Cybersecurity in 2022: Preparing for the Unexpected 

The clearest path to success involves preparing in advance for any possible situation and having contingencies in place for the unexpected. If there’s any area putting proof to the pudding for businesses regarding this statement, it’s in cybersecurity. Time and again we’ve seen examples of grand scale cyberattacks with far reaching consequences in the last few years. Rest assured, the incidents we aren’t hearing about are from the entities who were better prepared.

“…Running tabletop exercises of ransomware attacks provides a deeper understanding of organizational and technical preparedness. This allows organizations an opportunity to create an improved incident response plan that will build confidence in preparedness and in-the-moment decision making,” advised Yaniv Vardi, CEO of an industrial cybersecurity company called Claroty. This statement followed a report revealing that 80% of businesses surveyed had been victim of a ransomware attack and 60% of those had paid the ransom.

In response to the many high-profile attacks of 2021, businesses are finally dedicating sufficient time and resources to basic cyber hygiene and preparedness. An excerpt taken from FortiGuard Labs “Cyberthreat Predictions for 2022: An Annual Perspective,” explains:

Many of tomorrow’s threats are simply extensions of those we experience today. They tend to be faster, harder to detect, more malicious, or combine existing threats in new combinations. Even new zero-day threats have one thing in common: They all want to get your network or devices to do something you do not want them to do... Once we understand that, we can implement security strategies designed to baseline normal operations and detect and intervene when something unexpected happens.

 Let’s go over some of the most prominent cyberattacks of 2021, predictions for 2022, and some steps you can start working on today to help you prepare your business for whatever might come.

2021: The Year of Impact

Ask any historian and they will tell you, there is much to be learned from the past. The same holds true for cybersecurity, and 2021 was a year full of hard lessons. Here are some of the most impactful breaches of the past year and what we can learn from them:

#1. Log4j
The year went out with a bang when the Log4j vulnerability was discovered, impacting a host of enterprise, IT, OT, SaaS, and cloud services and providers. The flaw is easy to take advantage of for hackers who want to take remote control of a device or even an entire infrastructure. They could also execute denial-of-service attacks, plant Trojans or ransomware, and/or steal data. Some businesses are still reeling from the effects.

#2. Ransomware at Colonial Pipeline
The May 2021 ransomware attack at Colonial Pipeline made headlines everywhere due to the large-scale effect it had on the general population. The attack came from Darkside, a Russian based hacker group, and caused the shutdown of the entire 5,500 miles of pipeline. This led to major gas shortages along the East Coast, affecting citizen drivers up to airlines, and gained the bipartisan support of the government and President Biden for stronger cybersecurity measures. An executive order was issued shortly thereafter and President Biden issued a State of Emergency. The FBI, Cybersecurity and Infrastructure Security Agency, U.S. Department of Energy, and Department of Homeland Security all got involved.

#3. Microsoft Flaws
From Exchange Server emergencies to Print Spooler vulnerabilities, Microsoft instigated multiple patching frenzies throughout 2021. A threat group called Hafnium from China, along with several other lesser-known threat groups, had been targeting various flaws in Microsoft technology for weeks prior to discovery. Some security experts determined Microsoft was too slow to respond to these various incidents. Between the multiple vulnerabilities, attackers were given a huge surface to work in (nearly every Windows system in existence) to gain unauthenticated remote access and to execute malicious code.

Cyberthreat Predictions for 2022: An Annual Perspective from Fortinet

Cybersecurity is harder than it sounds. This whitepaper from Fortinet and  FortiGuard Labs explains the threat landscape for 2022 and offers some advice on how to prepare.

The Hard Lessons

These were but a few of the many large scale and well-publicized cyberattacks in 2021. Businesses of all sizes and types – from small family businesses to giant grocery companies, from utility services to healthcare – were attacked on unprecedented levels during the past year. For the first time, community life was being affected and changed on massive levels due to digital attacks on supporting businesses and infrastructure.

The trend shows that not only are the frequency and intensity of these attacks escalating, but so too are the list of vulnerabilities. This presents challenges that can seem difficult to keep up with; but in reality, many of these cases present a lesson about the importance of proper cyber hygiene.

For instance, the Log4j vulnerability demonstrates the need for better maintenance on open-source technologies and how important it is to exercise caution when choosing to build with an open-source framework or library. A detailed and accurate SBOM (Software Bill of Materials) in the development process is paramount. Many services weren’t even certain whether they would be affected by the Log4j exploit. They had to do discovery to learn if the technology had been used in their dependencies. Furthermore, third-party dependencies represent major security risks and zero-day exploits need to be prepared for as if they will happen, not as if they might happen or not at all. Building a thorough process for vulnerability assessment and mitigation is imperative to any business or service today.

The Colonial Pipeline incident happened simply because of unsafe password practices. The hard lesson here is that common knowledge about digital security can often be taken for granted. Employers need to do their due diligence to ensure security policies are being adhered to by everyone in the company, always. Attendance at safe digital practice seminars should be required and conducted on repeat, as an example.

The Microsoft incidents teach us about the importance of patching and quick response, yes. But the situation also represents the weaknesses in relying solely on a Big Tech company with clout for security updates. Microsoft continues to be a source of vulnerability, and multiple patches were released as incomplete, leaving the attack surface wide open. Businesses need to bear the responsibility of security through a combination of testing, preparation, and defensive measures. Training employees, simulating attacks, building effective defensive and responsive plans, and reviewing and updating all the above continually is essential.

Cybersecurity Predictions for 2022

Cybercriminals show no signs of slowing down. As our daily lives and work increasingly integrate with technology, cybercrime is only going to get stronger, smarter, and have farther reaching consequences. The aforementioned examples are excellent proof that it’s the little things that lead to major incidents in the digital security world. Knowing what to prepare for in advance can help to tie up those loose edges and take a strong stance against the risk:

Believe it or not, there are cybercrime companies set up on the dark web to sell ransomware, malware, and other cybercrime technologies as a service to the highest bidders. Expect to see this trend continue and protect yourself against phishing schemes, spoofing, botnets, data breaches, as well as your typical trojans and malware. Bad actors will include adversarial governments, political actors and anarchists, and those seeking a big payout (ransomware). This puts government, utilities, healthcare, transportation, and other critical businesses and services at increased risk.

Linux is Vulnerable Too
Historically, the hacker community has mostly ignored Linux, but this is starting to change. For instance, Vermillion Strike can target and remote access Linux systems in stealth, as to not be detected. A vast majority of back-end systems and networks are still Linux based. Also, Windows 11 has Linux integrations. It’s imperative to consider this in your security measures. Protect for every operating system and platform in use, even if it didn’t seem necessary before.

Microsoft Flaws, Still
As mentioned previously, Microsoft vulnerabilities continue to be an issue and will be for the foreseeable future. Patching and maintenance is imperative, but don’t allow that to be your only line of defense. A thorough and robust security plan outside of the realm of Microsoft is critical to your defense, as are consistent testing, logging, and recalibrating accordingly.

Satellite, Headlines Read
Satellites are filling the skies, with everyone from Elon Musk to Amazon jumping on the bandwagon. It stands to reason that hackers will soon follow, opening up a whole new attack surface that many may not have considered. ICARUS, for example, is a proof-of-concept DDoS that can use satellites to attack from various locations. Targets of this new form of cybercrime will include companies relying on satellite-based connectivity to operate, deliver connectivity to remote locations, or provide services to customers on the move, such as the transportation sector.

Crypto Crime
Cryptocurrency and digital transactions have been targets for digital thieves from the start. But as crypto gains in popularity with Web3, NFTs, the Metaverse, and digital banking moving to mainstream, current security technologies like encryption and multi-factor authentication won’t be enough. Digital wallets are already being targeted at scale with fake gift card generators, fake cryptocurrency apps, fake digital wallets, and trojans like ElectroRAT. Increasing cybersecurity awareness and training, implementing stricter security policies, and utilizing security tools outside of the basic encryption technologies are going to be more important than ever.

Remote and Hybrid Threats
Remote and hybrid work has become the new normal for many businesses, especially those which already rely heavily on technology. This presents a brand-new challenge for security, however convenient it might seem to work from home. Employees are now moving away from secure company infrastructure into home network environments, and they might not have the IT credentials or the outside knowledge to secure their environment effectively. It’s a huge vulnerability that might not have existed before. Supplying employees with secure technology and devices, monitoring and logging network activities and credentials, testing home and company networks, training for digital safety, and utilizing security software and insurance is not optional anymore, if it ever was.

8 Steps to Secure Your Business in 2022

We’ve talked about recent digital security past. We’ve talked about what’s coming for 2022. Now let’s talk about the present, what steps can you start taking right now to prepare and secure your business? 

  1. Unified Security Products: Modern security defense requires a comprehensive approach, with integrated software and devices designed to interoperate as a unified solution in all locations where you do business. This leads to the next point:
  2. Encompassing Protection: You need to protect every user, every device that accesses company resources, and every application in company use, including remote or on the move work. Follow and protect every data point and every transaction end to end.
  3. Strong Policies: Ensure that security policies are enforced and followed at all times by everyone, everywhere they go, including outside of work. Conduct digital safety training as a requirement for all employees on a repeated and frequent basis. Remember, the Colonial Pipeline incident happened because an employee used a company password outside of work for an unrelated and unsecured account. It’s the little things that slip by that will get you.
  4. Patch and Update: Keep your software current with the latest patches and releases as soon as they are available. This includes mobile devices, servers, and any device accessing company infrastructure, even if it seems irrelevant.
  5. Strong Filters: Take a security-first approach to bringing on any new software or devices. Research them thoroughly: how often are they updated? How strong are their security features? How many other dependencies will they bring with them and what are those dependencies? How thorough is their SBOM? Protect your network and any endpoints before onboarding, log the details of the process, and keep a record of the SBOM on hand.
  6. Behavioral Analytics: Preparing for, discovering, and blocking attacks in the early stages through behavioral analytics can significantly increase your chance of stopping a threat before it does too much damage or spreads through your entire system. It might even detect an issue before the damage starts. Monitoring your systems, building a threat aware environment, and probing for strange activity constantly will do wonders for your attack prevention.
  7. Real-time Protection: Your security toolset needs to be robust with machine learning, use of threat feeds and attack profiles, real-time capabilities, 24x7 monitoring, security insurance, and ability to detect and protect against both known and unknown threat factors.
  8. Scalability: Your security protocols and toolset need to be able to grow with your business, keeping you secure through every stage of your company evolution. Experiencing a security breach because you expanded your offerings or opened a new location could be the end to your business growth cycle. The ability to protect every endpoint, even through a stage of expansion, is imperative to your data security and digital safety.

The cybersecurity space has become a giant. While it’s impossible to cover everything that might affect your business and digital security in 2022, this information will give you a good jumping off point. For more information, to get answers to questions, or to get an assessment of your business you can contact us here or call us at (888) 973-3737.