When it comes to cybersecurity preparedness, it’s not about “if” but “when” an incident will occur. This illustrates an urgent need for organizations to increase cybersecurity awareness and education to better prepare themselves against an inevitable cybersecurity event.
Here are the top three cybersecurity trends we think are worth watching as we approach 2022, and how you can prepare your organization to be ready for the possibility of these threats.
Ransomware attacks have made headlines for well over a year at this point, even making an appearance as the lead storyline in various TV shows, for good reason. The ransomware global attack volume increased by 151% for the first six months of 2021 compared to the first six months of 2020.
But what exactly is ransomware? Ransomware is a type of malware that encrypts files once inside an organization’s network. Doing so makes the files unusable, as well as the systems that rely on that information to run, enabling malicious actors to demand a ransom in exchange for decryption.
Knowing this, it’s easy to see why ransomware has grown in popularity as the world experienced a rapid acceleration to remote and hybrid working models.
On-prem Network Challenges
The shift to remote work sent traditional on-premise (otherwise known as “on-prem”) networks into a spiral. On-prem tends to be custom built, meaning there are multiple manual requirements that must be met to ensure the network operates as it should. From patching and updating software to ensuring the network remains clear of vulnerabilities, on-prem networks require multiple teams across various roles to not miss a beat. But that is exactly what happened.
While IT and security teams spent the last two years working to ensure remote staff had access to the data and tools they needed to do their job, updating and patching vulnerabilities fell to the backburner. This was not intentional; on-prem networks require significant maintenance across multiple departments. In the new work-from-anywhere world, organizations found that small details started to slip through the cracks. And over time, as organizations missed patches and critical vulnerability updates, those vulnerabilities grew in both complexity and size.
Coupled with the missteps of upgrades and patches is network accessibility. For on-prem networks, employees often require access through a VPN, which can introduce a number of vulnerabilities.
Cloud-based Organization Challenges
These security challenges weren’t unique to on-prem networks. Cloud-based organizations face their own security challenges, as well, ranging from misconfigurations to insufficient credential and access management.
Additionally, threat actors are making it easier for others to run attacks. In fact, there has been an increasing amount of material online that makes running ransomware attacks easier.
Look for Security Talent Now
The challenges organizations are increasingly facing related to network security highlight the need to create a defined vulnerability program to more effectively and efficiently identify and mitigate vulnerabilities. But this presents two new challenges for organizations:
- Gaining visibility and an understanding of the organization’s threat surface, and
- Finding and hiring the right staff who understand basic vulnerability management.
Most organizations don’t know where to start in the hiring process, especially since the threat landscape continues to evolve faster than hiring efforts. The past year has shown us that relying on software products alone to fill the gap just doesn’t provide the layer of security most organizations expect it to. And this is primarily because of lack of trained staff. After all, without properly trained people to run and manage the software, it will not be successful. As we move into 2022, we’ll likely see organizations start to invest in more training and intelligence around cybersecurity initiatives.
Additionally, we will also likely see organizations continue their use of third-party specialists to help map out the organization’s threat surface and identify ways to effectively fill the gaps.
2. Old Attacks, New Targets
History often repeats itself, and cyber attacks are no different. But in the case of cyber threats, the same attacks keep happening because they continue to work.
Consider the T-Mobile attack in August 2021. The hacker who accepted responsibility for the attack explained he was able to access sensitive customer information as a result of unprotected routers starting in July. By August 4th, he had stolen millions of files, many of which were being sold online by August 16th.
This incident underscores the importance of security log monitoring, log aggregation, and having security logs from your connected devices. Logging and monitoring are some of the best policies an organization can implement across its network because it grants visibility into events when they happen.
Greater visibility empowers organizations to recognize when something is amiss in a matter of seconds, not weeks or months. Reducing the time to respond not only minimizes the impact of the cybersecurity incident, but could also deter threat actors from targeting your organization in the future. In 2022, we can likely see more organizations exploring security log monitoring and working towards hardening their cybersecurity policies. But don’t expect to see big changes happen right away; many of these processes are extremely complex and expensive, and they often require a very specific skill set.
3. The Human Factor
Humans are, quite frankly, still an organization’s weakest link. From not patching systems or remediating vulnerabilities, to falling victim to phishing scams, humans present the greatest risk for organizations. This is why employee education is so critical to an organization’s cybersecurity efforts.
In fact, a joint study completed by Stanford University Professor Jeff Hancock and the security firm, Tessian, found that 88% of data breach incidents are caused by mistakes employees make. And threat actors know this; there’s a reason they recycle old attacks on new targets. The reality is that it doesn’t matter if you use the most expensive security solutions available. They still need to be implemented correctly and kept updated, a job that many organizations often forget or overlook.
Putting cybersecurity on the backburner when there’s no immediate threat puts organizations in a challenging position. Missing even just one update can open an organization up to a variety of vulnerabilities that only grow in complexity and size over time, opening the organization up to a variety of malicious threats, including ransomware. In 2022, expect to see an increase in efforts around employee education programs to increase awareness around user error that can unintentionally wreak havoc for an organization.
Protecting Your Organization
In a recent survey from Ponemon Institute, organizations reported that nearly 50% of cyber attacks that caused severe business disruption were by repeat offenders. And 61% of those victims said they were unable to remediate these compromises, leaving critical systems and data at risk.
Effectively preparing your organization against the threat of cyber attacks requires increased visibility of the threat surface. Doing so offers insight into what vulnerabilities you have so you can remediate them in a timely fashion to effectively enhance your security posture.
To set your organization up for success, consider leveraging an acceptable framework, like NIST, to establish strong cybersecurity controls to help manage and reduce cybersecurity risk. Additionally, MITRE’s D3FEND framework helps organizations understand how others were hacked, thereby providing insight to recognize threat patterns before you’re attacked. This also provides organizations with a better understanding of their own cybersecurity posture.
From increasing awareness in the types of traditional cyber attacks, to better educating your staff around the types of threats that exist, it goes a long way to stay on top of the evolving threat landscape. But greater awareness and creating plans around various frameworks are just the start; organizations need to test those plans to ensure the people and processes in place do what they should. Services such as penetration testing, social engineering and ransomware preparedness services can help organizations take a proactive approach to cybersecurity.