The cybersecurity industry saw some key trends emerge from defenders and attackers in 2021. The defense trends were, in almost all cases, a direct result of the threat trend — these defense trends were reactive, and for many, it was too late.
Key lessons from 2021
One of the growing threat trends we have seen over the last year is targeting Managed Services Providers (MSP) and Cloud Services Providers (CSP). This targeting allows an attacker to have a significant impact per attack as it can span numerous victims. MSP and CSP have value but also risk. Running on someone’s infrastructure means you lost control of how and if that infrastructure is protected.
In response to this trend, defense trending is growing in attack surface awareness, commonly referred to as Digital Footprinting. We see a slow yet growing understanding of this need. As users of MSP and CSP now have a greater need to understand their entire attack surface, not just what is left in-house.
It’s no surprise that ransomware is still the leading threat trend. As the value of crypto rises, the greater the incentive for cybercriminals. Every time a victim pays, it guarantees further attacks against others and, in many cases, repeated attacks upon themselves. In almost all cases of ransomware that we have investigated, unpatched remotely managed or cloud-hosted systems were the initial point of access. These systems loop back to the defense trend of attack surface awareness.
The UAE threat landscape
In the UAE, we saw MSPs being targeted, as also the supply chain within the medical industries on several occasions. There was no vulnerability management in these cases, nor were there real-time monitoring and response services within the targeted sectors. Organisations in the UAE need to start understanding that basic cyber hygiene is core to any protection.
The world’s most fantastic AI threat prevention solution cannot save you if you leave the front door wide open with a welcome mat out and no one to check the IDs of the people walking or out of that door. The same is true for MSPs — they need to take the security of their infrastructure as a critical service, offering complete vulnerability management and real-time monitoring and response within their managed infrastructure.
Bracing for hybrid work
The evident concern is corporate assets operating outside of the controlled environment — this needs to be handled in a draconic manner. The best way to manage these devices is with combinations of application and access controls. It is deploying connection-aware host-based firewalls, remote gateway proxies, and MFA VPN solutions.
On top of this level of access control, other requirements are software inventory management, agent-based policy auditing, vulnerability management, and fully managed anti-malware, host intrusion detection/ prevention system, all with reporting to real-time monitoring and response. In a more straightforward statement, the more visibility, the greater the ability to protect, detect and respond.
Coming up in 2022
Attack Surface Management is an important area. We are predicting growth in this area, which supports the concepts of predictive defense. Once you understand your attack surface, you can create a threat landscape and threat profiles linked to cyber threat intelligence services with Priority Intelligence Requirements (PIRs) and Organization Specific Intelligence Requirements (OSIRs).
These allow an organisation to shift from a reaction-based defense (right of boom) to a proactive-based defense (left of boom). The growth of proactive-based defense is an area where we push into 2022 and hope others will too.
Discussion about this post