Throughout this year, we have witnessed some of the most sophisticated, high-profile cyber attacks in history. The SolarWinds hack was already making headlines as we entered 2021. The Colonial Pipeline Hack and the JBS ransomware attack shook the U.S. in May. The 4th of July was marked by the horrific ransomware attack on the Kaseya IT Management Platform that impacted anywhere between 800 and 1500 businesses. And then, Pegasus spyware continues to be the talk of the town to date. Just because it notably targets activists, journalists, and political figures, it doesn’t mean there aren’t any business implications.
In the light of the cyber attacks that have haunted businesses of all sizes in the last few months, here are some common cybersecurity threats that all businesses should address urgently:
Phishing and spear-phishing
Phishing and spear-phishing are some of the most common attack vectors used by cybercriminals. In addition to massive phishing campaigns that target just about anyone who’d fall prey to them, attackers use carefully crafted, targeted spear-phishing attacks that sometimes appear to be coming from legitimate domains. Attackers can gather enough information about the executives of a company through social media to craft an email that sounds too genuine to raise suspicion.
The most effective strategy against such attacks is cybersecurity awareness training, including phishing attack simulations using real-world attack techniques. The training should especially focus on senior employees since older people are usually the most vulnerable to phishing scams. Since most of the phishing attacks are delivered via email, companies should implement anti-phishing standards and protocols like SPF, DKIM, and DMARC to block attacks that spoof legitimate domain names.
As more companies roll out 5G plans, the security risks associated with the new infrastructure and technology will keep surfacing. 5G relies heavily on software-defined networking and network virtualization. More software components mean more software vulnerabilities. With Multi-access Edge Computing (MEC), the data is no longer consolidated at a single storage point; it’s distributed across the edge, essentially widening the attack surface.
As the network perimeter becomes fluid and data comes closer to the edge, the security defenses must also follow suit. The future of cybersecurity is going to be SASE (Secure Access Service Edge). SASE architecture meets the unique needs of software-defined networking and combines several security protocols like ZTNA and CASB in a single offering. No matter where your data is stored or analyzed, it’ll always be within your security perimeter.
APIs are predicted to become the most frequently used attack vector by 2022. Pretty much all companies rely on APIs to connect different software components and microservices in their customer-facing and internal applications. But developers are known to prioritize functionality over security when crafting APIs. APIs often have broken user authentication or object authentication and expose too much information. As a result, attackers can tamper with API parameters, session cookies, eavesdrop and even launch DDoS attacks when APIs don’t impose resource and rate-limiting.
Shifting security to the left and making it a part of the entire development process is the key to avoid API security vulnerabilities. Companies must move towards implementing true DevSecOps where developers are well-aware of the coding best practices like implementing strong authentication and authorization and limiting the number and size of API requests. It should be the job of security teams to define and implement security policies and educate the developers about them.
There’s been a steady stream of stealthy and crazy expensive ransomware attacks this year. Under the Ransomware-as-a-Service (RaaS) business model, even amateur hackers can launch highly sophisticated ransomware attacks. Now RaaS groups are deploying double extortion ransomware variants. They use manual techniques to map entire networks, exfiltrate data and establish a presence in as many systems as they can before executing the ransomware. It ensures that companies are left with no option but to pay the ransom.
Phishing awareness, automated patch management, and vulnerability scanning are all essential for preventing ransomware. Off-site, disconnected backups can prevent data loss if (read ‘when’) ransomware hits the internal network. Given how widespread and devastating ransomware has become, every business should also have a ransomware response plan.
The threat landscape is as complex as modern IT and network infrastructures. Following the high-profile ransomware and espionage attacks this year, businesses have been under pressure to improve their cybersecurity practices. Despite this, the expense of cybersecurity can sometimes be as crippling as an attack. For most businesses, outsourcing security operations to an MSP could be a more viable option.
Still, it’s easier said than done since choosing the right partner isn’t easy either. If only there was an MSP comparison tool like the ones that compare insurance quotes. Until then, customer reviews, market reputation, and asking lots of questions will have to do.