Top 4 Security Priorities for Organizations in 2022
Throughout 2021, the world saw many novel and sophisticated cyberattacks that led to some of the most catastrophic disruptions and supply chain crises in history. The year started off with three global supply chain attacks caused by software vulnerabilities in SolarWinds Orion, Microsoft Exchange, and Accellion FTA, leading to compromised networks and data breaches in all types of organizations worldwide. These were soon followed by a new wave of intense cyber-physical attacks on critical energy and logistics infrastructure, including the widely reported Colonial Pipeline attack, as well as attacks on Australian power plants, South African trade ports, and Iranian gas stations, to name a few. Most of these operations were initiated by APTs and ransomware gangs, many of them backed by nation states.
Today’s chaotic cyberscene makes it one of the most challenging times for cybersecurity professionals. This is mainly due to the incredible speed of digital transformation observed worldwide, as organizations sense an indefinite end to the COVID-19 situation. Nevertheless, even though the trend of cybercrime and digital warfare is expected to continue throughout 2022, the silver lining is that organizations are now more serious than ever about cybersecurity. Many organizations are assigning CISOs to their boards and integrating cybersecurity into their strategic plans. By now, most of us understand that cybersecurity is not a luxury but a necessary operational expense that is crucial to business goals and revenue.
How should CISOs and cybersecurity managers prepare for a potentially more challenging 2022? Here are some priorities to consider.
Software Supplier Risk Management
Outsourcing work to third-party suppliers is no longer a practice unique to the manufacturing sector. Thanks to cloud computing, most organizations today – regardless of size, industry, and operating model – outsource parts of their work to third-party suppliers. Most of these suppliers happen to be software vendors offering services via the cloud, including accounting software, HR management platforms, marketing and sales solutions, storage services, and many more.
Hackers can exploit vulnerabilities in these software applications to gain unauthorized access to their users’ networks. Apart from well-known incidents like the SolarWinds Orion and Accellion FTA breaches, intrusions from third-party software happen very frequently. In the latest data breach at Florida’s hospital network Broward Health impacting 1.3 million patients, hackers gained access to the hospital system through a medical supplier.
In a software supply chain attack, the threat actor usually starts by gaining a users list of different applications and selects their target based on the downstream users. A wide variety of techniques can be used, from phishing and social engineering attacks to vulnerability exploitation. Software supplier risk must be managed actively at all layers.
To reduce software supplier risk, cybersecurity managers should be directly involved at the initial deployment of the product or service to ensure that all configurations are implemented correctly and access control measures are present. It is also important to conduct periodic assessments on the level of network access granted, the security measures in place, as well as software versions and updates. Such information should be tracked constantly so that in case a software compromise is reported, all entry points can be sealed off immediately.
Secure Endpoints for Remote Access
To many organizations, working from home is no longer a contingency plan but a new way of work. Despite having a distributed workforce, it is important to ensure that all work is being done on devices controlled and managed by the organization. Access to corporate accounts and sensitive data should not be granted to personal devices as they face greater security risks. Risks are particularly high when these devices are connected to public Wi-Fi networks at cafes and libraries.
To secure these endpoints, organizations should use a reliable VPN or remote access solution when sharing corporate files with remote devices. No device outside the enterprise network should be granted direct access to the corporate server. Still, a VPN only adds an extra layer of security. It is up to the remote workers to protect their passwords by using robust authentication methods
Prep Up for More Sophisticated Ransomware Attacks
We have been witnessing a surge in state-backed cyberattack operations. Not only are countries establishing their own intelligence forces, but nation states are more often seen collaborating with local ransomware gangs for mutual benefits. Since many ransomware gangs are “protected” by their state, ransomware operations will likely grow increasingly sophisticated and destructive in the coming year.
There is no perfect solution to mitigate ransomware, as the intrusion method varies from time to time. Some attackers gain access through privilege escalation, while others exploit web vulnerabilities and misconfigurations. An easy solution to reduce ransomware damage is database encryption. Not only should data be encrypted during transmission, but sensitive corporate data must always stay encrypted even within a protected enterprise network. Ransomware operators lose significant bargaining power when the compromised data has no use to them.
Another useful mitigation strategy is to segregate IT and OT networks, especially for organizations with manufacturing and logistics facilities and physical infrastructure. Physical targets have become increasingly popular among ransomware operators, making it a must to isolate OT infrastructure from the IT environment.
Secure the Edge in the Era of 5G
In 2022, we will begin to see wider deployment of 5G infrastructure that will gradually replace LTE. With faster communication speed, more and more software applications and IoT devices will utilize edge computing for more efficient data processing. Companies are integrating edge computing into their IT environments to make remote access and virtual collaboration between workers more manageable.
Securing edge computing is much like securing the cloud, with the most crucial priority being encryption. Not only must all sensitive data be encrypted while traveling through the network endpoints, data stored in databases must also be encrypted at all times.
The Importance of Comprehensive Zero Trust Security
With growing endpoints, it might seem challenging to secure an organization at every layer. It is important to acknowledge that despite these transitions and technological upgrades, the fundamental security mechanisms stay the same. From network and web application firewalls to database encryption, identity verification to access control, IT and cybersecurity professionals should utilize these effective security measures to build a zero trust architecture.
For more information on security implementation, check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Automotive, Energy, Industrial, and Urban Solutions: Penta IoT Security
For detailed inquiries, contact Penta Security’s security consulting team.
