As we pass the halfway point of 2022, it’s worth taking a look at the current trends which have been present within the cyber security world and what to look out for in the future. Being aware of trends allows organisations to plan for the future and put processes or defences in place before they’re required.
In no particular order, we begin with one of the more obvious ones. Since the Coronavirus pandemic, the trend of working patterns is shifting towards remote working, or at least hybrid working. The Office for National Statistics (ONS) reports an upward trend of remote working since 2021, with only 8% of workers interviewed saying they would return fully to office-based working.
Remote working naturally expands the potential attack surface of your organisation. You now have to take into account unknown home networks or public wireless hotspots, home routers and an unsecured working environment, among other items. Whereas an office building has physical security controls, such as a receptionist, key cards and other employees to name a few, these defences aren’t present at home.
Depending on how the corporate network is accessed (is it via a proxy, or a remote login such as Citrix?), this could result in additional login interfaces being required on your infrastructure, and these can’t be easily whitelisted. As a result, you may have less protection and peace of mind than an organisation that is fully office-based. It’s therefore important to ensure that corporate devices are properly secured and updated, and staff are made aware of the increased risks associated with home working.
We cannot write an article such as this without a nod to the ever present ransomware, which shows no signs of slowing down. The most high-profile attack of the year so far is arguably against the Costa Rica government at the end of May, which triggered the first cybercrime-based state of emergency after their national health service was hacked by the Conti group.
Other household names affected by ransomware attacks this year include Nvidia (microchips), Coca-Cola (drinks), Thales Group (aerospace), Toyota (cars) and KP Snacks (food). In fact, basically every industry has been impacted in some way by ransomware this year.
There’s also a trend of the average ransom demand increasing, with a 518% surge seen in 2021, so it’s certainly not a threat that should be ignored, regardless of your industry, with a company being hit every 11 seconds in 2021.
Supply chain attacks, also known as third-party attacks, are rising in popularity in the cyber security world. As businesses mature and harden their perimeter, train staff and generally improve, hackers are turning to easier targets that reside further down the chain which may not have as stringent security.
This then enables them to infiltrate the initial target company through other means and, depending on the relationship with the supplier, may result in elevated access to data straight away. This also may allow for multiple end companies to be exploited through the same supply chain company, for example if that company supplies software to multiple organisations.
Probably the most infamous example, which catapulted the category into the public eye, was the SolarWinds attack in 2020, whose ‘Orion’ system was used by a reported 33,000 customers, of which 18,000 were affected.
The prevalence of attacks shows no signs of abating, with the head of the Microsoft Security Response Center warning recently that organisations should expect more attacks. This prediction is a result of an increasing reliance of companies on third-party and open source software, which can provide opportunities for exploitation.
A recent illustration is the Log4j incident at the end of 2021, where a popular library widely used in a variety of software was exploited, proving an attractive target and laying bare the potential ramifications for organisations.
So what does this tell us? It isn’t all doom and gloom for sure. The same basics to securing your assets and networks still ring true today, and addressing the core problems faced by organisations can mitigate the impact of more modern attacks.
Firstly, you can’t secure what you don’t know. Ensure networks are mapped out, asset inventories are kept up to date and processes are in place to monitor and update on a regular basis. Ensure Multi-Factor Authentication (MFA) is enforced on administrative and remote logins and that passwords meet a strong minimum length and criteria. Regular software patching cycles are as important as ever, however there is now an additional layer whereby you need to ensure you know where the updates are coming from since you can no longer blindly trust the companies supplying those updates. This has become known as a Software Bill of Materials (SBOM), which allows you to quickly identify which software is using which packages, and allows you to respond quickly in the case of an incident.
For user accounts, ensure the principle of least privilege is invoked, providing the minimum level of access for staff to perform their roles effectively. That way, if one does get compromised, the amount of damage an attacker can do, and the data they can touch, is limited.
Here at Pentest People, we are actively keeping up to date with the latest cyber security trends to keep track of the ever evolving nature of cyber attacks. Get in touch today to secure your businesses systems.