Recently, RiskRecon, a Mastercard Company, founder Kelly White, sat down with Sam Olyaei, Director at Gartner Research, and Errol Weiss, Chief Security Officer at Health-ISAC, to discuss their client’s experiences regarding recent trends in third-party risk management. During their discussion, they spoke about the wider impact of cybercrime and ransomware threats.
Kelly White: Do you expect that we're going to continue to see an increase in cybercrime and ransomware activity or will these trends flatline at some point?
Sam Olyaei: I wouldn't necessarily expect to see an increase in the volume of cyberattacks, but I would expect to see an increase in the specificity and the target of these attacks. Historically, you have essentially two groups of crime actors, you have the crime actors that try to do this for financial benefit, and you have the crime actors that do this for political benefit. The crime actors that do this for financial benefit, have a strategy of throwing spaghetti on the wall and seeing what sticks and the groups that do this for political benefit tend to have a more targeted strategy that's focused on chaos and disruption and things of that nature.
The vast majority of attacks are not necessarily going to change in terms of the threat vectors that are commonly used, your phishing, your social engineering, and those types of things. But when you start to get into the political nuances and the capabilities and resources of those entities, you are likely to see zero-day vulnerabilities taking advantage of specific targets.
Errol Weiss: I would agree with a lot of that. I think that the bad guys on the cybercriminal side are always going to leverage current events in phishing themes that they will utilize. To Sam's point, I expect we'll see millions of email messages being sent out with the hopes that somebody's going to click on one of those. Especially with all that charity and relief organizations are doing right now. Again, it's another dynamic that we see, where the bad guys will invent their own charity to look like something legitimate, and just in the hopes that people will donate to them and inadvertently aren't set up. So, I think we'll start to see that, but to me it's unfortunate. The threat landscape never seems to get better, it just keeps getting worse as our criminals and state-sponsored cyber actors keep getting more creative and imaginative as every day passes.
We summarized the key insights from their conversation in a new paper “Trends in Third-Party Risk Management.” Check it out today!