Preparing for the 'Fifth Generation of Ransomware'Cybereason's Field CISO Shares Cybersecurity Predictions for 2023
In 2023, ransomware groups will explore new methods to get money from the same victims. Greg Day of Cybereason says ransomware tactics have evolved from encryption attacks on random individuals to multiple layers of extortion combined with data analytics to target large companies. The world is now entering the "the fifth generation of ransomware," he says.
This emerging generation will be more diverse and use broader techniques with an eye toward: “How do I generate more money from all of those systems I've already compromised?" says Day, vice president and global field CISO at Cybereason.
"We should be thinking about what data is valuable, where's it stored, who's got access to it, and how would I know if a third party has got access to it?" Day advises.
Ransomware changes are among Day's predictions for 2023 in a recent blog, which covers nine topics including cloud security, deepfakes, regulations, smart device threats and cybersecurity employee "burnout."
In this video interview with Information Security Media Group, Day discusses:
- Why 2023 will see the emergence of the "fifth generation of ransomware" and what it is;
- How to mitigate the risk of cloud credential attacks and deepfake scams;
- Why staff burnout will affect business resilience and what we can do to avoid it.
Day, who serves as CISO for Cybereason in the EMEA region, previously worked as CSO and CTO at Palo Alto Networks, FireEye and Symantec. His career began at Dr Solomon's, which later became McAfee, where he held a number of roles, including writing a behavioral anti-malware tool that was an early forerunner to today's EDR tools. As a longtime advocate for stronger, more proactive cybersecurity, Day has helped many law enforcement agencies improve detection of cybercriminal behavior. He previously taught malware forensics to customers and agencies around the world and has worked in advisory capacities for the Council of Europe on cybercrime and the U.K. National Crime Agency. He currently serves on the Europol cybersecurity industry advisory board.