The threat landscape continues to evolve at a worrying pace, across all methods of attack, whether its phishing, ransomware, or BEC attacks, to name a few. The tools and tactics employed by bad actors are becoming more sophisticated by the day, and thanks to the rise of generative AI, both the scale and frequency of attacks are set to accelerate rapidly, as well as making the subterfuge even more convincing.
Complicating matters is enterprise's every-expanding adoption of the cloud, and they're not just opting for a single provider. Most companies are almost certainly using multiple cloud services and SaaS solutions, which has resulted in web apps becoming one of the top breach vectors.
TechRadar Pro spoke to Barracuda CEO Hatem Naguib and VP of Network Security, Klaus Gheri, at the company's TechSummit23 event to get their views on the current situation and what Barracuda has in its arsenal to deal with not just present, but also future security challenges.
Lose the password, gain protection
One of the key ways Barracuda plans to sure-up its customers' security posture is to abandon passwords and opt for a passwordless solution instead, since stealing credentials is the number one aim for cybercriminals in most attack cases.
As Gheri says, dropping passwords in favor of passwordless can make you, "immune to credential theft," since there are no credentials to steal.
Another advantage is the elimination of Multi-Factor Authentication (MFA), as again, there are no credentials that require this extra layer of authentication. Gheri explains some of the problems with MFA:
"People believe in MFA... but there's plenty of ways to circumvent MFA or [trigger] MFA fatigue, where I just bombard you with MFA requests and eventually you'll just click 'yes'."
"[MFA] is better than nothing - so if you just rely on passwords, that's not a good idea, you should compliment them with MFA, but.. given the fact that generative AI will make ransomware attacks so much more efficient, and credential theft [passwordless] is the way to go."
Perhaps compounding the dangers posed by today's cybercriminals is their strong financial position. On this front, Gheri has some worrying conclusions:
"[Cybercriminals] are out-monetizing us... with the ways things have been going for a number of years now, you can see that they're making more money, and they're willing to spend."
"And that's a dangerous game because [they are] so much more profitable [and] we cannot do anything to make more money, because it is just 'spend' on the defensive side; on the offensive side, it's just money-making. So I think the arms race [between attackers and defenders] has always been there, [but] the balance is shifting a little bit."
Naguib echoes a similar sentiment:
"The attackers in many cases are leveraging the same capabilities that the protectors are using... the nature of the attacks is the same, but... we've moved from very, very low sophistication to very high sophistication."
"And they're very well resourced - they don't have to suffer the constraints that businesses have to suffer through."
Despite this, Naguib seems confident in the ability of Barracuda's customers to maintain a strong security posture, as well as the company's ability to keep up with attackers:
"I think a lot of customers are evolving in their understanding of why security is important... I see more understanding and education even at the smallest level of customer."
"I also see that the involvement of government is improving all of us, in the sense that it's not just creating the general awareness... [but] by stepping in, leveraging their resources and asking vendors to work together."
Naguib also talked about the importance of SecureEdge, the company's new cloud-first security solution that aims to protect every device, site and environment - on or off premise - that you have:
"I think SecureEdge has a very compelling set of integrated use cases, where customers who typically use multiple products to solve a problem, would like to consolidate their capabilities... SecureEdge is our offering that really helps our customers do that."
He added that data protection is also a very important consideration for customers, more so than ever:
"[Data protection] has just been growing and is very interesting to us... if you think about the amount of data that is being stored - and not just the intelligence that's associated with the type of data, how it's backed up and so forth - but how do we provide better data security for our customers?"
"Data loss prevention, or the wrong information being stored in the wrong place - all of that is a very important set of conversations for customers. Especially now, when you think about how much is sitting in the public cloud, the propensity of customers to think about leveraging things like gen AI and not knowing which data is going in and what happens to [it]."
"It's just another area where, from a compliance, security, [and] privacy perspective, we get a lot of interest and it's just very compelling for customers."