The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023. With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to their belts, and geopolitical events influencing APT activity, there’s a lot to dissect.
From a defender’s point of view, what does that mean heading into 2024? Do you need to consistently shift tactics too, to stay one threat ahead?
The thing is, we will never be “done” with cybersecurity. There will always be new threat actor groups. New strains. New tactics. And even if the defender community dismantles a botnet, like for example the takedown of Qakbot in August, it doesn’t mean the group behind it will cease to operate. We’ll never reach that scenario in the game of Battleship when you’ve found the final target and smugly mutter, “This is your last boat.”
There’s two ways of looking at that. You can either say, “What’s the point?” Or “We know we’ll probably get hit at some point. What can we do to ensure we eradicate the threat as quickly as possible?” So much of cybersecurity is about balancing and reducing risk. Knowing what risks you can accept, and what risks you absolutely can’t.
That base visibility is key. As we at Talos commonly say, whomever knows the network best, owns the network.
For example, Veradigm, a healthcare IT organization that the Cisco Talos Incident Response (Talos IR) team has been working alongside for many years to proactively assess and constantly improve their security post ..
Support the originator by clicking the read the rest link below.
