Many security leaders are struggling to keep pace with the expanding attack surface, despite cybersecurity budgets increasing, Red Canary’s 2024 Security Operations Trends Report has found.
Among survey respondents from the US, UK, Australia and the Nordics across a cross-section of organizations, 63% of security leaders said they had an increase in their budget in the past 12 months, but only 37% felt it was enough to ensure the business is secure.
“I think what it tells us is you've had this big shift in the last couple years where the amount you have to protect is getting larger much more quickly,” Brian Beyer, CEO at Red Canary told Infosecurity.
“I was talking to one security leader, and he said, ‘the good news is, my budget went up by a couple percentage points. The bad news is I'm now responsible for all product security,’” Beyer said.
Beyer noted that where businesses are looking to enhance their IT infrastructure and use artificial intelligence (AI), this means there is a lot more to secure and in some instances security teams are struggling to keep up.
The more technologies an organization deploys, the more it must protect. This provides more opportunities for attackers to find gaps in defenses. According to Red Canary’s research, 73% of security leaders say their attack surface has widened in the past two years, by an average of 77%.
The report found that 62% of security leaders say AI has made it more difficult to keep their organizations safe from cyber-attacks.
As well as cybercriminals using GenAI to perfect phishing emails, organizations also have to grapple with potential data lost via the use of GenAI tools by their own employees.
However, AI can be used to the defender’s advantage by enabling them to be more efficient.
Cloud Causing Cybersecurity Issues
According to Red Canary’s findings, all respondents have faced challenges when trying to secure their cloud environments.
Red Canary’s 2024 Threat Detection Report, published earlier in 2024, uncovered a 16-fold increase in threats relating to cloud account compromises.
“Cloud security feels very reminiscent to me of what endpoint security was around12 years ago. Endpoint security was very vulnerability focused at the start,” Beyer commented.
“The evolution that these spaces go through is that there then becomes a focus on detection and response. So that’s what we’ve been preparing for. We're starting to see a lot of adversaries looking at these cloud environments and they're saying, ‘how do I use the identities and the data in the cloud to really go harm a business,’” he continued.
Attackers will lock up environments and ransom data in the same way they do corporate systems running on endpoints, Beyer observed.
One of the biggest challenges is the shared responsibility models – where security is shared between the user and the cloud provider - leading to lack of clear ownership around cloud security.
“Most end users should view it as they have all of the responsibility,” Beyer noted, “You have to assume that AWS and Microsoft will be incredibly good at protecting what they're responsible for in the same way you would want to believe that a data center provider is going to be really good at providing physical security.”
Red Canary published an update to its annual Threat Detection Report and noted that, following analysis of the top ten MITRE ATT&CK® techniques, email hiding rules - whereby adversaries use a compromised account to set up rules to block, redirect, or mark certain emails as spam to cover their tracks – was a new entrant to the list.
Combined with Cloud Accounts and Email Forwarding Rule, this meant three of the top ten techniques related directly to identity and cloud-native attacks.