By Ray Kafity, Vice President – Middle East Turkey and Africa (META) at Attivo Networks
Every year, IT and cybersecurity firms round up their predictions on their expectations for the immediate future. While predictions have a particular pull factor in the marketing sense of the word, we at Attivo Networks share our evidence-based forecasts into cyberattacker behaviour and tactics, techniques, and procedures (TTPs).
The 2021 Verizon Data Breach report highlighted that 61 percent of breaches involved credential data. If there is one thing we can learn from 2021, it is that cyber attackers focus on credentials to expand their reach into their victim’s networks, such as the Colonial Pipeline incident (where fuel shortages resulted from a single compromised password).
In the coming year, the focus for defenders should be on technology and solutions that can detect and derail such attacks before they can cause great harm to the organisation.
Enterprises will increase their investment in identity security solutions.
The rise in third-party attacks, remote working security risks, and the continuing evolution of ransomware have driven home the fact that traditional security solutions are no longer enough. And while existing solutions like Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) provide basic identity protections, their focus on authorisation and authentication leave gaps for attackers to exploit. To close those gaps, enterprises need to invest in Identity Detection and Response (IDR) solutions capable of providing expanded exposure visibility and detection specific to credential misuse, excess entitlements, privilege escalation, and other common identity-based attack activities.
Ransomware defences must get a badly needed refresh.
Ransomware 3.0 is here, characterised by double extortion, where cybercriminals encrypt files and leak information online to drastically impact the company’s image, profits, stock price, and more. There’s no longer a one-size-fits-all approach to defending against these attacks. With over 300 variants, stopping ransomware requires a multi-faceted approach that starts with protecting Active Directory and privileged credentials. In 2022, organisations won’t understand how each group operates and, instead, must improve their visibility to exposures and add detection measures based on techniques. Setting up traps, misdirections, and speed bump lures along the way will also serve as strong deterrents to keep an attacker from succeeding.
Active Directory (AD) protection, a top CISO-level concern
AD is an essential element of an enterprise’s network infrastructure, but it is intrinsically insecure and notoriously difficult to protect. Attackers are aware of its weaknesses and diligently target AD to increase their privileges, escalate their attacks, and mass-encrypt data for ransom. Mandiant, a leader in incident response services, named Active Directory exposures the top reason ransomware attacks continue to be successful. Business leaders and IT decision-makers cannot afford to let visibility and organisational divides leave exposures unaddressed and open for attack.
Insurance companies will raise rates and technology requirements.
Cybersecurity Ventures estimates that ransomware costs will reach $265 Billion by 2031, with an expected 30% year-over-year growth in damage costs over the next ten years. To help minimise their risk, insurance companies will increase their premiums and institute stringent security technology requirements as a prerequisite to extending coverage or making payouts. With Active Directory being a primary factor in almost every ransomware attack, insurance companies will look favourably at systems that detect in-network lateral movement and credential misuse, seek privilege escalation, and protect identity management systems, such as AD.
Supply Chain issue to increase complexity and risk
Supply chain issues force enterprises to order supplies months in advance, in larger quantities, and from new providers. The lack of supply will add complexity to new vendor management and qualifications as organisations adjust their purchases, and potentially standards, to support business operations. This change will introduce new supply chain security risks that could arise from software, hardware, and logistics security exposures.
Skill gap to impact attraction and retention policies
Women and single parents were disproportionately impacted by the pandemic when it came to their careers. With many employees stepping away from their jobs in 2021, combined with the skilled IT shortage and the anticipated Great Resignation of 2022, organisations will continue to compete to attract and retain highly skilled cybersecurity talent. Companies that offer robust benefits and perks, remote working, flexible hours, and subsidised childcare will come out on top in the battle for talent.
As we head into 2022, one thing for certain is that it is not a matter of whether attackers will breach Middle East organisations but when. With the over-emphasis of sophisticated attackers to compromise identities, CISOs need to include Active Directory in their cyber hygiene and posture management programs and look for continuous visibility capabilities when selecting technology to prevent and detect AD vulnerabilities, threats, and attacks. These capabilities include high visibility for AD vulnerabilities and exposures, detecting live attacks, and discovering misconfigurations.