Last month Andrew Howard was interviewed by Infosec’s Chris Sienko, on the top risk and cybersecurity trends for 2022. The podcast can be accessed here.
Think there’s nothing new under the sun? With cybersecurity trends, you wouldn’t be far off the truth. Every year opinion leaders outline the main cybersecurity trends to watch and often enough, the only substantial difference in content is the publication date.
That said, nothing stays the same–what is an emerging trend eventually becomes a widely accepted norm. What are “cybersecurity trends you need to know about” become “cybersecurity trends you need to take action on.”
In this podcast, Kudelski Security CEO Andrew Howard, discusses six of the biggest cybersecurity trends in 2022. He outlines how the theme or practice in question has evolved, what the current state of play is, and what reflection or action security leaders need to take.
Cybersecurity trends in ransomware, trends in WFH as well as quantum computing and the top cybersecurity skills to develop in order to become a cybersecurity professional are all covered. The interview breaks down largely as follows:
0:00 – Andrew Howard’s own experience of getting into cybersecurity
4:00 – How has cloud security evolved? Persistence of hybrid approaches
8:20 – The next cybersecurity innovation and quantum computing; regulation and the challenge of securing sensitive data using current algorithms in the future.
10:54 – The state of ransomware, the tool of choice for nefarious actors to monetizing threats, and practical ways to address the challenges
12:57 – Cybersecurity supply chain issues and the risks of third-party service providers
16:18 – Cybersecurity, the hybrid work environment, and employee-employer trust deficit (access control and insider threats)
18:42 – The year of cyber insurance and exclusion of ransomware from coverage
20:35 – Department of Defense directive to close security gaps in the government networks and systems
22:15 – The magic wand: Three things Andrew Howard would change in cybersecurity – resolve the security protocols in the Internet earlier, fix authentication behind email, overreliance on security awareness and training
28:10 – Advice to 2022 cybersecurity students; top skills to get a great cybersecurity career: problem solving skills, data analytics skills, scripting automation programming skills
29:37 – Kudelski Security
30:58 – Blockchain security in 2022
31:57 – Learn more about Kudelski Security
You can listen to The Cyber Work Podcast, Predictions for cybersecurity in 2022, here.
Over the past year, security companies have witnessed the massive impact that ransomware attacks like SolarWinds and Kaseya have had on businesses. As businesses play catch up to the tactics used by hackers to deploy malware, even more sophisticated approaches are unleashed. As we prepare for 2022, ransomware is one thing it’s safe to say is here to stay. Here’s what companies need to consider as they evaluate their cyber hygiene and prepare for 2022:
Expect Ransomware Attacks to Double, if Not Triple
Next year will likely bring double, if not triple, the number of ransomware incidents we saw in 2021. Hackers have seen success from ransom payments – and the number of companies willing to pay is growing. At the micro level, companies know they lack the resources to reclaim their systems on their own in a timely manner, which leaves them with little to no choice in terms of opening up their wallets to attackers. But if we consider the macro level, paying ransomware exacerbates and accelerates the problem by incentivizing and equipping more numerous, skillful attacks. A growing number of companies are paying; at Kudelski Security we see more and more clients who are paying. Until the incentive structure at the micro level vs. macro level align, we will remain in this ransomware conundrum.
Ransomware is now far beyond a security concern; companies are finding themselves in ethical dilemmas surrounding whether or not they can – or should – pay a ransom. The reality is this: the organization cannot identify who they pay to remove the malware from their systems. Eventually, some company is going to be linked to paying a terrorist, which will refocus the debate on regulation.
Supply Chain Disruptions are Far from Over
Between the proven case that more companies than ever are paying ransomware and the slew of supply chain compromises we can expect to still see well into 2022, a vicious cycle is brewing.
The supply chain has been plastered all over the news the last few months in terms of delayed shipping and worries about out-of-stock items ahead of the holiday season. Beyond these inconveniences, the supply chain – including critical infrastructure like oil pipelines – faces the dangers of ransomware attacks due to the chain-like reaction that it has on companies and their partners. In these breaches, far more companies are impacted than the first to be hit or the even the overall intended victim. These more sophisticated attackers can target multiple companies at a time, disrupting each one’s system as they move through the partner companies along the chain.
Moving forward, we can expect to see more and more companies within a supply chain fall victim to ransomware attacks. We’re also likely to see attackers go after managed security providers and law firms, which enables them to attack the hundreds of clients they’re serving at the same time.
Learn about Kudelski Security’s incident response services here.
The Top Ransomware Targets
Cybersecurity, and the tools that are associated with it, are often perceived as extremely expensive. Small and medium sized businesses are massively exposed to ransomware given their lack of protection and how underserved they are by the security community.
Medical ecosystems will also continue to be a top target. The medical industry drives deeper pressure surrounding the amount of time a company must deliberate on paying the ransom or attempting to remedy the situation on their own. Concerns about physical safety will drive more healthcare organizations to make ransomware payments, which in turn, will drive more attacks.
Further, attacks are unlikely to carried out on actual medical systems or devices but will continue to be straightforward, IT-focused attacks. In general, attackers will continue to target billing systems, patient records and ERPs because attacking the enterprise systems is sufficient to accomplish their objectives. If a hospital’s billing and/or patient system is down, it effectively shuts down the hospital, making IT systems in healthcare a primary target for the foreseeable future.
How to Mitigate Ransomware Attacks
Over the next year, with so much increased incentive for ransomware attacks, now is the time for companies to equip themselves with the proper tools and training to set their employees, customers and company partners up for success. Rather than focusing solely on their ransomware backup strategy, companies should use their resources to evaluate their cyber hygiene and endpoint detection and response strategies. It is crucial to fixate on the root causes, not just the symptoms of the overall problem.
This article was originally featured in VMblog.
The security industry has faced a variety of challenges throughout 2020. The pandemic put pressure on security and IT operations and shone a spotlight on underlying issues many organizations were facing in terms of their digital transformation and security posture. If that wasn’t enough, the threat landscape also shifted and is now more volatile than ever.
As security leaders prepare to handle what lies ahead in 2021 and beyond, there are three key trends they should pay special attention to: the increase in adoption of policy-based security models, new ransomware threats and greater utilization of artificial intelligence.
Adoption of policy-based security models
The prospect of moving an onsite workforce to a remote setting had a huge impact on many organizations, as they realized they weren’t ready for such a dramatic shift. Moving to remote work due to COVID-19 exacerbated the shortcomings of the traditional enterprise perimeter security model. This led to more organizations choosing policy-based security models, such as Zero Trust, to ensure the protection of their employees while remote work continues to be a norm.
As remote work becomes more normalized – beyond the pandemic -, rather than equating trust to a corporate network location, a Zero Trust model analyzes information about the user, data, applications and devices to contextualize security risks and dynamically adapt access rights. Successful adoption will depend on organizations fully integrating various tools within their environment, from authentication systems and network security appliances to endpoint detection and response.
Increase in data breaches and ransomware attacks
Attackers are constantly changing their methods, resulting in new and evolving risks. It is important for companies to be prepared and aware of new threats to stay ahead of them and protect their data from any potential compromise.
Looking ahead, companies should expect to see an increase in ransomware, with bad actors increasingly threatening to expose encrypted files if they refuse to pay a ransom.Organizations have begun to do a good job in building, testing and operationalizing their office backup strategies to mitigate the risk of ransomware. Unfortunately, most of these organizations have failed to mitigate the actual risks, if data has been compromised before – whether directly from the company or through third parties – threat actors will still be able to gain a foothold into the company’s assets. The focus moving forward should fall into ensuring they have robust backup and data recovery strategies that can help address the systemic weaknesses attackers are exploiting.
We’re also going to see a considerable increase in the use of illicit Auth 2.0 grants to compromise accounts. In general, organizations have created better phishing awareness programs, increased multifactor authentication, and created rules to detect anomalous logons; however, attackers have shifted to trick users into Illicit Oauth 2.0 grants. To prepare, companies should limit which applications can request OAuth 2.0 grants from end users or disallow specific OAuth 2.0 scopes from ever being granted.
Utilization of Artificial Intelligence
We will see an increased utilization of AI particularly within the IoT and OT industries, given the technology’s ability to help automate many tasks to reduce costs and improve productivity. However, as security leaders decide to adopt AI, they will need to prioritize the integrity of the data and make sure basic cyber hygiene protocols are in place.
Utilizing AI without the basics – from asset and patch management to user awareness – will only exacerbate the number of breaches we will see, as simpler exploits will be able to leverage any weak spots.
Looking ahead to 2021 and beyond, organizations need to be prepared to secure their resources no matter where they are accessed from. Leaders will need to make sure they add security-based policies to their business continuity plans as well as understand all the threats’ shifts and how to adopt new technologies to mitigate potential risks.
This blog was originally featured in VMblog.com
The Internet of Things (IoT) is fast turning into an intrinsic part of the digital transformation for industries such as utilities, transportation or manufacturing. The market is expected to reach a value of $922.62 billion by 2025, becoming one of the biggest catalysts for new emerging technologies.
Although Industrial IoT (IIoT) adoption offers benefits ranging from automating and optimizing the business to eliminating manual processes and improving overall efficiencies, security continues to be an afterthought, one that creates risk that industrial organizations are ill-equipped to manage.
The Trickle-Down Effect
The lack of mature security frameworks and the breadth of security considerations are big barriers for the improvement of IoT security. Today, there is no common approach to cybersecurity in IoT, which leaves the door open for device manufacturers to take their own approach, resulting in undeveloped or underdeveloped standards to guide adoption of IoT security measures and best practices.
In many cases, manufacturers designing IIoT devices are challenged to integrate effective security controls into the product design, which results in devices having little to no encryption for securing data at rest or in transit. Because security is not built into the device at the onset, users struggle with securing them after they have been implemented, constantly leaving the door open to potential cyber-attacks, which could lead to operational downtime, loss of customer data and even end-user safety hazards.
This challenge becomes compounded as users come up against other complicating factors, such as:
- Complexity of the ecosystem – an IIoT ecosystem is an amalgamation of diverse, dynamic, independent, and legacy devices that intertwine communication protocols, interfaces, and people. Such complexity hampers the ability of IT security professionals to even start with the most basic cyber hygiene, such as changing default passwords, keeping an inventory of hardware and software components on the company network or patching applications regularly.
- Intricate monitoring and management – the more complex an environment, the more likely it is that IT administrators lack visibility, access, and control over one or more of its components. Moreover, the deployment of IoT devices on legacy infrastructures and non-IP based devices also exacerbates the IT administrators’ inability to monitor and control these devices.
- Lack of IoT security awareness and knowledge – the lack of understanding of connected devices and architecture security pose a significant challenge. Most organizations don’t have a full understanding of the risk and exposures they face to protect their devices or the real impact (both positive and negative) those devices have on their security posture.
Thinking of security as an afterthought is one of the most common mistakes when building or adding new connections. IIoT can be effectively disruptive if done properly when done poorly it creates unnecessary risks.
Industrial IoT Security – Partnering for IIoT Security Success
Many organizations don’t have the skills needed to maintain, let alone build their IIoT security architecture. For that same reason, they should consider partnering with specialists when moving into this space.
Managed security service providers (MSSPs) are adapting offerings to address the needs of complex IIoT environments. As IIoT devices have different application requirements, deployment conditions and networking needs than traditional enterprise environments, MSSPs are investing in specialized capabilities to understand how to configure devices for at-scale operations and to ensure that best practices are followed for both preventative and real-time maintenance.
Businesses considering partnering with an MSSP should take into account the expertise, resources, and services their potential partner will bring to the table. They need to look for a provider that will deliver leading-edge security features such as threat intelligence and monitoring, data correlation and device management and support, while also understanding the differences between monitoring traditional networks with these unique technologies. Leadership will also need to revisit policies and procedures on risk management through an IIoT lens and use audits and assessments as enablers for the application of relevant security controls.
The influx of IoT devices has opened up new entry points into enterprise networks that cybercriminals can exploit. Whether it is in a new connection or an extension of a legacy architecture, cybersecurity must be at the core of the IIoT implementation. Organizations will need to take a defense-in-depth approach to cybersecurity if they are to be better prepared to face the threats targeting IIoT. This starts by identifying the challenges their implementations present, from the increased complexity to awareness and management. The point behind IIoT is to create a seamless connection between people, devices, and networks and drive efficiencies on an industrial scale. If this is to be achieved, cybersecurity is the one guest that cannot be late to the party.
This article was originally featured in IoT For All.
The IoT market continues to grow, with investments expected to top $1 trillion by 2020, according to IDC. With the rollout of 5G, Ericsson forecasts that the number of cellular IoT connections is expected to reach 3.5 billion by 2023, and DBS Asian Insights predicts that IoT devices and services will reach an inflection point of 18-20% adoption in 2019 alone.
Security continues to be one of the greatest barriers to IoT adopters in 2019. Insecure components, prevalent malware and shortsighted attempts to apply traditional security measures to IoT networks act as formidable challenges to these adopters. Heeding to this new zephyr, threat actors are also adapting and innovating new attack services and hacking tools that will be more complicated and more difficult to detect and respond to. In accordance, we can anticipate a substantial increase in supply chain attacks, IoT botnets, and cryptominers alike.
We predict that device manufacturers will put an increased focus on security in 2019 versus previous years, but the number and scope of attacks will continue to rise. Microsoft reports that more than 90% of consumers want manufacturers to step up their security practices, and 74% would pay more for a product with additional security built in. This demand will drive innovation and increased adoption of trusted hardware and software systems. It will also force manufacturers to adopt and adhere to industry recommendations for data management and privacy, bring about increased awareness of supply chain security management and so forth. Manufacturers will also look to include bug bounty programs and responsible disclosure programs for manufactured and deployed devices to improve the security of their products.
Alternatively, consumers will also pay heed to IoT security governance and adopt processes and technologies that assist in the governance of the IoT landscape — an amalgam of several technologies comprised of the cloud, device, mobile, edge devices and so forth. For instance, they will look for IoT monitoring systems and platforms for better visibility and management, data protection technologies for better security and privacy, cloud protection technologies and active threat detection technologies.
Moreover, consumers and manufacturers alike will invest heavily in technologies that assist them in determining the maturity of their security programs. Companies will also look to cyber-risk insurance to safeguard their business from formidable cyberattacks nonetheless.
Furthermore, as IoT security products and services innovation and adoption gains momentum, assisting technologies, such as machine learning, artificial intelligence and blockchain, will make strong and forced inroads into IoT security products, assisting in building improved trust, threat detection, identity management, and data and device management at scale. But, to a large extent, government regulations will bring about a culture of shared responsibility for protecting the IoT landscape.
This article was orginally featured in IoT Agenda.