Cybercriminals represent one of the most pervasive threats to enterprises and critical infrastructure. State-sponsored cyber threat actors have the most sophisticated capabilities and are probing systems and critical infrastructure that are least able to endure operating interruptions. The 2021 cyber threat landscape saw an influx of attacks directed at government organizations, research agencies, and other enterprises with valuable information related to the COVID-19 vaccines, such as treatment research and QR codes/proof of vaccination.
How To Address the Changing Cybersecurity Threat Landscape
An important thing to layer into the conversation of the changing cybersecurity threat landscape is this whole idea of a hybrid workforce and how it’s not going away. What may have seemed a little simpler with four walls and everything happening in house, it’s a new game. As the cybersecurity threat landscape continues to become more complex and constant, your security posture becomes more and more important to conducting business and has become a rule to play.
Cybersecurity is now an obligation across the entire organization. It’s no longer just the IT team that needs to be concerned, it’s more of an organizational issue that everyone has to deal with.
Vulnerabilities from the Hybrid Workforce
Cyber threat actors are identifying individuals working at home and exploiting technologies deployed in support of a remote workforce, such as VPNs and video conferencing software. There are several contributors to the significant vulnerabilities introduced during the rapid shift to hybrid work. Members of staff switched to using personal unsecured devices, remote worksites were quickly deployed using default configurations and unpatched applications, increased use of vulnerable VPNs, remote desktop services, and cloud services, as well as the adoption of relatively untested applications (i.e. Zoom).
What can organizations and their employees do about this? Make sure you are using corporate devices on a secure network (never work on public Wi-Fi). Make sure devices are updated regularly when system administrators are asking you to. Oftentimes people think updates are just for new features, and that is the case, but they usually also include security patches.
Recent Cybersecurity Trends
- Website Defacements: Up 8% and primarily impacted small and medium sized enterprises.
- Phishing: Unique phishing URLs, with a larger number of malicious links being associated with WhatsApp is up 56%.
- Ransomware: Reports of ransomware cases increased 17%. Small and medium enterprises from the manufacturing and IT industries were affected the most.
- Botnet Drones: The number of botnet drones observed daily on unique and locally hosted C&C servers rose 146%.
There’s been a clear increase in ransom payments over the last two years. There was a 20% increase in ransomware payments in 2020 compared to 2019 and a 200% increase in the ransom amount demanded.
One of the reasons that ransomware is growing is because it’s really become a full-service business. With cyber threat actors now selling their services and skills and tools, such as providing ransomware as a service, you no longer need the technical expertise to be a cybercriminal. Basically, you can purchase a ransomware kit on the Dark Web and these services really require little technical knowledge to deploy. This gives less skilled threat actors the tools to conduct their own cyberattack, lowering the barrier to entry and making it much more difficult to attribute threat actors to cybercrime groups.
One of the most successful means for threat actors to get on to your network is by using social engineering tactics, such as phishing. Be weary of emails or text messages with urgent or threatening language, requests of sensitive information, anything too good to be true, unexpected emails, information mismatches, suspicious attachments, and unprofessional design. It’s important to train your staff to not click on promotional links and beware of look-alike domains, but all it takes is one click and then you have malware deployed on your network. Investing in a tech stack to expand your security posture is critical.
Consequences of Cyber Attacks
There are a lot of consequences to cyber attacks and that is why it’s critical that organizations maintain their cyber posture. Cyber threats like data breaches are more common and have broader impacts, but there is an ongoing emerging risk of other cyber threat activity. For example, Internet-connected IoT devices are increasingly common and are potentially vulnerable to cyber threat actors who can target these devices, degrade or disrupt their performance, and then get on to the network and move laterally. Common consequences of cyber attacks include:
- Safety: malfunctioning IoT devices
- Ethical: privacy breaches
- Legal: civil action, lawsuits, regulatory investigations
- Operational: service interruptions
- Financial: expenses for investigation, remediation, settlement costs
- Reputational: loss of public trust due to misinformation
- Loss of IP: stolen research data or tampering
The Role of Your Organization
The first thing to do is to understand and prioritize critical assets. If you don’t understand what your network even looks like or what you have from an asset perspective, what’s exposed, what’s not, then there are a lot of assumptions made. You may feel you’re in good shape but you have gaping holes. If you don’t have a baseline it’s hard to build the steps to deal with security. Once you know what your critical assets are, you can test and build from there and begin to do more to help your organization become cyber secure.
- Develop an incident response plan for critical assets
- Use strong user authentication on critical systems
- Automatically patch critical operating systems and applications
- Back up and encrypt critical data
- Training and awarenes
- Install security tools (IDS, AV, Firewall)
- Use trusted software and applications
The Role of Media Sonar
When you talk about IoT, hybrid workforce, etc – the whole human factor and its relationship with the Internet is a security and threat vector to appreciate. It doesn’t fit into the traditional cybersecurity threat landscape that many people think about, but it’s an emerging vector that organizations need to comprehend when they’re building out their policies. It’s a company-wide concern now and you have to look at your people in almost the same way you look at the whole asset concept in cybersecurity management.
This may seem super daunting, but there are managed service providers (MSPs) and platforms like Media Sonar to cover that vector off related to an organization’s relationship with the Internet and the vulnerabilities in that attack surface. Our platform is focused on looking at the Internet as a threat vector. The Internet isn’t like normal communication – it’s unstructured so there’s a lot of risk, complexity, and if you’re doing it manually, costs to get something intelligent out of it from a risk and threat lens. Media Sonar equips organizations to be able to look at their assets, such as people, and build out queries and alerts related to risk categories to help organizations identify and investigate possible exposures and risks on the Internet.
At a minimum, it’s due diligence that really uncovers what an organization’s security posture is in terms of Internet exposure (social media, deep and dark web). It’s the nature of our world today. We focus on understanding Internet data as another extension of your attack surface and appreciating what vulnerabilities are there from a brand protection perspective.
Get Full On Demand Webinar Access
Cybersecurity threats aren’t going away. That’s a clear message. But, how is it also standing in my way of conducting business? Organizations must understand what they own and know their threat surface. Keep an accurate account of assets and access points and take the right steps to enhance your security posture.