The cyberthreat landscape is rapidly evolving, and organizations often struggle to keep pace with increasingly sophisticated attacks. Despite this, many business leaders still fail to grasp the critical importance of maintaining robust cybersecurity measures.

In a recent roundtable hosted by data insights and organizational resilience firm Splunk, cybersecurity experts from various industries highlighted a crucial constant amidst the shifting threat environment: the enduring motivation behind cyberattacks.

“Their motivation—financial gain—is always there, and they’re prepared to keep at it,” says Simon Viney, cybersecurity financial services sector lead at BAE Systems Digital Intelligence. “New groups will emerge, and law enforcement will have some successes, but that motivation isn’t going away.”

As technology becomes more complex, finding comprehensive solutions to address diverse cyber threats can seem impossible. However, the targets remain largely unchanged, such as compromised emails and vulnerabilities within supply chains. According to Mark Woods, chief technical advisor for EMEA at Splunk, “some things will just be accelerated.” Common compromises still involve business emails, low-level system breaches, extortion, and supply chain mishaps.

Organizations can enhance their security measures internally and with direct suppliers, but addressing vulnerabilities in the second and third-line supply chains is also vital. Rigo Van den Broeck, executive vice president in cybersecurity and innovation at Mastercard, underscores the importance of this issue, noting its significance from both security and regulatory perspectives, particularly in the financial industry.

Public institutions are not exempt from these threats, often facing attacks from criminals targeting businesses further down the supply chain, exposing the “soft underbelly” of organizations.

Addressing Cybersecurity Challenges

Interestingly, recent research by Splunk indicates that many believe keeping businesses cyber-secure is becoming easier, with 4-in-10 security leaders finding cybersecurity somewhat or much easier in 2024 compared to the previous year. This may reflect advancements in technology and improved threat identification and neutralization. However, it might also suggest a potential underestimation of the evolving threat landscape and its disruptive potential.

“One big issue facing organizations today is the evolving threat landscape and the complexity of technology, which can result in decision paralysis in the boardroom,” says Viney. “The challenge is maintaining an effective approach amidst constant change.”

Woods echoes this sentiment, acknowledging the surprising trend of security leaders finding cybersecurity easier. “This group likely has strong foundations and a consolidated system in place, benefiting their cyber posture,” he says.

Engaging Business Leaders

Business leaders often seek quick fixes for cybersecurity, but ongoing iteration is essential. “You need continuous improvement in cybersecurity,” says Woods. “A two-year transformation program is great, but what happens after that when the budget disappears?”

Boards need to be actively involved in cybersecurity, fostering a sense of responsibility across the organization. This means involving roles like the chief people officer in cybersecurity efforts as much as the chief financial officer. Practical solutions to help boards understand cybersecurity’s importance can include increasing employee engagement to ensure everyone feels invested in protecting the business.

The AI Threat

Generative AI tools are another concern, potentially giving attackers an edge. While AI could favor attackers, it also has untapped potential for defending systems and aiding governance and regulatory compliance. Greater collaboration between companies is crucial to combat cybercriminals using AI, suggests Van den Broeck. Sharing data openly can enhance AI-based defense systems by creating predictive models.

“Cooperation between industries and companies, both public and private, is crucial,” concludes Van den Broeck. “Without data sharing, cybersecurity defenses are limited, and we cannot build AI-based systems to defend effectively.”

By fostering collaboration and continuous improvement, organizations can better navigate the evolving cyberthreat landscape and enhance their resilience against sophisticated attacks.