This article originally appeared in the June issue of IT Pro 20/20, which is available here. To subscribe to receive every new issue in your inbox, click here.
The cyber security threat landscape is changing rapidly and it is a struggle for most organizations to keep up with the latest trends, each one designed to compromise its operations.
As described in Sophos’ 20-year retrospective, we moved from worms in the early 2000s to botnets and cyber weapons like Stuxnet in the period up to 2012 and are now facing a huge increase in ransomware as a service – sponsored – alongside the nation state Attacks, Organized Crime, Hacktivists, and Angry Insiders or Angry Customers.
This constantly changing horizon forced the National Cyber ââSecurity Center (NCSC) – part of the GCHQ – to update its 10 Steps to the Cyber ââSecurity Guideline in May. The publication helps FTSE 350 companies and others understand and deal with the challenges ahead.
This updated version included details on the growth of cloud services and the shift to home work due to the pandemic, as well as an acknowledgment of how the face of ransomware is changing and becoming more severe.
According to Zscaler’s ThreatLabZ report, ransomware was named the third most common and second most harmful type of malware attack in 2020. It’s also estimated that ransomware accounted for 27% of the attacks for a total of $ 1.4 billion in ransom demands, and an average of $ 1.45 million to fix one incident.
The recent extortion of the Colonial Pipeline in the United States is just one example of this, with Colonial Pipeline CEO Joseph Blount confirming that it paid a ransom of $ 4.4 million (Â£ 3.1 million).
Sarah Lyons, NCSC’s Assistant Director of Economy and Society, said: “Our 10 steps to cybersecurity have been and are a fundamental guide for network defenders, and this update shows our commitment to securing the UK economy.
“Following our advice will reduce the likelihood of incidents but also minimize the impact if they get through.”
Take security seriously
In the early 2010s, cybersecurity wasn’t a clear priority, whether due to a lack of understanding of the complexities involved or a complacent belief that “wouldn’t happen to us”. But with the threats, attitudes in the boardroom have evolved too.
Robert Hannigan, chairman of US cybersecurity services company BlueVoyant International and former director of GCHQ, told IT Pro: âIn 2012 it was relatively difficult for us to get boardrooms to take cyber risk seriously; it was usually seen as a problem for the IT department: today there are no CEOs of large companies who do not see cyberattacks as a major threat to their business.
âCybercrime business models have become more sophisticated and some nation states have become more reckless, which is a toxic combination. Unfortunately, what hasn’t changed is that many companies are still not taking the basic steps [NCSCâs] The 10-step document should show that most cyber risks can be reduced if the basics are done right. “
Hannigan adds that while financial services were often the only focus of cybercriminals in 2012, today every sector and industry is being targeted.
“Criminals will pursue anyone who can pay, and they know that less protected sectors or extended supply chains are easy to pick,” he says.
Nine qualities you need to succeed as a cybersecurity leader
What are the characteristics and certifications that make a successful cyber security leader?
With critical infrastructure protection becoming far more important in terms of cybersecurity, the EU is currently developing legislation that will focus on this. John Smith, manager and solutions architect at Veracode, said, âThe attack on the Colonial Pipeline is a strong reminder of why this bill was tabled.
âIt opens the eyes of many to how software is at the heart of our global infrastructure today and why it is so important that all aspects of critical infrastructures – like energy and electricity – run on software that is inherently secure. “
This is also being turned into reality because, according to Netscout, there is now the specter of a “triple blackmail attack” that combines file encryption, data theft and DDoS attacks.
Netscout cybersecurity technologist Philippe Alcoy explains, “The nature of these multi-pronged attacks shows that if the targeted organizations pay the ransom immediately, the attack threat won’t simply go away.”
Man versus machine
Human error is often cited as the reason why so many cyberattacks are successful, with weak passwords, clicking on a phishing link, or a lack of awareness to break through countermeasures.
But machines are now the bigger concern, say many experts, citing vulnerabilities like API security. Imperva Research Labs found that nearly 50% of data breaches start in the web application layer, while in 2020 it discovered that API vulnerabilities increased by more than 5% compared to 2018.
“While the number of people in the world remains fairly constant, the number of machines is skyrocketing,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “This expands the attack surface as more and more hackers start to abuse machines.” Identities – as in a number of high-profile attacks in recent years, such as B. SolarWinds.
âNot surprisingly, Gartner has identified machine identity protection as one of the top security and risk trends of 2021,â he added. âIn the wrong hands, machine identities can allow attackers to hide malicious activity and steal sensitive data. Machine communications, which is expected to account for more than half of all global connections in the next two years, IT leaders must act now to ensure that machine identities are protected and efficiently managed. “
However, while larger corporations may have the talent, investment, and knowledge to combat cyber threats, smaller private and public sector organizations such as schools, communities, and hospitals are increasingly becoming the focus of attention. of the cybersecurity storm.
This is especially true for digital transformation and moving to the cloud, with attacks often being based on stolen or compromised credentials. Netskope’s latest Cloud Threat Report found that 61% of malware – including ransomware – is now being delivered from the cloud.
And borrowing from those days in the early 2010s, Redscan CTO Mark Nicholls believes that many smaller companies in both the private and public sectors appear to be ignorant of the potential risks or to deny the problems they are facing.
“A lot of companies think they’re too small to be attacked in hopes of ending up under the radar,” says Nicholls, who are probably the hardest hit. “
He added, âFor small businesses, sourcing resources is a clear concern, and it is true that there is a very real poverty line for cybersecurity. However, if they are anchored in the company culture, it is possible to find ways to strengthen cybersecurity without having to spend thousands. “
Prepare for AI-powered cyber attacks
Insights into the MIT technology exam
Analysis of cloud storage performance
Storage performance and value of the IONOS Cloud Compute Engine
The Forrester Wave: Top platforms for security analytics
The 11 most important providers and how they perform
Use data to reinvent your organization
Create a data strategy for the next wave of cloud innovation