At DFIN, securing sensitive information is at the core of what we do. With Cybersecurity Awareness Month upon us, it’s a great time to brush up on valuable insights, resources, and strategies. Whether it's helping you prepare for your next merger or acquisition, comply with regulations, or strengthen your cybersecurity posture and mitigate risks, we’re here to ensure that you stay ahead of the curve and protect what matters most — your business, employees, and customers. In the following Q&A, Dannie Combs, SVP and Chief Information Security Officer at DFIN addresses your most pressing cybersecurity-related questions.
1. What are the most prevalent cyber threats you are seeing in 2024?
Dannie Combs: Consistent with previous years, 2024 has seen cyber threats increase in sophistication and impact to organizations and individuals around the world.
Ransomware continues to dominate the threat landscape, and it is evolving in both complexity and impact. Attackers are increasingly leveraging techniques such as double extortion, demanding ransom for both decrypting data followed by a second payment to prevent the exposure of compromised data to a competitor, interested buyer, or the public. This tactic puts additional pressure on victim organizations by forcing them to manage a delicate balance between incident duration, data recovery, and reputation management.
Phishing and social engineering remain a significant threat, but now additionally augmented by deepfake technology and AI, making social engineering attacks harder to detect and defend against. It’s vital that organizations remain vigilant as these threats evolve, ensuring that their detection technology is up to the task of preventing threats from reaching end users, and additionally requiring a multifaceted approach to employee training and awareness to ensure post-incident reporting occurs quickly.
What’s old is new. There’s been a recent rise in zero-day exploits targeting unpatched vulnerabilities, which presents a serious challenge for developers, platform owners, and security teams. Organizations must prioritize timely patch management and vulnerability assessments to mitigate these risks effectively.
Finally, in an increasingly interconnected world, establishing a mature supply chain security program has emerged as a critical element of effective cybersecurity management. Attackers are targeting front line suppliers (and their suppliers) as entry points into larger organizations, underscoring the necessity of comprehensive security assessments that extend beyond an organization's immediate environment. Establishing comprehensive security protocols for third-party interactions is essential.
2. What steps should companies be taking to mitigate these risks?
Combs: To address these evolving threats, organizations must adopt a robust and comprehensive risk management strategy. This begins with continuous risk assessments that identify vulnerabilities and security measures tailored to specific architectures. A multi-layered security approach is crucial, encompassing firewalls, DDoS protection, advanced endpoint detection and response, data encryption, robust logging, near real-time anomaly detection and alerting, and timely deployment of software updates.
A zero-trust architecture is integral to modern organizational cybersecurity frameworks. It continuously validates identities and devices, minimizing risks of unauthorized access and data breaches. This model shifts the security paradigm from one based on implicit trust to one rooted in continuous scrutiny, enhancing overall security resilience.
Companies must also prioritize identity management, implementing and enforcing least privilege access policies to ensure employees have only the access necessary to perform their roles. Leveraging solutions such as identity governance administration and privileged access management can significantly bolster security posture. Modern authentication schemes must be a priority, with particular consideration given to APIs.
Understanding and adhering to global regulatory obligations is essential for organizations to avoid penalties and safeguard data. This includes compliance with regulations such as the Securities and Exchange Commission's cybersecurity rules, which apply to companies of all sizes. Organizations should integrate compliance into their broader cybersecurity strategies.
Last but certainly not least: relevant, routinely updated, and well-understood incident response plans must be in place for an organization to identify, respond to, and contain security incidents, whether big or small, with confidence. A regular tabletop exercise cadence ensures staff across a variety of roles and authority within a company are prepared to act quickly in a potential real-world event. These types of drills and repetition can reduce response times and minimize damage when incidents occur.
3. How do you view the role of AI as both an opportunity and a risk in the cybersecurity landscape?
Combs: Artificial Intelligence is a transformative force in the cybersecurity landscape, and with that comes both opportunities and risks. AI-driven tools can help to automate threat detection, analyze vast amounts of data in real time, and quickly identify patterns indicative of breaches or attacks. AI can enhance incident response by identifying threats more quickly than ever before and by providing insights for immediate action.
However, the rise of AI also brings significant risks. Attackers are using AI to automate attacks as well as to create increasingly sophisticated and targeted phishing and malware. There’s also the risk of adversarial AI, where malicious actors manipulate AI systems to evade detection. Organizations must remain vigilant, continually adapting their defenses to counteract these evolving risks.
4. Looking ahead to 2025, what are top cybersecurity concerns for the C-suite?
Combs: Several key cybersecurity concerns will dominate discussions among executives. AI-driven threats are expected to escalate, with cybercriminals employing advanced techniques that challenge traditional security measures, such as AI-enabled social engineering that include deep fakes. Additionally, supply chain security will remain a priority as organizations navigate the complexities of third-party vendor relationships.
Furthermore, organizations will face the challenge of keeping pace with evolving global regulatory frameworks focused on data protection and cybersecurity. Ensuring compliance while maintaining robust security will require strategic foresight and adaptability.
In an era where cyber threats are becoming increasingly complex, organizations must take a proactive stance in their cybersecurity strategies. By understanding the current threat landscape, implementing comprehensive risk management practices, leveraging innovative security tools, and acknowledging the dual role of AI and the positive potential it has to offer, organizations can be better prepared for the challenges that lie ahead. This requires organizational support, funding, and resources. Staying informed and adaptable is key to navigating this dynamic environment and safeguarding sensitive data today, tomorrow, and beyond.
Watch the webinar recap of 'Navigating the New Cybersecurity Disclosure Landscape' where Dannie Combs joined Ron Schneider from DFIN, Cristina Messerschmidt from Baker McKenzie and Andrew Campbell from Equilar who discussed key trends in cybersecurity disclosures and offered insights on how companies effectively safeguard their operations.