to automate typical analysis tasks. The use of AI also improves attack detection, for example by comparing artifacts and file hashes. However, AI-based detection systems must be well configured and seamlessly integrate human expertise.
24/7 monitoring
In order to adequately counter the increasing frequency and quality of attacks, analysts need to continuously evaluate the alerts generated. Human expertise is becoming increasingly important, especially where automated tools tend to fail, for example in the case of sophisticated phishing attempts disguised as job offers or tenders. Those who do not have internal monitoring and analysis capacities can fall back on external services such as Managed Detection and Response (MDR).
Consolidate security tools
Response times can also be optimized by reducing the complexity of the security architecture. A better overview and fewer tools increase efficiency and agility. External advice from an experienced cybersecurity specialist can help in the decision-making process.
Strengthening the human firewall
Thanks to artificial intelligence, cyber criminals are constantly improving the quality of phishing emails and fake websites. Employee training therefore remains an indispensable tool in the fight against cyber attacks. Tabletop exercises, awareness training and similar measures make staff an important part of the human firewall.
Improve safety culture
Small and medium-sized companies in particular would do well to put their security culture to the test and take measures to close their main gateways. Microsoft Defender XDR is an efficient solution for protecting endpoints, identities and emails in equal measure. If required, SECUINFRA’s experts can provide support with configuration and integration.
In a Nutshell
The five recommendations for action can be summarized as follows: The first step is to set up solid basic protection that secures the three main gateways of endpoints, identities and emails. This basic protection must be reinforced with incident response and 24/7 monitoring and a robust emergency plan must be drawn up. Once this homework has been done, companies are well equipped for the current threat situation and the increasing speed of attacks.
The experts at SECUINFRA will be happy to help you identify and implement the right measures, identify gaps and define suitable rules or set up a complete SIEM. This also requires us to constantly think outside the box, simulate attacks and maintain an overview. After all, products can easily be changed, but the know-how of a service provider with experience in the sector remains crucial for continuity.
Would you like to know how you can increase your cyber resilience with a holistic Managed Detection and Response (MDR) offering? Find out more now
Figure 1: Cloud-based MDR for SMEs
SMEs can counter the new threat situation in 2025 cost-effectively with cloud solutions from Microsoft and complementary cybersecurity services. (Graphic: SECUINFRA GmbH)
Figure 2: MDR without cloud
On-premises: Larger companies can improve attack detection and cyber defense with additional MDR modules (red) from an experienced service provider and thus equip themselves against increasingly automated attacks. (Graphic: SECUINFRA GmbH)
