5 min read
The growing threat of cyber adversaries loomed over organizations throughout 2021, and it shows no signs of slowing down as we enter March 2022.
As teams continue to work from home or test out hybrid work models, their security frameworks have often been insufficiently protected against sophisticated cyberattacks. Nation-states, organized crime syndicates and other cybercriminals have capitalized on this opportunity, using a variety of methods to exploit weaknesses in organizational systems. This resulted in 61% of organizations that fell victim to a ransomware attack in the last two years being forced to pay the ransom, and by October 2021, publicly reported data breaches had already surpassed the total for 2020.
2022 presents an opportunity for businesses to take an active role in protecting their sensitive data and preventing hackers from turning them into the latest headline for all the wrong reasons. Read below to see how organizations can best prepare themselves for the future threats that may come this year and beyond.
While it’s no secret that quality leadership is critical to running a successful business, ineffective leadership can greatly increase the risk of cyberattacks. With the rise of breaches that security professionals can expect to continue into 2022, an effective defense starts with strong leaders. It’s imperative that leaders adapt to new work dynamics significantly faster than they’ve historically had to, particularly when it comes to how cyber adversaries will plan to manipulate them.
Security professionals will be put under more pressure in this cybersecurity climate. In this scenario, defenders’ networks, which are already riddled with holes and missing capabilities for digital adversaries to exploit, will fall short of meeting the fundamentals of relevance. Leaders that focus on the “why” rather than the “how,” and reflect on their talents to lead, retain and recruit their employees will come out on top.
A stressed and inefficient security operations center (SOC) makes a company a target, resulting in the loss of brilliant employees in an already competitive industry — and the potential loss of business due to data breach-related reputational harm. Instead, SOC leadership should keep a close eye on employee morale and job satisfaction.
From a technical and human standpoint, the challenge now is: how quickly can the defending company respond to such frequent and rapid attacks — and enhance corporate culture in the process? Cybercriminals are increasingly targeting businesses that are undergoing major financial events, such as acquisitions and mergers, because security teams are likely to be unstable, stressed and managing integrations during this time. In addition, C-suite executives must guarantee that they are not the weak link in the cybersecurity chain, as they are also among the biggest targets for attackers.
This cybercrime tidal wave will not be going away any time soon. Still, if SOC employees focus on knowing the adversary and hire leaders who focus on fostering a positive culture that improves morale, a better defense outcome can be achieved.
Constant Visibility and Improvement
For businesses, ransomware is an end problem. It’s not a question of being hit by a cyberattack and then wondering, “What do we do now?” because it’s far too late by then. Rather, the question should be, “How do we make ourselves less of a target to begin with?” The essence of the issue is that businesses have a false sense of security, believing that they are immune since they’ve implemented a new compliance tool or moved to the cloud. It’s not as straightforward as that. Cybersecurity isn’t a one-and-done exercise. Too many businesses still have the idea that they can get away with ignoring the fundamentals of basic cyber hygiene.
Having visibility across enterprise systems is the first step. Simply said, if security professionals don’t have a full view of their assets, they cannot protect them. This knowledge will aid teams in gaining a clear grasp of normal user account and device behavior, allowing them to recognize anomalies more easily when they occur. Furthermore, distributed workforces and a work-from-anywhere culture have resulted in less visibility, control and knowledge of abnormal user behaviors.
The combination of scattered workforces and more employees utilizing personal devices for work will continue to increase the danger of “Bring Your Own Device” (BYOD) security concerns, resulting in larger attack surfaces and greater vulnerability to security threats.
Controlling Access Points
What do ransomware, phishing, advanced persistent threats (APTs) and other similar threats have in common? Access. Organizations should expect all of these attack tactics to develop in 2022, but initial access brokers (IABs) are a critical area to watch out for that is oftentimes overlooked.
Initial access brokers are criminal individuals or organizations that resell credentials on the dark web. Buyers can then utilize the information to do more damage to a business while remaining unnoticed.
This information will continue being used by nation-state entities in particular to carry out ongoing and persistent access attacks. They will keep developing exploits in the hopes of launching a full-fledged cyberwar in the future, similar to trench digging in conventional warfare.
Controlling access points and reducing overall dwell time are critical to thwarting today’s most common attack methods. One of the simplest avenues for businesses to do so is to prevent compromised credentials incidents, which account for 61% of breaches today, and to monitor user behavior. This gives the context needed to rebuild confidence and defend user accounts in real time, thereby stopping fraudulent access in its tracks.
With worldwide ransomware payments expected to reach $265 billion by 2031, hackers now have the resources they need to collaborate in new and improved ways to breach organizational frameworks all over the world.
As 2022 progresses, it’s encouraging to see businesses prioritize cybersecurity. In order to combat the growing threat that cybercriminals pose to industries of all sizes and types, 2022 will be a test of how successfully everyone can work together, prioritizing collaboration over competition. Given cybercriminals have demonstrated that they are well-coordinated, the only way they can be defeated is for security teams to be equally as coordinated in their defensive efforts.
The fact that governments are now mobilizing and acting against cyber threats is another sign of the importance of teamwork. Previously, it was up to each company to fend for itself, which inevitably exacerbated the asymmetry between well-funded attackers and individual defenders and resulted in costly breaches. Governments are taking a stand and pushing comprehensive, joint efforts in the battle against cybercrime, as evidenced by initiatives like California’s Cal-Secure plan. Government support is critical as cyberattacks can have disastrous implications for both the public and private sectors.
As cyberattacks grow in sophistication and harm by the year, it’s no longer an option for organizations to stand by and hope for the best. They must remain vigilant and always be prepared for what may come their way because recent history has already shown that any organization, no matter how large, may very well be the next victim. Investing in best practices as well as in the continued development of cybersecurity professionals can ensure that the only direction cybercrime trends move in 2022 is downward.
Our Take: As more companies continue to experiment with hybrid work arrangements, their security systems have become increasingly vulnerable to threats. Nation-states, organized crime syndicates, and other cybercriminals have taken advantage of this opportunity, employing several techniques to attack organizations with vulnerable security systems. To prevent cyberattacks, companies must be aware of vulnerabilities and risks associated with their practice and further adopt best practice standards; this is important in meeting the emerging cybercrime trends.
About the Author(s): Tyler Farrar is the Chief Information Security Officer (CISO) at Exabeam.
Source: Security Magazine