The last two years have proven to be the most critical in terms of cybersecurity as every organisation was forced to adopt and change their operating models. While many businesses managed to expedite their digital transformation, some may have missed key steps in their transformation journey, leaving them vulnerable and open to cyber-attacks.
Willem Barnard, Business Development Manager Cloud and Alliances and Yash Pillay, Senior Cybersecurity Sales Engineer at Trend Micro SSA, took a look at some of these vulnerabilities and also discussed cyber fightback tactics for 2022 in the wake of the release of the Trend Micro Security Predictions 2022 report.
The pandemic accelerated the adoption of digital technology for customer interactions, supply chain interactions, and internal operations by three to four years. Unfortunately, cybercrime also became exponentially more sophisticated. Trend Micro, as an example, blocked 40.9 billion email threats, malicious files and malicious URLs for customers in the first half of 2021 alone – a staggering 47% year-over-year increase.
As technological advances continue to affect bottom lines and leadership agendas, senior leaders are grappling with the significant challenge of prioritising a hybrid work model that is continuously being tested by cybercriminals.
Trend Micro researchers predict that Cloud adopters will need to shore up their defenses if they are to weather attacks from actors intent on both using tried-and-true methodologies and innovating by following new technology trends. Ransomware attacks on data centre workloads and exposed services are also predicted to take advantage of the large number of employees continuing to work from home. In this regard, research, foresight, and automation are critical for organisations to manage risk and secure their workforce.
An unprecedented number of vulnerabilities will be targeted by cybercriminals in 2022. In order to help organisations make informed cybersecurity decisions, these are some pertinent points of vulnerability and some defense tactics that should be taken into consideration by security teams.
The Rise of Cloud Threats
Malicious actors are expected to continue to use low-effort but high-impact strategies in gaining access to cloud applications and services. They will continue to wage tried-and-true types of attacks and at the same time carry out ones that use new trends in technology to stay ahead of the game.
It is predicted that phishing emails to steal credentials, for example, will still be a method that persists. They will also continue to compromise SaaS applications and services via unsecured secrets, unrotated access keys, unsecure container images obtained
from untrusted sources, and immature or poorly implemented identity access control management policies.
In essence, historic vulnerabilities will continue to be exploited because many environments are simply not patched up. Different iterations of previously seen attacks are expected which means that the first line of defense must include a revisit of cloud security basics. If cloud environments are to be defended these basics must be assessed, retested and reemployed. This includes understanding and applying the shared responsibility model, using a well-architected framework, encrypting, patching, and bringing in the right level of expertise, amongst others.
Malicious actors who want to gain access to target organizations are now focusing on exposed services and service-side comprises. Hybrid work models present increased attack surfaces from less secure home-working environments and servers.
It is predicted that ransomware attacks will become more targeted and highly prominent, making it harder for enterprises to defend their networks and systems against these types of attacks. Ransomware operators are also expected to use more modern and sophisticated methods of extortion to infiltrate their victims’ environments.
To remain protected against evolving ransomware threats, organisations must set their sights on protecting their servers with stringent server-hardening and application control policies. Ensuring that servers are properly configured will help defend organisations against ransomware attacks and other threats.
Smart devices have long been tempting marks in the eyes of malicious actors banking on the fact that the limited computational capacity of most IoT devices leaves little room for built-in security. Compromised IoT devices have been used in different kinds of attacks as the limited computational capacity of most IoT devices leaves little room for built-in security.
It is predicted that companies, particularly those in smart manufacturing, will be exposed to more cyberthreats as they transition to the hybrid work model and continue to use remote connection services.
For organisations whose workforces rely on IoT devices, Improved network monitoring and visibility to safeguard their IT environments against threats arising from IoT adoption are critical. Intrusion prevention and detection systems (IPSs/IDSs), network forensics tools (NFTs), network behaviour anomaly detection (NBAD) tools, and network detection and response (NDR) tools can help them keep close watch over the goings-on in their networks in the coming year.
Global Supply Chains
The Covid-19 pandemic has shone a hard spotlight on the fragility of supply chains globally. As the value of supply chains is becoming more evident, cybercriminals are becoming more sophisticated in their attacks.
It is predicated that malicious actors will exacerbate supply chain disruptions, causing a surge in extortion models. Targeted attacks will take advantage of new partnerships that may not have robust security strategies in place yet and vulnerabilities caused by globalisation strategies.
To keep supply chains more robust and secure as organisations evolve their strategies, they should apply the zero-trust approach in their security practices. The zero-trust model helps secure the way in which organisations interact with other companies and exchange data via continuous verification throughout a connection’s lifetime. Through this model the health
of the users, devices, applications, and services that organisations interact with is constantly monitored and assessed.
Ultimately, digital transformation in 2022 will be a period rife with possibilities for companies and cybercriminals alike. Organisations bracing for 2022 must start by building out and implementing strategies to proactively mitigate emerging risks such as:
• Stringent server hardening and application control policies to tackle ransomware,
• Risk-based patching and a high-alert focus on spotting security gaps,
• Enhanced baseline protection among cloud-centric SMBs,
• Network monitoring for greater visibility into IoT environments,
• Zero Trust principles to secure international supply chains,
• Cloud security focused around DevOps risk and industry best practices,
• Extended detection and response (XDR) to identify attacks across entire networks