For the first time ever, abuse of valid accounts topped as cybercriminals’ most common entry point into the victim environment, posting a dramatic 71 percent increase in 2023 over 2022, according to the latest IBM report.

IBM’s X-Force Threat Intelligence Index 2024 showed that 2023 was the first time on record where abuse of attacks using valid accounts became rampant. In fact, the report said that abuse of valid accounts represented 30 percent of all incidents X-Force responded to in 2023.

Corollary to this, X-Force has observed a 266 percent upsurge in the use of info stealers with a number of prominent new info stealers recently debuted and demonstrated increased activity in 2023.

The report further noted that 32 percent of incidents were using legitimate tools for malicious purposes, such as credential theft, reconnaissance, remote access or data exfiltration.

As attacks on valid accounts went up significantly, the report also highlighted an 11.5 percent decline in enterprise ransomware incidents.

“This drop is likely to impact adversaries’ revenue expectations from encryption-based extortion as larger organizations are stopping attacks before ransomware is deployed and opting against paying and decrypting in favor of rebuilding if ransomware takes hold,” the report said.

Despite the drop in attack, the report pointed out that ransomware still remains the most common action on objectives, which can include data theft, compromising data integrity, destroying data and infrastructure, disrupting operations, and perpetrating attacks on other victims.

Meanwhile, data theft and leak rose as the most common impact for organizations, accounting for 32 percent, indicating more groups are favoring this method to obtain financial gains.

Interestingly, X-Force said that once a single AI technology approaches 50 percent market share, or when the market consolidates to three or less technologies, the cybercriminal ecosystem will be incentivized to invest in developing tools and attack paths targeting AI technologies.

Human firewall

Despite the tools to counter cyber-attacks, both Renne Barcelona, cybersecurity leader, IBM Philippines, and Warren S. Herrero, vice-president and chief information officer of Public Safety Savings & Loan Association Inc. (PSSLAI), shared in an interview with Manila Bulletin Business that the best tool starts from individuals themselves.

“The most important thing is continuous training of end users, campaigns, and upskilling on latest cyber-attacks,” said Barcelona.

“Human firewalls and trained people within the organization as first line of cyberattacks,” he also said.

Barcelona urged that a company that earns millions in an hour due to technology, must also invest in cyber security.

While there is no one size fits all, in terms of investments in cyberattack protection, he reiterated that “the simplest investment is if we invest in our people: invest on security awareness, training and programs.” This is because even if you have very sophisticated tools, the cyber criminals will keep evolving and later on find loopholes to attack.

But, if a company invests in people and programs, implements table top exercises to keep them informed and aware that will somehow improve detection and prevent attacks, he said.

“Human firewalls are the people within the organization. And they act as the first line of defense against cyberattacks. It's a very, very effective way in strengthening the organization's security posture,” he added.

At the same time, Barcelona said they should likewise strengthen the process standpoint by adopting different security frameworks and boost the technology aspect as well. ”It's the holistic approach to strengthen each organization's cybersecurity posture,” he added.

Investment

Investment, however, may depend on the budget per organization. “But the first thing is to invest in our people, upskill, provide them seminars to augment human workforce for human firewall, said Barcelona.

For his part, Herrero said that since organizations rely on technology, then investment to secure this technology should never be the last in  priorities. He noted of colleagues who invest in low quality service, only to pay higher price when they get attacked.

Herrero said this also goes with the business process outsourcing (BPO) firms operating in the country to invest more now, because the traditional cybersecurity in the past won't work anymore with the types of attacks that are happening right now.

PSSLAI, the savings and loan institution within the public safety sector, has collaborated with IBM Security Services primarily to improve its security posture and protect its members' financial assets from the risk of cyberattacks. PSSLAI members include the Philippine National Police, Bureau of Jail Management and Penology, Bureau of Fire Protection.

The partnership between IBM and PSSLAI ensures the deployment of lots of cyber security tools making its members able to leverage of use case, automation, and continuous strategic threat assessment.

Since the engagement started in 2019, IBM Security Services has supported PSSLAI's threat detection and response readiness through its Managed Security Services program.

Due to this collaboration, PSSLAI has successfully achieved zero data breach incidents, which has resulted in zero financial loss and zero lost business hours due to data breaches.

Additionally, through leveraging automation and continuous training, PSSLAI has improved its average security incident response rate by 80 percent.

Barcelona said that “IBM prides itself as being one of the biggest managed security services providers to say most of our most of our clients in the country here in the Philippines most of them are financial and banking industry. Aside from the fortune 500, the biggest conglomerates in the country. We pride ourselves being one of the biggest one of the most innovative organization in the world."

“We continue adopting a lot of security frameworks security model in order for us to protect our client bills organization,” noting they have the biggest market share in this space in the Philippines.

Barcelona also sees the business landscape cybersecurity will grow exponentially over the next four to five years, especially with the rise of AI.

Barcelona further said that Philippines is booming economically, making it a target by cybercriminals, even state-sponsored attacks, that target not just companies but public organizations, as well.

While he is not at liberty to mention names, Herrero said that cyberattacks on public entities are happening and it happened already in the country and ransom had been paid. “These entities are strong already, but they need to partner with much higher defenders,” he said.