Supply Chains Attacks, Ransomware, Clouds, Zero Trust, and More Challenges
Since the White House issued an Executive Order on Cybersecurity in May 2021 to send a clear message about the government's priorities, Cybersecurity has become the main character again. The main goal is to create a nationwide commitment to enforcing Cybersecurity best practices.
The reason behind this message is the rise of national cybercrime, which is becoming more sophisticated, organized, professionalized, and diversified — all these advancements make Cybersecurity crucial for all organizations and nations.
This article will highlight the potential threat vectors and protections that may have a large-scale and global impact in 2022. Those are:
- Supply Chains Attacks
- Ransomware Trend
- API Security
- AppSec
- Cloud Security
- Zero Trust Adoption
More Supply Chains Attacks That Keeps Security Pros Up At Night
Last year was the year of cybercrime — major cybersecurity incidents like the SolarWinds breach (Sun Bursts) and the Colonial Pipeline ransomware attack have raised cybersecurity awareness among the public opinions and CXOs. Moreover, Kaseya's supply chain attack taught us all how scalable and serious such an attack can undergo.
The company acknowledged that hackers injected malicious code into its products used by tens of thousands of victims, including high-profile targets such as military and public government sectors. In addition, supply chain attackers can take various paths to slip malicious code or components into a trusted piece of software or hardware (i.e., that is why IoT devices are at risk).
Later this year, just before Christmas, Log4Shell had happened, a tool popular among the open-source community. Unfortunately, open-source components are increasingly used as a vector for malicious actors since they've seen massive penetration in enterprise environments in recent years while still lacking a lot in terms of security standards.
When compromising a tool like Log4j, attackers can capture sensitive data from hundreds or thousands of downstream users. This simple fact radically changed the economics of these types of attacks. Code repositories have become high-value targets for attackers because they often contain secrets that are very easy to leverage to gain access to valuable systems.
2021 was arguably the year of the supply chain attack, and this trend will continue. In addition, we might even see minor, less obvious supply chain attacks using the developer environment as a "gateway," especially as the former become increasingly complex and interdependent.
SMBs Will Be Ransomware's Next Prey
The increase in ransomware-related activities throughout 2021 concerned the government, manufacturing, and financial sectors. Attackers were looking for high-potential payouts, and this strategy has proved prosperous. According to an analysis by cybersecurity company Coveware's Quarterly Ransomware Report (Q1, 2021), the average ransom payment in the first three months of 2021 was USD220,298 — a significant rise from USD154,108 in the last quarter of 2020.
Yet as smaller businesses transition online and ransomware becomes refined as a cybercrime commodity, the economic landscape evolves. As a result, the odds are that SMBs will become an economically viable mark for cybercriminals looking for vulnerable systems (the effect would be amplified by supply chains attacks).
Another compelling factor is the victim's willingness to pay — As the price is too high that pushes the victim to give up the data, the attacker gets nothing. Therefore, the most profitable method is to increase the percentage of victims instead of the price of each hack. In other words, ransom price and the willingness to pay negatively correlate.
Some interesting findings: Smaller companies generally pay more from a rate-of-return point of view. In other words, a smaller company pays less in absolute amount but higher in the percentage of their revenue.
API is the New Endpoint
APIs have become the central nervous system of modern applications, bringing critical information and data from one part of the application to another or from one application to another. As a result, API security should be the priority when securing applications.
In the study by Imperva Research Labs, nearly 4.7 million web application-connected cyber security incidents. They discover that attacks are increasing, on average, by 22% each quarter. The worst thing is the blossoming rate for such attacks continues to grow with a 67.9% surge from Q2 2021 to Q3.
Web App Attacks Surge, Increasing Data Breaches
The result of this surge in web app attacks is a dramatic increase in data breaches incidents. Imperva Research Labs also found that 50% of all data breaches began with web applications earlier this year.
With the number of violations increased by 30% annually and the number of records stolen is going up by a staggering 224%, it's estimated that 40 billion records will be compromised by the end of 2021, with web application vulnerabilities likely responsible for around 20 billion.
AppSec Will Be The Top Priority for Enterprises
With digital transformation, a top concern for many organizations today, application security (AppSec) is more important than ever for CISOs/CSOs. Why? For three reasons: as mentioned above, as supply chains get more complex, the DevOps pipeline attack surface extends.
It is arguably more important as many companies have accelerated their digital transformation initiatives as buyer preferences move toward digital channels.
A study conducted by OpsRamp, which was conducted after stay-at-home orders began, finds that 61% of IT and DevOps leaders expect to accelerate their digital transformation initiatives and projects compared with earlier plans — with 58% also increasing spending. And nearly two-thirds of these initiatives fall into the areas of Agile and DevOps.
As a result, risk management becomes essentially ensures these pipelines are safe. But, developers and their privileged access will still be the perfect target for hackers. Therefore, newly hired leaders must account for AppSec from the start and build a comprehensive and strategic vision for software security.
While security will be a top priority, nobody wants to slow down the development cycle. On the other hand, security tools need to focus on developer productivity, so finding the perfect balance between these objectives will be at the heart of AppSec policies.
More Cloud Adoptions, More Challenges
Introducing cloud technology has forced everyone to reevaluate Cybersecurity. Your data and applications might be floating between local and remote systems — and always internet-accessible.
Now consider a team responsible for multiple cloud environments.
- Not only do they have to navigate the dozens of AWS services available, but;
- they also need to become experts in Azure Security Center or Google Cloud security services.
- The complexity of the task grows exponentially as cloud vendors are introduced.
As organizations move to multiple cloud providers, the multi-cloud misconfiguration may become the next source of cloud vulnerabilities and attack surfaces.
Unfortunately, malicious actors realize the value of cloud-based targets and increasingly investigate them for exploits. Furthermore, despite cloud providers holding many security roles on behalf of clients — they do not manage everything. All that leaves even non-technical users with the duty to self-educate on cloud security.
The CISA's Cloud Security Technical Reference Architecture (CSTRA) was an excellent document for federal agencies and other "cloud-wannabe" organizations. In Cybersecurity, the CSTRA also compliments security goals like pushing Cloud Security Posture Management (CSPM) and Zero Trust. In addition, this document is a starting point for further discussions for evangelizing cloud security best practices.
Zero-Trust Architecture Maturity Will Gain Momentum
Zero trust has gone mainstream, for a good reason. The collective rise in advanced attacks, cloud adoption, and remote work had companies learn that they urgently needed to revamp their digital security postures. Organizations can't physically control every device their employees use anymore.
Zero Trust is a security mindset centered on the idea that organizations should not automatically trust anything inside or outside their perimeters and, alternatively, must verify anything and everything trying to connect before granting access.
A zero trust architecture (ZTA) is an enterprise's cybersecurity strategy that involves zero trust concepts and embraces component relationships, workflow planning, and access policies. Among the helpful resources available to security teams is the National Institute of Standards and Technology's (NIST) Zero Trust Architecture (ZTA).
The NIST document, SP800–207, describing the architecture covers:
- zero trust basics,
- logical components of ZTA,
- deployment scenarios/use cases, and
- threats associated with ZTA.
It also covers possible interactions with existing federal guidance and migrating to ZTA.
The non-profit IDSA has also published the vendor-neutral Identity Defined Security Framework, collaboratively developed by 30+ identity and security vendors, solution providers, and customer advisory board members. The framework consists of identity security best practices and outcomes and direct mapping to the NIST zero trust architecture, providing an additional identity security focus.
Another resource is the Department of Defense (DoD) Zero Trust Reference Architecture, prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. The reference architecture describes standards and capabilities, and DoD noted that the architecture would evolve as zero trust requirements, technology, and best practices develop and mature.
By utilizing available resources and deploying best practices, organizations can build and maintain a zero-trust cybersecurity program to help protect against growing threats in this distributed environment. In 2022 we should see continuous progress made in this trend across sectors.
Conclusion — Be Prepared
The cybersecurity sector is faced with considerable challenges in the coming years — as cybercrime and especially state-sponsored threats are increasingly targeting the most vulnerable part of both the public and private sectors. Unfortunately, even some of the best-defended infrastructures suffered breaches last year, showing that there is always a long way to go in all things related to cyber fortification.
The good news is that the stakes have undoubtedly driven public opinions and governments in the proper direction. As a result, most entities will benefit from accelerated programs to implement, enforce, or review security best practices next year.
Lastly, organizations are also eager to adopt bespoke cybersecurity solutions and frameworks, such as Zero Trust, better to address the complexities of tomorrow's cyber supply chains.
Will 2022 be a peaceful year for cyberattacks, or will these new attack surfaces become a critical threat? The future will show, but organizations should not wait and prepare for eventualities.
Thank you for reading. May InfoSec be with you🖖.
Also Published Here