Today’s enterprise networks and architectures are more complicated than ever, and the adoption of cloud-based solutions and prevalent use of third-party services and software only makes it easier for bad actors to infiltrate and attack these vulnerable links.
The cybersecurity industry’s current approach to defense no longer works, so we predict that 2022 will bring some fundamental shifts to our views on security to best addresses the current, evolved threat landscape.
Here are trends we see ahead:
- Attackers continue to exploit modern architectures and devices.
Some of the most pernicious cyber threats businesses currently face use the structure of modern enterprise architectures to infiltrate and obscure their actions. The most common access points for these attacks are through libraries, shared files, or various points in ever-lengthening supply chains. Modern software development relies heavily on open-source libraries and common components, but developers often are not aware of vulnerabilities in this code. Based on this, it’s estimated that approximately 70% of applications host at least one security flaw. If a low-level library or common component becomes compromised, hackers can use it to infect its various dependent applications and breach multiple organizations simultaneously. Once inside, these bad actors are often able to remain undetected for months or even years.
The growing prevalence of Internet of Things (IoT) devices will also offer easy fodder for attacks in 2022. While the devices offer enhanced functionality, they are not always designed with a security-first mentality and can potentially open multiple vulnerabilities in an otherwise secure network environment. New IoT devices are coming to market every month, and users can often deploy them at home or at the office without corporate IT assistance. This creates new entry points into the enterprise, expands the overall threat landscape, and exposes an organization to attacks they may even realize they are vulnerable to experiencing. Remember the famous connected coffee-pot attack in 2020? This attack showed the vulnerable nature of these IoT devices, how difficult they are to monitor, and how they can unintentionally open the door for bad actors to gain a foothold in the network.
Regardless of how the bad actor initially gets inside the network, most attacks require communication between the program or malware inside the organization and the bad actor’s command and control (C2) infrastructure outside the enterprise for instructions, lateral motion, potential data exfiltration, and next steps. Whether an attack originated because of a modern architecture library, a supply chain vulnerability, or a new IOT device, the fact that they all require external C2 communication is the Achilles heel that enterprises can use for visibility, control, and prevention.
- A shift to a more proactive cybersecurity approach.
Necessitated by these increased risks, the coming year will see enterprises shift from a reactive to a proactive approach to cybersecurity. Constantly reacting to the latest attack is not a viable long-term strategy, and to avoid business disruptions, organizations will begin to shift resources from incident response to prevention.
Embracing this new approach means leveraging increased network visibility to know what’s occurring in real-time while also putting controls in place that let the company hit the brakes or take appropriate action when required. Visibility into outbound communication destinations lets security teams identify, detect, and stop threats that have infiltrated the network before they do damage. For instance, 90% of all attacks (malware, ransomware, supply chain, and phishing) use domain names for C2, so monitoring this traffic can give organizations a much-needed heads up.
Companies need to layer a proactive security stack to deliver proper visibility and control. This ranges from fundamental elements like Protective DNS (PDNS), firewalls, and proper authentication protocols to better employee training and AI-based monitoring software. With a solid stack in place, organizations can proactively identify suspicious (or at least anomalous) network activity, see how it changes over time, block it if necessary, and then determine what the event can tell you about organizational health, network hygiene, and a company’s overall cyber security posture.
- Adopt zero-trust.
Zero-trust policies will become commonplace among enterprises. Given our modern enterprise architecture, the proliferation of new IoT devices, and the implementation of digital solutions required to support a hybrid workforce, organizations should assume that every device and endpoint must get properly verified, both inside and outside an organization. A network must verify all users before granting access. Once on the network, bad actors are free to move laterally and access or exfiltrate sensitive data because of a lack of granular security controls and permissions. To stay proactive, we need to know to whom our systems are communicating with (internally and externally) and why.
The global average cost of a data breach is $3.62 million. Up until now, our current approach to cyber security has not worked. Zero-trust will help enterprises understand that everything inside a network does not always stay secure and some of the largest breaches have happened when malware has bypassed corporate firewalls, due to inherent trust.
Adaptability has never been more crucial to cybersecurity. If we don’t shift our thinking and put solutions in place that give us the ability to see evidence of an impending strike before it happens, we will never have truly proactive security — leaving us perpetually vulnerable to the never-ending churn of cyber threats.
David Ratner, chief executive officer, HYAS