In our previous post, we gave a little insight into what we believe will be the dominant topics in cybersecurity for 2022. In this blog series we’ll dive a little deeper into each of these themes, beginning with what we see coming in the threat landscape.
As we mentioned in the earlier blog, we still believe that ransomware and data leaks (or data breaches) will be major concerns for enterprises this year. Ransomware came to the fore in 2021 with some very high-profile attacks across a wide variety of industries.
While international leaders and others have begun a concerted effort to disrupt or disable ransomware operations, we expect that this type of attack will continue – at least in some form. Why? It’s lucrative for attackers, costing little to execute through Ransomware-as-a-Service (RaaS) on the dark web, and offering the potential for big payouts from the organizations they victimize.
Of particular concern are ransomware attacks at the supply-chain level. 2021 saw a number of attacks on the Operational Technology (or OT) that controls vital supply operations, as seen in the Colonial Pipeline attack. Others, such as the Kaseya and earlier SolarWinds attacks, have targeted the infrastructure of MSPs and SaaS vendors to compromise the data integrity of thousands of customer organizations.
Other Key Threats
Data leakage is often a component of a ransomware attack but can also occur separately. It’s a sad fact of life that data breaches are a given in today’s climate. This type of attack, once discovered, can be costly in terms of remediation, notification of affected parties, lost business, and the negative effects on the brand image of the organization.
Adding to the cybersecurity conundrum, the remote workforce engendered by the early stages of the pandemic is here to stay, according to multiple sources, though more often it’s part of a hybrid workplace now. Employers and workers alike have found it convenient and effective given the improvements in connectivity, and with the growing number of COVID variants, it has become necessary. In this model, though, the ISP, network and devices of the remote workers are not always under the control of corporate IT – making this new environment, which may include IoT devices, that much more difficult to secure.
The hybrid workforce is just one example of how the attack threat surface has expanded and continues to grow. New technologies are continuously released, and new forms of connectivity are arising too. As a CISO or other security professional, it’ll be important to consider how an organization’s assets can be secured in such a dynamic environment, which will be broached below.
Back to Basics – and Beyond
Despite the rapidly changing threat landscape, the fundamentals of security still provide a strong foundation for ensuring security throughout the expanded network surface – to the cloud, remote workers, and within the network itself. Some things haven’t changed (much); hackers still use phishing as the primary method of infiltration, inject malware to disrupt operations, and exploit vulnerabilities like log4j2, VMware vCenter and many others.
The first step in establishing a strong security posture is to follow security best practices, which include keeping malware signatures up to date. In addition, it’s critical to stay aware of vulnerability patches, and to identify critical assets that require enhanced protection.
In addition, there are a number of newer technologies that bear investigation, depending on your particular circumstances. Botnet C&C prevention, for example, can help defend against ransomware and general data breaches by preventing communication between bots within your network and the cybercriminals that control them.
Zero-Trust Network Access (ZTNA) is a concept that holds great promise to securely support access by all users – not just remote workers – through a mantra of ‘never trust, and always verify.’ Unlike VPNs, which are not easy to scale, ZTNA offers a better way to secure resources and control application access, no matter where a user is physically located.
Micro-segmentation solutions utilize ZTNA concepts to help secure enterprise VMs in public and private clouds, and stop lateral (or intra-VM) attacks, which are becoming far more common.
And finally, Extended Detection and Response (XDR) platforms are the new trend of unified protection. XDR solutions can integrate massive security data – native and third party, depending on the vendor — across your enterprise’s security solutions to provide comprehensive visibility across the entire network and all its assets. From there, XDR solutions can also delineate appropriate remediation steps to help secure your network and its assets. In short, an outstanding XDR solution that works will be able to see, understand, and act.