Skip Navigation
BlackBerry Blog

The 4 Horsemen of the Cybersecurity Apocalypse

(This Cyber Tactics column, “The 4 Horsemen of the Cybersecurity Apocalypse” written by John McClurg of BlackBerry, was originally published November 9, 2022, in Security Magazine. Excerpted with permission – access the full article here).

There are four high-level risks hurtling toward your organization right now — spanning across industry verticals and geographies.

If the four horsemen of the cyber apocalypse posed a threat to your network, would you recognize them in time to turn the odds in your favor? The biblical version of an apocalypse involves conquest, war, famine, and death. In cybersecurity, I believe the current “four horsemen of the apocalypse” would be as follows:

  1. Security by Obscurity
  2. Supply Chain Attacks
  3. Collaboration Among Threat Actors
  4. Reactive Network Defense

These horsemen are already here. Their associated implications should inform enterprise cybersecurity strategies as we look ahead to 2023 and beyond.

Horsemen of the Cyber Apocalypse 

There are many factors that could have made the list, but I believe these four reflect high-level risks hurtling toward organizations right now — spanning across industry verticals and geographies.

1. Security by Obscurity

Ransomware and advanced persistent threat (APT) operators have changed cyber risk for every organization. For those companies that assume they are too insignificant to be targeted, the outlook is stark — threat actors don’t target businesses based on their size or location alone.  For ransomware attacks, it’s about how much an organization is willing to pay, while for APTs, it may be more about enterprise connections and third parties.

Who wants your organization’s data even if you’re a small or medium-sized business (SMB) or local government? The answer is, you do — and ransomware threat actors know many organizations will pay to get their data decrypted. APT actors also want your data, or simply your credentials to gain access to a juicier target. Zero immunity should be assumed when assessing the attack surface and threat horizon for any industry sector.

2. Supply Chain Attacks

Nation-state threat actors represent the second horseman riding in the shadows, going largely unnoticed for far too long. If cybersecurity professionals look back at some of the most prominent supply chain attacks during the last couple of years, then names like SolarWinds, Kaseya, and Okta come to mind. Attackers targeting the software supply chain frequently exploit systems and services that are in widescale use within industries and across geographies.

This attack vector typically requires skill and planning to execute, making it well-suited to APT adversaries that have the resources to create bespoke tools and exploits that can maximize the stealth and reach of their campaigns.  

These types of attacks are why I so often write about “locking shields” in the cybersecurity ecosystem — because if suppliers or vendors aren’t protected from this type of attack, then neither are you.

3. Collaboration Among Threat Actors

Our third apocalyptic rider travels with the herd, expanding the threat landscape as they go. There is increasing evidence of collaboration between discrete attack groups and the use of initial access brokers (IABs). These brokers gain access to networks and establish backdoors before advertising and selling that access to attack groups on the dark web.  

These groups and their affiliates are increasingly sharing knowledge and tools with each other. In a recent case, a threat group offered a bug bounty to others to help improve its code. This collaboration is a significant driving force behind the pace and sophistication of attacks.

4. Reactive Defense Strategy

The final horseman of the apocalypse in this cyber scenario is actually ourselves — as cybersecurity professionals race to head off the other horsemen galloping toward our networks. Unfortunately, we often represent organizations choosing to take a solely reactive approach to their cybersecurity defenses, placing ourselves at great risk of getting run over by the incoming steeds.  

Hands-on-keyboard attacks are certainly one reason why this is the case. The speed at which these attacks can unfold means responding in real time, something that lies beyond the abilities of most organizations.  

Meanwhile, supply chain attacks and the sophistication of the general cybercrime ecosystem are increasing. Because of the stealthy nature of these attacks and their use of genuine compromised credentials — usually remote access or admin and service accounts — the initial access activity typically evades traditional monitoring tools.  Without proactive and preventative measures in place, initial detections often arrive too late. 

But this reactive horseman need not be one against which we are defenseless. Instead, we must now sidle on over to a proactively preventative security path.

Stopping the Cyber Apocalypse   

In addition to applying patches and attending to other security hygiene measures as quickly and effectively as possible and practical — I believe cybersecurity best practices should involve deploying defensive technologies that leverage artificial intelligence (AI) and machine learning (ML) techniques to anticipate and prevent malicious activities.

While many security providers’ claims around using AI or ML in their offerings may be true, they may use AI to optimize and automate some aspects of their heuristics or signature-generation processes. But they fall short of the full promise of AI — preventing cyber threats.

It is important to choose an AI that has trained on billions of diverse threat data sets over several years of real-world operation and has been tested across an array of cybersecurity applications to identify and prevent malware.

In the final analysis, a layered defense relying on AI-based network and host visibility, capable of blocking most threats before they can execute, stands the best chance of detecting threats and defeating the four horsemen of the cybersecurity apocalypse — both now and in the future.

Read the full article in Security Magazine.

John McClurg

About John McClurg

Sr. Vice President and CISO at BlackBerry.

John McClurg serves as Sr. Vice President and CISO at BlackBerry. McClurg engages the industry around the globe on the risk challenges today and how BlackBerry uniquely mitigates them with the application of machine learning and other AI supported solutions. He champions a move from a historically reactive security posture, to one focused on proactively predicting and mitigating future risks.

Before BlackBerry, McClurg served as the Ambassador-At-Large of Cylance and as Dell's CSO, where his responsibilities included the strategic focus and tactical operations of Dell’s internal global security service. He was also charged with the advocacy of business resilience and security prowess, the seamless integration of Dell’s security offerings, and with improving the effectiveness and efficiency of security initiatives.

Before Dell, McClurg served as the VP of Global Security at Honeywell International; Lucent/Bell Laboratories; and in the U.S. Intel Community, as a twice-decorated member of the FBI, where he held an assignment with the U.S. Dept of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence.

Prior to that, McClurg served as an FBI Supervisory Special Agent, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, or what is today known as the National Infrastructure Protection Center within the Dept of Homeland Security.

McClurg also served on assignment as a Deputy Branch Chief with the CIA, helping to establish the new Counterespionage Group, and was responsible for the management of complex counterespionage investigations. He additionally served as a Special Agent for the FBI in the Los Angeles Field Office, where he implemented plans to protect critical U.S. technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces.