Throughout 2021, as we made steps towards recovering from the pandemic, demonstrating effective cyber-resilience became more crucial than ever, says Rory Duncan, Go to Market Leader, Security, at the IoT services company NTT UK & Ireland.
With ongoing adoption of hybrid working models, many enterprises will experience continued pressure on their ability to detect threats in 2022. To keep their systems and employee and customer data secure, businesses leaders should prioritise security. To help understand the threats of today, enterprises should first look towards the key cybersecurity trends and vulnerabilities of the past year. This will then help them to identify potential attacks and prioritise areas for improvement across their cybersecurity strategy.
Cybercrime’s big hits of 2021
A primary cybersecurity trend we’re seeing is the rise of supply chain attacks. For cybercriminals, targeting a middleware or infrastructure provider quickly became a reliable way to focus higher up the supply chain and have their malicious payload distributed to thousands of organisations. A key factor in these supply chain attacks is their ‘trickle-down’ impact – by targeting trusted infrastructure, the impact of the attack isn’t only experienced by the organisations themselves, but also by end-users. Severe supply chain attacks in 2021 have served as a wake-up call for organisations across the globe to increase awareness and concern over the safety of their key assets.
Another key cybersecurity trend of the past year was a shift in the ‘business’ of ransomware. While the technical sophistication of ransomware hasn’t hugely increased, certain areas of the ransomware industry have seen major rises – notably double extortion and Ransomware-as-a-service (RaaS).
Double extortion ransomware involves the traditional method of encrypting data and demanding a ransom to release it. It then uses data exfiltration to copy the encrypted data to a remote location such as the cloud, before demanding an additional ransom for the attacker to delete their exfiltrated data. If the ransom isn’t paid, the attacker will then either sell the data to another cybercriminal or publish the data online.
When it comes to RaaS, the model has turned ransomware into its own industry. The RaaS business model involves cybercriminals selling or leasing ransomware platforms to those looking to benefit financially from disrupting a company’s operations. This allows even technically unskilled cybercriminals to launch entire ransomware campaigns.
As part of this, we’ve also seen a rapid exploitation of vulnerabilities, which isn’t something that an organisation can deal with alone. Businesses should look to deploy threat intelligence and detection solutions, alongside an incident response plan, to help deal with the likely impacts of new vulnerabilities. Vulnerability awareness also has a part to play here, encouraging both enterprises and customers to understand potential threats and apply necessary patches. When it comes to software issues, customers are often unlikely to identify these independently, so raising awareness and helping them to develop response plans for incidents can mitigate further risk.
Rising hybrid working risks
In addition, hybrid working is here to stay and this is posing new challenges for security teams – although there is a push by organisations to get people back into offices, with some organisations recommending a 20 per cent reduction in salary for full time remote working.
If you’re going to do that and allow 100pc remote working to be an option, it’s not only crucial that your security enables remote working, but your processes and controls must become even more robust. To achieve this, we’ll no doubt see a drive towards more cloud adoption and service availability guarantees.
This aligns with the slight shift in language around Secure Access Service Edge (SASE) and Security Service Edge (SSE). Cloud-delivered security controls will have to be brought to the fore. We’ve always said that SASE was SD-WAN and cloud security as a consolidation play on premises and that didn’t fit with the remote workers. They needed the same security controls (or better) without hair-pinning traffic through our corporate data centres which is driving the SSE story.
With SSE, we start to emphasise the need for strong end point controls, which segues into the detection and response area. Speed of detection is key, better still if the threat is contained before it can do damage. WAAP also brings together the Web App firewalls and API security – we can expect to see this as an area of growth as the focus on delivering apps to the distributed workforce and our customer-base expands. At the same time, we’ll see the increase continue in cloud workload protection and containerised security demands. This drives the secure by design, edge to cloud conversation.
Defending against threats
There are a number of key steps enterprises can take to help defend against these rising threats, including:
-Raising Awareness – Increasing security awareness across the entire enterprise should be a priority for 2022. Organisations with an active security awareness training programme can dramatically reduce their attack surface, as it will ensure employees are completing tasks in a safe manner. Training could involve simple activities, such as routine phishing quizzes or monthly educational webinars by the security team, and should aim to get everyone thinking about their role in keeping the organisation secure.
-Controlling potential damages: We often talk about improving threat education for users, but there is a responsibility on us to ensure that if that link is clicked, we have controls in place to limit the potential damage. There was great debate about an advert at this year’s SuperBowl – a bouncing QR code. We use QR codes frequently so how do you differentiate between good and bad QR codes as a user? We absolutely need to keep information security awareness high in organisations.
-Adapting Security for Distributed and Hybrid Working Models – The continuing prevalence of remote and distributed working requires an evaluation of access to data, identity and authentication. Enterprises should look to remediate and consider the various trust models that underpin access to their systems, as the data that is being accessed is no longer just in our own datacentres.
-Adopting Extended Detection and Response (XDR) – Extending detection capabilities of EDR (endpoint defense and response) to include more than security tools such as firewalls and web gateways, can dramatically improve response times and reduce the ability of malware to spread through your network. XDR essentially takes security to a granular level. Instead of isolating an entire network when faced with an attack, it can instead isolate the first breached system to stop the threat from spreading.
-Bolstering Application Security – Bugs in code can turn into vulnerabilities, opening up opportunity for exploitation and hacks. To avoid this, it’s crucial for enterprises to embed application security tools within the development process through DevSecOps (development, security, and operations). In doing so, development teams will be able to identify security holes in their code and correct them before it reaches customers. Teams should also conduct regular application scanning to uncover vulnerabilities lying in existing code.
Re-evaluating security measures
As businesses consider their ongoing cybersecurity strategies, they need to revisit and re-evaluate existing processes from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7 per cent of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental.
Moving forwards, we will have to embrace stakeholders on their own terms in order to get the newly remote worker access to the data they need. This should be delivered from an application infrastructure that the enterprise may or may not control, over trusted and untrusted networks. This infrastructure should allow offices, transport hubs and manufacturing sites to operate as OT and IT coincide and newer technology solutions allow access to data in and across complex physical environments. A key example of this would be through a private 5G network.
The principle of least privilege is critical to revised security strategies – but it must be proportionate to the organisation to ensure that the complexity that could arise from Zero-Trust architectures is actually improving the organisation’s security posture.
The ability to respond quickly and effectively across the distributed IT environment will be paramount for enterprises this year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.
