Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security challenges in a world of liquid risks
Everything can change from one moment to the next, beyond the visible or invisible of our environment, highlighted by complexity, uncertainty and volatility, which poses a great challenge for cybersecurity. ENISA in its Cybersecurity Threats Forecast Report 2030, highlights that technological evolution, geopolitics, and the cybersecurity landscape, demands that organizations be prepared to face foreseen or unforeseen challenges, that is why retrospective and prospective is essential.
According to Alberto J. Ray in his book Liquid Risks, he argues that the term liquid world was coined by Zygmunt Bauman in which he states that realities are fluid and changing, which is a challenge for the identification, analysis and response to emerging and hybrid cyber threats because organizations need to maintain their security, stability and resilience.
Liquid risks are in essence global, i.e. they are omnipresent, even if they are not obvious to the eye.
Ray states that a risk is liquid because its mutual form adapts and transforms to the environment that shapes it, it is difficult to contain, it spreads easily and although it is intangible at the moment of determining it with any degree of precision, its effects are unstoppable for those who decide to exploit it. It is necessary to manage uncertainty with flexibility and speed.
Security challenges in a liquid world
In the dynamics of cyber operations with the deployment of proactive and reactive capabilities it was very common to approach threats by their typology or pattern. Where sometimes it was evident to witness them, to know their capabilities and indications, and there could be difference in their impact or behavior according to their environment and their temporal and spatial scope as well as being able to move to other technological assets, which we could even determine in advance.
But the reality is that as liquid risks these threats have sophisticated capabilities with an emergent and disruptive approach in which they can appear, disappear, recreate themselves and even mutate in a different, systemic and independent way, adopt appearances of the environment and cross borders in space and time due to the dependencies and interconnections of the infrastructure and technological architecture.
In liquid threats, threat actors are very broad and are not easily revealed, they tend to camouflage, infiltrate and even hide.
This is why in these times of hyperconnectedness and supply chain dependencies, threats are more anonymous, ubiquitous and unpredictable than they ever were, due to the sophisticated capabilities of the actors. These threats arising from these risks are the consequence of the misunderstanding of the environment resulting from the acceleration of globalization and technology.
We can find that these risks include threats such as; zero-day vulnerabilities, supply chain attacks, ransomware and sophisticated malware that dynamically transforms to evade controls. In addition, they can originate several variables such as dynamic environment in the cloud, supply chain or even in the integration of AI and machine learning, because they introduce novel and unpredictable vulnerabilities.
Characteristics of a liquid risk
There is a big difference between static risks that can be mitigated by predefined controls, in the case of liquid risks, continuous monitoring and adaptation is required due to their mutable and unpredictable nature.
The essential characteristic of this risk is its ability to:
- Adaptability: They transform and evolve in response to new defenses or circumstances in their environment, rendering traditional defenses inadequate.
- Unpredictability: By their nature, they are difficult to anticipate, assess and manage.
- Permeability: They can seep into multiple layers of technology architecture and infrastructure, from software vulnerabilities to undermining external vendor ecosystems.
Provenance and sources
Their provenance and sources can be very diverse, here I explore some of them:
- Evolution and exponential growth of technologies: Following the constant digital transformation converging in organizations such as the adoption of AI, cloud computing or IoT devices, makes the exposure and attack surface even more extended which introduces vulnerabilities and challenges the capabilities of adversaries.
- Sophisticated and dynamic threat actors: Throughout cybercrime and nation-state actors constantly evolve their integrated capabilities with their techniques, tactics and procedures (TTPs), making their attack and threat strategies adaptable and evolving in real time, as everything aims to undermine the systemic capacity, liquidity and other operational aspects of organizations.
- Supply chain complexity and hyper-connectivity: Today this extends beyond the fluid interdependencies between 3rd, 4th and nth party suppliers as they introduce rapidly changing risks depending on external or internal threats or vulnerabilities in the technology infrastructure and architecture.
- Updates and patches: The insecurity in some processes due to constant changes sometimes not formalized under secure practices can originate new vulnerabilities, due to some factors such as haste, bad practices and others that may depend on quality assurance processes that vary greatly in each organization.
Impact for businesses
These risks latently and aggressively challenge the security measures that organizations rely on, where we find traditional antivirus, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM), or firewalls on which they “offload the responsibility for security”.
Where these risks evolve and can evade defenses designed to address known or unknown vulnerabilities. Which makes it necessary for organizations to rethink approaches from a reactive to a proactive security posture, with an emphasis on continuous monitoring, real-time detection and adaptive defensive security strategies.
These risks can erode the ability of corporate resilience by significantly exploiting blind spots in their defenses especially in complex and interconnected environments of infrastructure and technology architecture. Over time if not managed, these risks can lead to data breaches, reputational damage, strategic damage and even sanctions of other nature.
Detection of liquid risks
Detecting these risks requires very advanced techniques beyond common signature-based methods:
- Behavioral analysis of all components of the technological infrastructure taking into account (processes, people, technologies, information and environment), help to identify anomalies that could indicate a liquid risk.
- Threat intelligence through real-time sources, will help your organization to stay updated on emerging and disruptive threats and vulnerabilities, it is appropriate to develop retrospective and prospective capabilities through the situational state.
- AI and machine learning through the use of these technologies can detect patterns and anomalies with emphasis on data through the identification of subtle deviations from normal behavior.
- Continuous monitoring is necessary for real-time visibility of our network traffic, activities, users and software operations to help detect rapid changes in risk profiles, where analytical capabilities are very important.
- Red team and adversary simulations allow us to actively test corporate defense capabilities through simulated sophisticated attacks that can uncover potential vulnerabilities before they are exploited or seen by malicious actors.
Preventing liquid risks requires a flexible and multi-level approach from conducting dynamic risk assessments, proactive cybersecurity management, “zero trust” infrastructure and architecture, patch management, updates and bastioning, threat hunting, supply chain and vendor management, security due diligence processes, among others.
When responding to these risks, organizations must be agile and adaptable with incident response and recovery plans and their corresponding tests, mitigation strategies, incident analysis, among others; all must be up-to-date and proactive to address an evolving landscape.
It is useless to have plans when we don't test and exercise to know their capabilities.
Liquid risk cases
After analyzing countless cybersecurity attacks and incidents, let's recall a case that can be attributed to a liquid risk and that is the SolarWinds attack where cybercriminals infiltrated the software update process, where in a backdoor that spread across thousands of networks around the world, exploiting fluid vulnerabilities in the supply chain affected governments and organizations. Its dynamic nature, including the ability to avoid detection for months, shows the behavior of this risk. As well as this, we can also consider the WannaCry ransomware attack.
A systemic cyber risk can also be a liquid risk, depending on the associated vulnerabilities and threats, as has been seen on some occasions in supply chain risks.
Such is the case of the NotPetya attack, its speed in its rapid spread through networks and even transcended borders globally through trusted software updates, exhibited liquid and mutant traits as this attack evolved by exploiting systems and mutations to continue to enhance its capabilities even when trying to mitigate the risk. Therefore, liquid and mutant risks are closely related. Where liquids evolve in time and mutants change dynamically to circumvent controls.
