As we prepare to metaphorically close our remote "office" for the end of year we wanted to briefly take a moment to reflect on the last 12 months at Cosive.
Zooming out to consider the cybersecurity field as a whole, two primary developments have stood out to us this year.
First, a growing challenge: the increasing professionalisation of ransomware gangs, who have surprised us all with their capacity to operate more like venture-backed startups than cybercriminals.
The scale of their resources unfortunately aren't that different to VC backed startups, either, with top ransomware groups earning over $100 million from ransomware payments.
The good news? We believe the repeated tactics and similar targets of many ransomware groups mean that the skills, tools, and capabilities of threat intelligence teams are extremely well-suited to the detection and prevention of these threats.
We’ve also been encouraged to see an marked uptick in organisations looking to both ingest and share threat intelligence.
Though, as we always say, the wisdom of analysts is still the key ingredient for success.
Secondly, a development that we believe is deeply positive: the advancements in AI that show immense promise in reducing repetitive work for both SOC and CTI teams.
We've been experimenting with these capabilities ourselves, from test-driving ChatGPT's ability to assign ATT&CK IDs to threat intel reports, to exploring how AI could transform the CTI analyst role by allowing analysts to spend much less time on mundane enrichment tasks.
This year saw the team make many knowledge-sharing contributions back to the Australian & New Zealand cybersecurity community.
Our CTO Chris spoke at AusCERT on what it takes to share CTI packages, and at AISA CyberCon on using AI for CTI enrichment. Chris also spoke on the use of canary credentions to fight phishing attackers at several local and industry meetups.
Cosive's Shanna Daly presented at CyberCon in Canberra on how to do threat intelligence without boiling the ocean, while also facilitating a popular workshop on digital forensics at the same conference. Both Chris and Shanna appeared on industry expert panels at CyberCon. And we found ourselves a little starstruck when Shanna recorded a live podcast episode on stage with Risky Biz! Alongside all this, Shanna also found time to serve as a review board member for Blackhat Asia.
Cosive's David Zielezna served as a CTI engineering expert panelist at this year's CyberCon in Melbourne, and presented on using MISP in the field at a sector-specific security meetup.
And Cosive COO Terry MacDonald continued to volunteer his time to serve as Chairperson of the New Zealand Internet Taskforce (NZITF), a non-profit organisation dedicated to improving New Zealand's security posture.
We're excited to continue sharing our knowledge and insights with the broader industry in 2024. It's an important part of our goal to help organisations achieve excellence in their security programs.
Our multi-disciplinary team stretched across the full breadth of their skills this year, executing successful delivery of bespoke security tooling, top-down reviews of SOC and incident response playbooks, cybersecurity tabletop exercises, MISP consulting, and pentesting for a diverse range of customers.
We launched and made major improvements to CloudMISP, our MISP SaaS offering, including custom integrations with Azure Sentinel, AssemblyLine, Okta, and Azure Active Directory (now known as Microsoft Entra ID). And we worked with major international organisations to replace the burden of a self-hosted MISP with the ease of CloudMISP, helping their CTI teams to get more real work done.
Finally, we want to take some time to reflect on our year at Cosive, in the words of our team:
To our team, our customers, and the broader Australia & New Zealand InfoSec community, we wish you a restful, relaxing and restorative break.
Here's to having our best year yet in 2024.