A Hacker’s View of the 2024 Cyberthreat Landscape

In a special, two-part bonus episode of Channel Insider: Partner POV, host Katie Bavoso sat down with Cody Kretzinger, Principal Security Advisor at Galactic Advisors and former LulzSec hacker, to discuss the latest developments — and heightened risks — in cybersecurity heading into 2024.

Kretzinger’s experience on both sides of the cybersecurity battlefield allowed him to provide a unique perspective on the current threat landscape and how managed service providers (MSPs) and managed security service providers (MSSPs) can stay ahead of the game in 2024.

How cybersecurity is like the “golden age of piracy”

In Part 1 of the interview, Kretzinger shared insights into the escalating threat of ransomware attacks — particularly those targeting healthcare facilities.

He emphasized the urgency for organizations to fortify their defenses as threat actors increasingly disregard previous “gentlemen’s agreements” that protected healthcare facilities, critical infrastructure, and other public services — leading to disruptive consequences for patient care and organizational operations.

Listen to the Part 1 of the podcast:

Watch the Part 1 video:

Teen hackers are throwing out all the rules

The emergence of younger cybercriminals, exemplified by groups like Scattered Spider, presents a new challenge for cybersecurity professionals. Kretzinger described the recruitment process targeting teenagers through online gaming platforms and the blend of digital and physical tactics employed by these youth-driven entities.

“There are specific cases where they’ve actually assaulted individuals in order to get passwords or other sensitive information that they then can leverage in a cybercrime attack,” Kretzinger said. “There’s not too many threat actors outside of nation-states that are willing to go quite that far.”

So, how can organizations protect themselves?

Proactive vulnerability management and continuous monitoring, to start. Kretzinger underscored the importance of keeping systems up-to-date and patching vulnerabilities promptly, citing recent disclosures of critical SSL vulnerabilities in networking appliances.

Zero trust remains one of the best cyberattacker deterrents

The adoption of zero trust principles is another key strategy for organizations to bolster their security posture. By distributing security controls across every asset within an organization, Zero Trust mitigates the impact of potential breaches and fortifies overall resilience against cyber threats.

Security researchers and malicious hackers alike are “constantly hammering away at [firewall] systems because it allows them that first step into a network,” Kretzinger explained. “That really highlights the need for the adoption of the kind of the zero trust network that everybody has been talking about.”

Why?

“Because the reliance on that [firewall] appliance to do all of the work to totally protect the organization is now distributed amongst every asset within an organization — every endpoint, every network device, every IoT device, as long as they’re all following zero trust — it makes it incredibly more difficult for the bad guys to compromise the entire organization.”

Risks of ransomware in healthcare, and the emergence of AI

In the second part of this Partner POV bonus episode, Kretzinger highlighted the challenging timeline for detecting ransomware attacks, emphasizing the importance of robust cybersecurity hygiene. He explained how threat actors exploit vulnerabilities and move laterally within networks, often remaining undetected for extended periods before deploying ransomware.

Listen to Part 2 of the podcast:

Watch the Part 2 video:

The dangers of ‘just OK’ security

Reflecting on recent ransomware attacks in the healthcare sector, which cost the industry billions of dollars, Kretzinger underscores the critical need for comprehensive security measures.

“What most organizations have,” Kretzinger warned, “is ‘OK’ cybersecurity hygiene. And when you have OK cybersecurity hygiene, you have OK security tools, which means you have OK policies and procedures, which means everything’s just OK. So when you have ‘just OK’ everything, it can take some time in order to not only detect [an attack], but also see what’s going on and maybe who it was from.”

Kretzinger recommends a proactive approach, combining tools like endpoint detection and response (EDR), extended detection and response (XDR), and managed detection and response (MDR) with thorough monitoring and response capabilities, in order to stay on top of any suspicious activity at any level of your networks.

Managing data — and clients — in the AI era

Addressing concerns surrounding emerging AI technologies like Microsoft Copilot, Kretzinger stressed the significance of data classification and sensitivity labels to safeguard sensitive information. He cautioned against complacency and advocated for proactive risk mitigation strategies.

When it comes to addressing these issues for clients, Kretzinger identified “two components” of being a trusted advisor as an MSP: “The first one is being able to identify risk and the second component is to be able to communicate risk.” Kretzinger gave a common example: employees reusing their passwords.

“That is a shared risk,” he said, “a common risk. But you need to be able to talk about it in such a way that it’s a risk to the business — not a risk to the end user, not a risk to the data, but a risk to the organization. When we’re communicating the risk back to business owners, we have to do it in such a way that they understand what we’re talking about.”

Finally, Kretzinger outlined a few practical steps for solution providers to expand their client base and enhance their cybersecurity posture. First, he recommends leveraging cybersecurity incidents as learning opportunities; second, preparing clients for inevitable breaches; and third, emphasizing the value of administrative controls such as acceptable use policies and incident response policies to better enforce employee compliance.

Get informed and get involved

In closing, Kretzinger invited viewers and listeners to connect with Galactic Advisors, where he serves as an executive director, and encouraged involvement with the Illinois Cyber Foundation.

In addition to inviting viewers and listeners to connect with Galactic Advisors for more tailored guidance on their organization’s security hygiene, Kretzinger highlighted the work of the Illinois Cyber Foundation, where he serves as executive director. The Illinois Cyber Foundation is a nonprofit organization dedicated to educating youth, the elderly, and other vulnerable individuals on the scams they may encounter online, and empowering them with the skills, resources, and mentorship they need to thrive in today’s cyberthreat landscape.

To engage with Cody Kretzinger and explore more insights on cybersecurity, connect with him on LinkedIn. Don’t miss upcoming episodes of Channel Insider: Partner POV on YouTube or your podcasting platform of choice for more industry insights and expert interviews. Like, follow, and subscribe to stay informed!