Naturally, generative AI threats exist; however, the focus on new technologies risk overshadowing the importance of cybersecurity hygiene practices, especially in resource-constrained sectors like public healthcare, says Aaron Bugal, Sophos field CTO, APJ. “It can come at the expense of addressing more fundamental cybersecurity basics, which contribute to ransomware vulnerabilities.”
Ransomware attack data in the Sophos State of Ransomware 2024 report shows that vulnerability management, compromised credentials, malicious email, and phishing are the most common starting points. It’s these risk factors that need to be managed through routine processes. “A lot of the attacks we’re seeing today, attackers are getting in using deficiencies in what constitutes a poorly managed or mismanaged environment and it’s just giving them the green light,” Bugal tells CSO.
Not protecting credentials, lack of multi-factor authentication, not patching well-known vulnerabilities, not keeping up with aging devices and user accounts, and overlooked configurations can get put off or forgotten about if too much focus is turned to generative AI. “Some things can be trivial to discover and mitigate, but if they’re overlooked by organizations, it leaves them vulnerable to attacks,” he says.
