Cybersecurity threats continue to evolve, and bad actors attacking digital environments operate on the same principles as many of the organizations they target. It’s a risk-and-reward model, where the return on investment can be quite lucrative when a victim pays ransomware to get their data returned.

Ransomware attacks remain an ongoing threat, with healthcare becoming a prime target, according to one leading cybersecurity executive.

Charles Carmakal, CTO at Mandiant, talks with theCUBE about evolving cybersecurity threats.

“We’ve seen a lot of targeting of healthcare organizations over the past several months,” said Charles Carmakal (pictured), chief technology officer of Mandiant (part of Google Cloud). “Threat actors realize that if you target a healthcare organization, if you disrupt their ability to give care to patients, those organizations will feel pretty compelled to potentially pay an extortion demand because being able to take care of human lives is obviously worth a certain value.”

Carmakal spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed cybersecurity threats and the need for continued action by law enforcement, as well as defense against threats posed by generative artificial intelligence. (* Disclosure below.)

Cybersecurity threats: Disabling malicious infrastructure

Attacks against healthcare institutions and other organizations have prompted law enforcement agencies in the U.S., Europe and Canada to take action by disrupting the infrastructure used by global threat actors. A task force of governmental agencies was recently successful in finding and disabling malicious systems used by hacking groups to infect cybersecurity testing tools.

“I’m always happy when I see law enforcement actions,” Carmakal said. “When threat actors lose money, when they lose infrastructure, when they get arrested, when they get indicted, these are all great actions that help to create more fear and consequences to threat actors. If there were no law enforcement actions whatsoever, crime would be through the roof. They’re certainly stopping a lot of the illegal activity from occurring.”

There is also the ever-present concern that adoption of generative AI by malicious actors will complicate efforts to defend against attacks. The good news, according to Carmakal, is that this scenario has not yet become reality.

“We respond to about 1,300 security events every year, and we look at how generative AI is being used by adversaries,” he said. “For the most part, it’s not really being used by adversaries to break into organizations. We see maybe some research being done, perhaps there’s some use of generative AI to help create better phishing emails. But, for the most part, we’re not seeing a whole lot of malicious use of generative AI to attack organizations.”

The volume of daily threats and multitude of tools to deal with them can lead some security practitioners to become overwhelmed by the scope of protection necessary. Carmakal advises that organizations follow an approach that focuses on the key risks.

“There’s an infinite amount of threats that you could try to prepare for and you could go crazy trying to prepare for everything,” he explained. “You have to understand, as an organization, what are the most relevant and prevalent threats to an organization like yours, to your sector, and how do you defend against the most likely types of threats against your organization. Focus on the common things; try not to get too obsessed with the edge cases.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:

(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE