Listed below are the key technology trends impacting the cybersecurity theme, as identified by GlobalData.
Maintaining the security of IT systems is a constant struggle for organisations of all types. Cyberattacks are frequent and increasingly complex, perpetrated by those furthering a geopolitical cause or attackers intent on making money. In 2021, enterprises invested more in cybersecurity and cloud architecture due to employees working remotely during the pandemic. This also sparked a meggers and acquisitions (M&A) boom in the tech sector.
Ransomware and cybersecurity
According to the EU Agency for Cybersecurity (ENISA), there was a 150% rise in ransomware attacks from April 2020 to July 2021. ENISA has described the threat picture as the “golden era of ransomware”—partly due to attackers’ multiple monetisation options. Ransomware is a multi-faceted offensive campaign that also involves an attack on the brand reputation of the victim. Attackers are now operating secondary monetisation channels, auctioning exfiltrated data on the dark web.
A Cybereason survey found that 35% of businesses that paid a ransom demand paid between $30,000 and $1.4m, while 7% paid ransoms exceeding $1.4m. About 25% of organisations reported that a ransomware attack had forced them to close down operations for some time.
Ransomware as a service (RaaS)
Ransomware as a service (RaaS) has become an established industry within the ransomware business. Operators will lease out or offer subscriptions to their malware creations for a price. The lucrative nature of RaaS and the difficulty of tracking down and prosecuting operators suggest that this business model will continue to flourish in 2022.
In the absence of strong security measures, cyber attackers can target the misconfigurations of security settings to steal cloud data. A March 2022 ‘Cloud Security Report’ from Check Point Software, based on a survey of 775 cyber security professionals, revealed that cloud security incidents were up 10% from the previous year, with 27% of organisations citing misconfiguration, ahead of issues like exposed data or account compromise.
Cloud misconfiguration is typically caused by a lack of awareness of cloud security and policies; inadequate controls and oversight; too many cloud application programming interfaces (APIs) and interfaces to adequately govern the system; and negligent insider behaviour.
Convergence of security technology solutions
Secure access service edge (SASE) first emerged in 2019 as a cloud-based IT model that converges a range of previously separate security and networking functions into a single architecture that applies zero-trust principles to how access to data is managed. But SASE is in danger of being superseded by a new model, security service edge (SSE), which typically incorporates the security half of SASE and consists of secure web gateways, cloud access security brokers (CASB), and zero-trust network access (ZTNA).
The bottom line is that security technology convergence is accelerating, driven by a need to reduce complexity, cut administration overheads, and increase effectiveness.
Protecting chips from cyberattacks is becoming a necessity as chips end up in mission-critical servers and in leading-edge, safety-critical applications. As systems vendors and original equipment manufacturers (OEMs) increasingly design their own chips, rather than buying commercially developed devices, they are creating their own ecosystems and are, therefore, making security requirements much more of a home-grown concern.
Macroeconomics is a key driver. The discovery in 2017 of high-profile security vulnerabilities—notably Meltdown and Spectre—meant chip vendors had to patch their security holes with software. That meant that customers, who had upgraded their servers to make the most of new processors, then lost much of their performance improvement. That, in turn, forced them to add more servers to process the same volume of data in the same amount of time.
Cybersecurity supply chain threats
Cyberattacks targeting software supply chains are increasingly common and typically devastating. They came to the fore in 2020 when Russian hackers broke into SolarWinds’ systems and added malicious code to the company’s software system.
While thousands downloaded the malware, SolarWinds announced “the actual number of customers who were hacked through SUNBURST to be fewer than 100.” This number is consistent with estimates previously released by the White House.
These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Organizations can evaluate their attack surface and develop systems and infrastructure to defend against threats and manage vulnerabilities.
Critical national infrastructure (CNI) threats
Cyber threats against CNI are increasing, and governments are taking steps to recognise them. The 7 May 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI.
In Australia, the list of regulated CNI sectors has expanded to include higher education and research, communications, banking and finance, data, defence, energy, food and grocery, healthcare, space technology, transport, and water and sewerage. This formal expansion of CNI coverage will become a global trend as governments address cyber risks.
CNI organisations are increasing anti-ransomware precautions, mandating multi-factor authentication for remote access and admin accounts, locking down and monitoring remote desktop protocol (RDP), and training employees to spot phishing attacks and other threats.
Internet of Things (IoT) threats
Despite the interest in IoT, executives remain nervous about security. About 54% of respondents to an Inmarsat survey on IoT said they could not use IoT data effectively due to security and privacy concerns. In addition, 50% of respondents cited the risk of external cyberattacks. Close to half, 48%, responded to IoT security issues by creating an internal IoT security policy to mitigate these threats.
Device mismanagement and misconfiguration are significant concerns. Security oversights, poor password hygiene, and overall device mismanagement are all issues that can weaken IT security.
Artificial intelligence (AI) threats
AI is essential to information security. It can swiftly analyse millions of datasets and identify various cyber threats. But attackers can also use AI as a weapon to design and carry out attacks. AI can mimic trusted actors, copying their actions and language. Using AI means attackers can also spot vulnerabilities more quickly, such as a network without protection or a downed firewall.
AI can also find vulnerabilities that a human could not detect, as bots can use data from previous attacks to spot slight changes. Cybercriminals can use data collected from a specific user or other similar users to design an attack to work for a particular target.
Although ransomware represents the biggest threat to organisations today, insider threats still pose a challenge as the job market shifts in the wake of the pandemic. With many employees changing jobs and companies trying to keep them by offering flexible working and vacation options, there is an increased risk of insider threat.
According to VMware, the number of employees leaving their jobs but potentially still having access to the corporate network or proprietary data has created a headache for IT and security teams.
The growing use of managed cybersecurity services
Managed security services (MSS) provision is growing. According to the UK government’s 2022 Cyber Security Breaches Survey, 40% of businesses and almost a third of charities (32%) use at least one managed service provider. The core of an MSS provider’s (MSSP) business is in providing round-the-clock security monitoring and incident response for an enterprise’s networks and endpoints. However, as enterprise networks grow and evolve, support for other platforms, such as cloud-based infrastructure, has become a critical component of MSSP’s security portfolio.
Using an MSSP is typically intended to augment or replace an organisation’s internal security team, while other services offered by providers include intrusion prevention systems (IPS), web content filtering, identity access management (IAM), privileged access management, vulnerability scanning, and threat intelligence.
New cybersecurity vulnerabilities
New vulnerabilities are always coming to light, and they can be difficult to fix. One that emerged in December 2021, an obscure but frequently used piece of software called Log4j, is a prime example. The Log4Shell bug affected devices and applications running vulnerable versions of the Log4j Java library.
Officials at the US Cybersecurity and Infrastructure Security Agency (CISA) warned that hundreds of millions of enterprise and consumer devices were at risk if the bug was not patched.
Zero trust adoption
The zero-trust security model is emerging as a long-term solution for organisations to data breaches. It eliminates the concept of trust from an organisation’s network architecture. In a zero-trust world, only authorised individuals can access selected applications.
The underlying principle is that no implicit trust is granted to you as a user just because you are behind the corporate firewall. Zero trust recognises that trust is a vulnerability. Once on the network, users, including attackers, can move laterally and access or exfiltrate data.
An offensive approach to cybersecurity defence
The increasing number of attacks against CNI has led to cyber authorities worldwide working more closely together. According to US Cyber Command, the US military plays a more offensive, aggressive role in combating digital threats. The UK now has a National Cyber Force, whose activities build on a previous National Offensive Cyber Program. France also has a cyber strategy with both defensive and offensive capabilities.
The end of passwords is a prediction that comes around every year, but some progress is finally being made. In 2021, Microsoft announced that its users would no longer need passwords to log in to their accounts. Instead, they could use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to access apps and services.
This will likely benefit users and the IT staff, providing more back-end options that support password-less multi-factor authentication (MFA). However, it is challenging for businesses to transition away from passwords completely. Successful deployment requires companies to invest in the right resources, training, and end-user communication systems.
Extended detection and response (XDR)
XDR is an emerging cybersecurity model that is growing in its adoption and driving mergers and acquisitions (M&A). XDR is a series of tools and datasets that provides extended visibility, analysis, and response across networks and clouds in addition to apps and endpoints. Normal endpoint security typically focuses on containing and removing threats on endpoints and workloads.
XDR is designed to extend those capabilities beyond endpoint security to encompass multiple security control points to detect threats faster using data collected across domains.
This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.