In addition, ransomware, cyber public enemy No. 1, has undergone a considerable evolution with the creation of two types of ransomware: those with double extortion and those available as a service (RaaS). Unfortunately, expect to see this phenomenon continue to grow and evolve in 2022.
The task of combating this growing cybercrime can seem daunting for security professionals, especially given the forces arrayed against them. However, companies can strengthen certain identifiable control measures to help defend against rising threats in 2022.
Securing operational technologies
With the rise of attacks against critical infrastructure, it is necessary to pay attention to the security of operational technologies (OT). Operational technology security is increasingly becoming part of companies’ cyber strategy, as they gradually expand their security programs to include them.
They have understood that due to the nature of the systems involved, they cannot simply apply traditional IT security tools and concepts to them. Indeed, by performing a network port scan with their usual techniques, they risk paralyzing machines. Fortunately, companies are equipping themselves with the number and quality of tools dedicated to the security of OT and IoT (Internet of Things) equipment.
Securing apps
The Kaseya and Solarwinds incidents have reminded the market of the need to strengthen application security. Bugs in the code turn into vulnerabilities that can be exploited by hackers.
The DevSecOps (development, security, operations) framework thus makes it possible to integrate security into the product development cycle. By incorporating application security tools into the development process, development teams can more quickly spot flaws in their code and fix them before it is delivered to customers.
It is also essential to perform regular application monitoring, looking for new vulnerabilities. By investing in a DevSecOps program, companies can help prevent the next Solarwinds attack.
Be able to rely on backups
Of course, all the previous suggestions will not make the network invulnerable, which is why it is essential to also think about how to recover its critical data in the event of an attack. Having a robust backup infrastructure in place will significantly reduce the duration of business interruption after an attack.
Even if a company chooses to pay a ransom to get a ransomware-hit system unlocked, not all attackers consistently restore access to their data. Additionally, companies can never be sure that malware isn’t lurking in their system, waiting to re-offend (most blackmailed companies are attacked again).
Having a disaster recovery plan that provides for the restoration of data from reliable backups is therefore necessary.
Isolate the first infected system
This is the next step in the evolution of security. Organizations can advance the self-isolation concepts of Endpoint Detection & Response (EDR) and expand their detection capabilities to include security tools such as firewalls, web gateways, and related technologies.
Extending these features can be a way to dramatically improve response times and reduce the ability of malware to spread through their network. As attacks become more publicized, organizations realize that the cost of a false positive is significantly lower than the cost of an attack, and they are increasingly willing to employ isolation technologies active and defensive.
Take the example of Colonial Pipeline: the company isolated its IT environment from its operational environment in order to prevent the spread of ransomware. XDR takes this defense to an even finer level. Rather than isolating an entire network, why not isolate the first infected system to prevent contamination of others?
Raising awareness
Once, a colleague asked a client, “How many people does your company have?” Answer: “22,531.” Then he asked: “And your security team? Answer: “22,531.” This anecdote perfectly illustrates the importance of security awareness. When companies trace back to the initial vector of most attacks, it’s usually “someone clicked on something the wrong thing.” »
Organizations with an active security awareness program can significantly reduce their attack surface. This can be as simple as regular phishing quizzes, or monthly training webinars hosted by the security team.
Anything that causes employees to ask questions like, “Should I open this attachment?” or “Should I click on this link?” will increase the security of companies compared to the situation before the launch of the program. No need to teach everyone to become a security expert, just to do their job safely.
Organizations must therefore pay close attention to the evolving threat landscape. Examining historical trends in this area and then comparing them with the defenses in place can help them prepare for the next big dangers looming on the horizon.