Rarely a week passes by without news of another company being breached, a ransomware attack crippling critical infrastructure, or a data loss event causing millions to suffer a loss of privacy. On the other hand, these same organizations are trying as hard as they can to safeguard their customers, their data and their reputations. So what is missing? Is it a gap in technology? Is it about strengthening policies and procedures? Is it simply “the cost of doing business” – an inevitable outcome of the way we work and trade today?
In this post, I will share a few of the main reasons why we are where we are, and provide some simple steps for enterprises to take to change this paradigm.
Top 5 Trends That Increase Cyber Security Risk in 2022
There are a vast number of threats and threat actors out there, and their numbers are only growing. This expansion reflects a number of major technological shifts in recent years that have contributed to the changing threat landscape.
1. Increasing Discovery of Software Vulnerabilities
Vulnerability hunting has hit the big-time in recent years, thanks in large part to the popularity of bug bounty programs and “hacker” platforms that reward researchers and share knowledge. This is not only a good thing, it’s undoubtedly a necessary thing.
However, the flipside of better vulnerability reporting is faster time to exploitation, as threat actors rapidly jump on research publications and look for victims that have failed or are unable to patch. Exploited vulnerabilities can cause serious damage to all organizations, including those running our critical infrastructure.
Phasing out unpatchable technology and obtaining visibility across the entire digital estate are imperatives. Until then, the net result is that the bar for breaching unwary organizations will keep getting lower.
2. The Hybrid Nature of Today’s Networks
Users and identity represent the new cybersecurity frontier as the world of work moves away from the office to remote or location independent. As long as users are connected, they remain part of your network, whether they are in the next office or on the other side of the world.
The new reality of a distributed workforce increases the risk to enterprises as attackers shift to targeting end users and endpoints via compromising credentials and authentication methods at any point along the entire supply chain.
Take, for example, the recent highly-publicized activities of the Lapsus$ hacker group, which among other things compromised Okta’s systems by gaining remote access to a machine belonging to an employee of Sitel, a company subcontracted to provide customer service functions for Okta.
3. The Migration to the Cloud
The new kid on the block is your cloud assets. While businesses are growing rapidly by scaling up their offering with the cloud, it makes it harder for security teams and defenses to stay on top of that risk. The security implications of AWS, Azure or other cloud assets is difficult to grasp for many businesses, even those with large SOCs.
From cloud misconfigurations and compromise through vulnerable services – think Log4J – protecting cloud workloads can be a challenging task, particularly when they are spread over public clouds, private clouds and on-prem data centers.
4. Increasing Attacks on IoT Devices
‘Smart devices’ that are connected to the internet have increased the attack surface for organizations. From networked printers to security cameras, anything connected to the public internet can serve as a backdoor into your organization.
Increased risk caused by IoT devices includes unchanged default passwords, outdated firmware with known exploitable vulnerabilities, and the lack of network discovery for many IT and security teams. As threat actors scan networks with automated tools for any sign of weakness, administrators similarly need automated tools that can identify and protect any device as it is plugged into the network.
The increasing use of unprotected or insecure Smart devices has given attackers an easy way into networks, a beachhead from which they launch attacks to steal information or commit fraud through ransomware or other techniques.
5. Increase in BYOD and Mobile Authentication
While the use of mobile devices in the workplace has been with us for a number of years now, mobiles and mobile authentication is still creating new opportunities for malicious actors to steal valuable data.
Mobile authentication, or the verification of a user’s identity through a mobile device and one or more authentication methods to ensure secure access, has opened a new stream of attacks, using recycled numbers and other new attack vectors. Recent examples include attackers using social engineering techniques against users suffering from so-called “MFA fatigue”, where multiple 2FA push notifications trick users into authenticating fake login attempts.
The Threat Landscape is Booming
The bar for compromising enterprise assets is lower than ever before. There are a few reasons for that. As one of the main operating system vendors, Microsoft plays a significant role in this area. There are too many ways attackers utilize vulnerabilities to exfiltrate secured networks. Some novel examples include ProxyLogon, Hafnium, and many others. There are growing voices in our industry criticizing the way Microsoft handles researcher vulnerability reporting, including some very vocal discussions. Other OS vendors should also improve the way they respond to vulnerabilities, and work more closely with security vendors to make their products better.
Key Takeaways – A CISO’s Cybersecurity Checklist
- Eat Your Vegetables – Always stay ahead of best practices, ensuring you kill off any “low-hanging fruit” attack vectors. This includes enforcing multi-factor authentication and deploying endpoint protection on every computer, cloud or mobile device. Use your budget and create teams who live and breathe securing your organizations. Know your adversaries. Simulate attacks and see that you are ready for the day of a breach. Create backups. There are no shortcuts here.
- Create a Coalition – Cybersecurity is not a challenge only for the CISO: It’s a priority for the company. This means the CEO, the board of directors and other senior stakeholders should be aware of the risks and consider them against the priorities of the business.
In 2022, there is no business without security. The CISO needs to ensure that all these stakeholders are aware of that and that they understand securing the enterprise does not happen in a silo. Share news, simulate breach responses, raise awareness. A breach can be caused by malicious actors or happen accidentally, but either way, it can cost companies millions in damages, lost revenue and reputational harm.
- Stay Informed, and Increase Awareness of End Users – Follow the news and share with your users. While some headlines can inevitably be overblown, they can also be motivating, and there’s nothing exaggerated about the cost of ransomware, BEC, fraud and other cybercrimes to businesses today. Keep your people in the know regarding cybersecurity risks by encouraging them to be aware and interested in cyberspace. If the topic is good enough for mainstream television, we can make it good enough for our users also.
- Get an Outsider’s Perspective – If you can run a red team, that’s great. If you cannot, work to establish periodic red team exercises to ensure there are no blind spots within your organization. If you are developing software or providing software as a service, run a bug bounty program and ensure “friendly eyes” are discovering your vulnerabilities before attackers do.
- Know Your Enterprise Assets – How well do you know the security implications of your AWS, Azure or other cloud assets? What are the security implications of running Docker and Kubernetes? Cloud-focused attacks are a rapidly growing area of interest to opportunistic and targeted attackers alike.
While the techniques used in such attacks are vast and varied, they typically rely heavily on the fact that cloud networks are large, complex, and onerous to manage. This makes agent and container security solutions critical for the defense of any organization against all cloud platforms. Look for and deploy security solutions that make this complexity simple.
- Remember Supply Chain Attacks – Be in the know to reduce the risk of supply chain attacks. Although it is difficult for any security team to monitor and approve every business application entering the enterprise, visibility into every device can provide good insight into applications that may be more vulnerable than your end users believe.
The previous year in cybersecurity showed us all how easy it is for adversaries to compromise widely-used applications. The SolarWinds and Kaseya compromises were unfortunate but timely reminders that software dependencies are a massive blindspot. When organizations rely on shared modules, plug-ins, and packages from open-source or non-security focused developers, the chance of such components being secure out-of-the-box is low.
Attacks tend to seek the easy way in, and compromising relatively weak applications that are used by many is all an attacker needs. Technology can help to maximize visibility across the entire cyber estate.
There are no magic bullets, and cybersecurity remains a challenge that requires focus, knowledge and the right solutions that fit your business needs. SentinelOne is here to help CISOs with the challenge of securing the enterprise. To learn more about how to defend and protect your organization from today’s adversaries, contact us for more information or request a free demo.