The profile of enterprise cybersecurity has never been higher. Some of the most conspicuous trends revolve around ransomware, security-as-a-service and zero trust.
Ransomware attacks are very much on the rise. The European Union Agency for Cybersecurity noted a 150 percent rise in ransomware in 2021 and expects that trend to continue in 2022. High-profile victims have included Colonial Pipeline, UKG (Kronos), JBS, Kaseya and SolarWinds. Even bigger names are likely to be on this year's ransomware honors list.
Why? Due to the millions in ransom payments rolling in, cybercriminal groups like DarkSide, REvil and BlackMatter are reinvesting the funds to become more organized. Security firm Kela discovered, for example, that cybercriminals have been using analytics to determine the profile of the ideal U.S. victim. Hackers are particularly interested in companies with at least $100 million in revenue and that are using virtual private networks, remote desktop protocols or tools from Citrix, Palo Alto Networks, VMware, Fortinet and Cisco. They shy away from organizations in education, government, health care or the nonprofit sector. Presumably, these verticals either refuse to be held to ransom, don't have the budget to pay or can cause a backlash against the hacking group (such as patients being endangered in hospitals due to systems being shut down).
To make matters worse, the criminals have gotten greedier. They not only want money, but also threaten reputations by exposing attacks, blackmailing companies with the threat of exposing corporate or personal dirty laundry, and selling intellectual property to competitors.
"Ransomware is not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities," said Kevin Breen, director of cyber threat research at Immersive Labs in Bristol, England. "The attackers will always have the first-move advantage."
Thus, organizations must be better prepared when it comes to ransomware prevention, mitigation and overall response. Modern incident response tools are a good place to start, as well as bringing all patches up-to-date and training personnel to avoid clicking on phishing e-mails.
Security-as-a-Service Brings Much-Needed Help
The complexity of modern computing environments coupled with the threat posed by ransomware and malware has caused many companies to realize they need help. Instead of relying on their own security tools, they are increasingly looking to the cloud for security-as-a-service solutions. These solutions often are provided by a managed services provider (MSP) or managed security services provider (MSSP).
"An MSP can often offer a larger team of technology experts with broader and diverse and perhaps even more up-to-date product and process knowledge," said Don Boxley, CEO and co-founder of DH2i, a data security firm in Fort Collins, Colo.
Equity Methods, a provider of valuation, financial reporting and human resource advisory services, makes a sharp distinction between what technologies it operates internally and what it offloads to its MSP adryTech. The company's MSP delivers a broad range of services, including security services such as e-mail protection, content shielding and Web application firewall.
"Making sure phishing and spear phishing attempts are stopped before they make it into our inboxes is very important, especially as attackers are becoming increasingly sophisticated," said Paul Leisey, chief information officer at Equity Methods. "For the cost of one IT generalist, we get the services of a security expert, an OS admin, a virtualization admin, a network admin; project-based work; ad hoc troubleshooting; and day-to-day monitoring from adryTech."
Zero Trust Helps Thwart Cyberintruders
Traditional cybersecurity practices involve what could be characterized as a "castle and moat" model. Threats are kept out by safeguarding the perimeter of the network. The problem with this approach is that it assumes any user with the right access credentials is legitimate and can be trusted to move freely through the system. This is part of the reason why phishing and ransomware wreak so much havoc. Organizations can erect many security defenses, but one gullible user clicking on a malicious link or attachment enables cybercriminals to compromise systems.
The zero-trust model restricts network access to only those individuals who need it. By relying on contextual awareness, access is granted to authorized users using patterns based on identity, time and device posture. No user or device is given default access. Everyone must pass security protocols such as access control steps and user identity verification. Authenticator apps and codes sent to a smartphone are some of the ways zero trust is being implemented.
"2022 will be the year of zero trust, where organizations verify everything versus trusting it's safe," said Eric O'Neill, national security strategist at VMware. "We've seen the Biden administration mandate a zero-trust approach for federal agencies, and this will influence other industries to adopt a similar mindset with the assumption that they will eventually be breached. A zero-trust approach will be a key element to fending off attacks in 2022."
Drew Robb is a freelance writer in Clearwater, Fla., specializing in IT and business.