2021 was a banner year for cyber attacks. Compared to 2020, last year saw a 50% increase in attacks per week on corporate networks, even as the total cost of managing a cyber attack rose by 10%, according to IBM’s Cost of a Data Breach Report 2021. Add in the ongoing shift to hybrid work at scale and of course, there would be concern about the cyber resilience landscape in 2022.
It begs the question: is the new year destined to see the same risks causing even bigger problems for enterprises? That’s one option, but, thankfully, it’s not the only one. With the right approach, businesses can take proactive steps to reduce their total risk.
Facing Familiar Cyber Resilience Frustrations
Phishing. Ransomware. Business email compromise. The attacks aren’t new, but they’re certainly persistent. Consider phishing, which reached an all-time high in Q3 2021. Despite ongoing efforts to keep users off the hook, phishing attacks continue to wreak havoc on corporate systems.
The move to remote connections, meanwhile, also allowed ransomware to flourish, with each month in 2021 outpacing its 2020 counterpart for the total number of attacks. What’s more, compromises such as the Colonial Pipeline make it clear that even critical infrastructure isn’t safe from potential compromise.
For many enterprises, the result is a kind of defensive deja vu. Familiar frustrations continue to flourish even as the monetary and operational risks of data breaches continue to rise. And while it’s impossible to get rid of every attack vector, there are ways to limit the chance of compromise.
Here are six resolutions that can help boost cyber resilience for a safer 2022.
Make Employees a Priority
Staff plays a critical role in effective cyber resilience. Knowledgeable employees can help spot potential attacks and stop them in their tracks. However, they can also make matters worse by mistake.
Consider that more than 50% of employees want to work from home “all or most of the time” even after pandemic pressures subside. This creates a challenge. While remote work is at least as (if not more) efficient than its in-office counterpart, at-a-distance operations increase the risk of attacks that may go unnoticed and unreported until it’s too late.
As a result, employee education and training are essential to boost baseline cyber resilience. In practice, this means setting up a regular schedule that sees staff trained both in groups and as individuals to recognize, respond to and report suspicious behavior.
Take a Hard Look at Current Networks
The speed of many remote work transitions had left enterprise networks held together with digital duct tape and good luck. Everything works, but for how long?
As a holdover from the initial push of pandemic response, it’s easy to pass over these network configurations in favor of more obvious threats. Consider the widespread use of virtual private networks (VPNs) a stopgap-turned-standard to manage remote connections. While VPNs offer some measure of protection, they also present the dual problem of massively increased attack surfaces combined with overall performance degradation as more high-bandwidth connective and collaborative services are delivered over VPNs.
Although it’s a daunting task to consider moving away from VPNs to more robust security frameworks such as zero trust, taking a hard look at current networks is critical to help spot potential issues before attackers exploit them.
Break Systems to Boost Cyber Resilience
Speaking of less-than-ideal systems, 2022 is a great time to start breaking them to see what happens. Why? Because if IT teams don’t, attackers will. Look at Log4j attacks, which continue to evolve as new vulnerabilities are discovered. Rather than waiting for malicious actors to do the work, it’s worth breaking what you have to see where fixes make sense.
If you have the staff in-house, red team exercises can help pinpoint potential problems. If not — or if you’re looking for an outside viewpoint — professional penetration testing can help shed light on issues that might otherwise hide in plain sight.
By finding out exactly what happens when systems are under attack, enterprises can rebuild better solutions capable of addressing these concerns.
Forsake Low-Value Frameworks
Not every security tool and technology offers equal value.
Consider legacy solutions such as static firewalls and authentication frameworks that rely on single knowledge factors or insecure SMS codes. While these systems provide ease of use, this benefit extends to users and attackers alike. Poorly-chosen passwords can be easily guessed, while SMS codes can be caught en route to users.
Solutions such as next-generation firewalls can help. These are capable of moving past port and protocol inspection to offer deep-packet analysis and application-level evaluation. The adoption of multifactor authentication (MFA) frameworks, meanwhile, can help protect both local and remote office endpoints.
Retake Control of Your Cyber Resilience Narrative
The teamwork nature of threat efforts — from as-a-service malware tools to dark web markets that include ‘customer service’ for would-be threat buyers — often puts them ahead of the curve. The result? Reactivity becomes the cornerstone of infosec. In turn, that puts teams on their back foot when it comes to handling cyber threats.
In 2022, companies can take control by rewriting infosec narratives with a proactive approach to cyber resilience. This starts with prevention. Every attack found and removed before it reaches corporate networks means less work for IT teams and less risk for enterprises. Automation also plays a critical role. By deploying solutions capable of containing and analyzing detected threats by themselves, businesses can gain critical insight into attacker efforts.
Last but not least, examine your approach to incident response (IR). While the ‘response’ aspect of IR is reactive, the narrative surrounding it doesn’t have to be. By shifting the focus from one of inevitability around systems being compromised to one of opportunity — that attacks afford the benefit of incident insight — teams can rewrite their security story.
Shake Up the Status Quo
If it’s not broken, don’t fix it.
While this is great advice for day-to-day, it applies less to cyber resilience. Attackers are betting on the elements of stealth and surprise to obfuscate their efforts. As a result, it’s worth shaking up the security status quo by exploring new tools and technologies such as AI-driven, automated endpoint defense and advanced threat hunting solutions capable of taking the fight to attackers, rather than waiting for them to come to you.
New Year, New You
Don’t let cyber resilience in 2022 stay static. Instead, adopt resilience resolutions that focus on pinpointing potential problems, leaving low-value frameworks behind and creating value with new security narratives.
The post New Year, Same Risks? Six Cyber Resilience Resolutions for a Safer 2022 appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Douglas Bonderud