Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks
With security incidents and breaches skyrocketing, the security industry is looking for value-based metrics that show return on investment. In 2022, threats will continue to rise and will include increased targeting of small to medium sized businesses that are important to the supply chain of larger enterprises. One way to accomplish this is by attacking the identities in the supply chain including mergers and acquisitions that have the least sophisticated security posture. Given past success, we can expect to see nation states continue to conduct aggressive attacks similar to the SolarWinds attacks of 2020.
To combat these threats, the security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile. Findings and security alerts should be qualified based on the impact on particular companies and not just tied to various industries. Attacks should be prioritized based upon the most impactful outcomes.
Threat Predictions for 2022
Cybercrime actors will continue to hammer small and medium size businesses “below the security poverty line” using common attack vectors including credentials found in the wild and used against open RDP ports exposed to the internet. Simple attacks like sending an HR representative a fake delivery invoice can give even an unsophisticated threat actor the ability to encrypt the entire network filesystem only to find the disaster recovery policies haven’t been updated in five years and the backup systems aren’t intact.
Larger enterprises will become more collaborative and influential in protecting small and medium sized businesses because they realize they are critical to the supply chain. This dynamic also applies to potential acquisition targets of larger enterprises. In fact, according to recent FBI statements, ransomware actors are prioritizing targets of acquisition because the likelihood of success is increased due to the presence of an acquirer that cannot risk a security incident on their watch during an acquisition process.
Even these simple types of cyber crime consume larger enterprises because their networks are more complex and when they acquire a smaller company, the smaller company does not have the same security posture as the parent. However, the parent has the same inherited legal risk on the first day their systems are connected post close.
The attacks we have seen in the past eighteen months are only the beginning. Microsoft recently publicized that the same Russian hackers who infiltrated IT management firm SolarWinds resulting in the compromise of nine federal agencies continue to target Microsoft’s government customers through their partner channel. These targets include managed service providers, IT implementation partners, professional services companies and even security companies. Further complicating security, we are likely to see advanced attacks against the code build of technology companies with large installed bases of clients. These targets will likely include asset management, endpoint security, and hyper converged cloud infrastructure solution providers.
Security Technology Predictions for 2022
Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks. While this is well known in the industry, security and IT teams’ continue to have an inability to prioritize and respond to the most relevant alerts and problems. The availability of metrics to justify increased security investment continue to be lacking.
Much of security technology continues to be under-engineered and over-marketed relative to threats that matter to most enterprises. In addition, many executives, employees and companies are targeted through routine social media and email scams. Platform technology companies are subjected to ongoing consumer account takeovers; fraudsters are reusing passwords to engage with employees following a phish to their work email, and disinformation is common on social media platforms and open and closed forums. In addition, ransomware actors continue to reuse credentials and exploit unpatched services.
For these threats to be addressed, the security industry must focus on threats that impact a company’s bottom line. Executives in customer-facing companies rarely understand security because the marketing efforts they see are geared towards nation state espionage efforts. In addition, customer-side security teams rarely understand the details of their company’s business and therefore, understanding the impact of security events on the corporate bottom line is challenging. To address this challenge:
1. Enterprise security teams must shift their focus to client-directed intelligence to address threats to systems, assets, people, and the business. The generic threat data sets and analysis currently used by many organizations will not adequately address the company-specific threats targeting a company and their unique attributes.
2. Following this risk-based approach a security team can build a security stack that incorporates proper escalation policies and procedures including:
a. Asset Inventory Technology Evolution: New technology will solve challenges of identifying and automating hundreds of thousands of assets across corporate, OT, IT, and production environments.
b. Threat Intelligence As a Managed Service: Threat intelligence feeds providing data and generic industry threats does not solve the problem of sophisticated, client-specific threats. Improvements in managed intelligence services will likely mature and be adopted to address the problems posed by inadequate resources and expertise.
c. XDR Will Continue to Supplant Less-Sophisticated EDR Offerings: To date, SIEMs and SOARs have not delivered on their promise, leaving security and risk managers struggling with disparate security tools and high alert volumes. XDR products will start to improve detection and response activity by centralizing security tools and using ML/AI to reduce false positives. It will likely require several years for enterprises to evolve.
d. Cloud Security and Compliance Will Become Easier: Secure cloud software automation will become more mainstream enabling less sophisticated users and analysts to architect, build, and manage multi-vendor cloud deployments (AWS, Azure, GCP).