By Yoram Salinger, Perception Point CEO
Statistics tell us that as time progresses, there are more cybersecurity attacks, and the severity of those attacks have evolved as well, causing irreversible amounts of damage. Overall, I think organizations have become better at preventing cybersecurity attacks as the world becomes better at sharing information-when you have multiple organizations sharing information on potential cyber threats that we know of.
The problem are cyber threats that we do not of and that’s what it makes it so tough to prevent against cyberattacks. Even if you are doing 100% of what you need to be doing and following all the best practices and deploying new technologies, there is still the chance that an attacker will bypass all the defense mechanisms put in place. And as breaches become more sophisticated, their consequences become more complex and costly to remediate. Enterprises need to continuously evaluate their cybersecurity tools to ensure that they are best protected from these constantly evolving attacks.
The Most Common Attack Vector
One the one hand, the perimeter layer probably receives the brunt of attacks. On the other hand, email continues to be the main attack vector for attackers to penetrate the organization. New cloud collaboration platforms are also a growing vector for content-borne attacks. But the initial breach, , is just the first phase of the attack which can be used to laterally attack the entire organization. If an attacker can reach the endpoint, then we can assume that they were able to get through all the layers between the perimeter and the endpoint. It’s always an interesting debate at what layer should be most protected.
What Organizations Overlook in their Cybersecurity Infrastructure
Building your organization’s cyber defense infrastructure is a continued process that evolves just as the attack landscape evolves. The problem is that organizations do not take the time to evaluate all the tools that keep getting added to their cybersecurity stack. As more systems become deployed, they get harder to manage and no one is auditing the efficacy of those systems, be it legacy or next-generation technologies. This puts a strain on security teams, and inherently limits their ability to focus on preventing attacks. Organizations should do a yearly audit of their toolkit and determine what can stay and what needs to go.
Cybersecurity Continually Impacted by Human Intervention
Cybersecurity is impacted by human intervention from different angles, which we can pretty much see across the life cycle of an attack. The most obvious angle being the attackers themselves. However, the other angle are the recipients of the attack. It can be on the individual level, or as an employee part of a larger organization.
Despite the number of tools and services that are used to detect and prevent cyberattacks, the reason they still succeed is due to human error. Attackers continually take exploit the human need for communication and collaboration, and as the cyberattacks themselves become more sophisticated, it becomes more challenging to set off those internal warning bells that something is not what it claims to be.
The third angle is the Security and SOC teams who are responsible for intervention and remediation. Looking to the future, the question is how many attacks these teams will be able to stop as cyberattacks become more elaborate.
#1 Rule for CISOs in 2022
There is obviously more than one rule, but if I were limited to only one rule, I would say that CISOs need to have their fingers on the pulse on new types of attacks, methodologies and techniques and what the next threat vectors will be. As cybersecurity has evolved over time, so have the types of attacks. CISOs need to be continually asking themselves where the attackers are headed, what new tricks do they have their sleeve and if their organization is ready to stop those types of attacks. In summary, CISOs need to think strategically and investigate the future as best as possible as they lay the groundwork for their cybersecurity infrastructure.
Looking to the Future: Content-Based Attacks vs. Context Based Attacks and Security for SMBs
The big question is what trends we are going to see in 2022.
A trend that remains the same year over year is that attackers are becoming more sophisticated. In general, we should be better at:
- Preventing malware since old viruses seem continue to wreak havoc on different industries across the board including healthcare and critical infrastructure.
- Business Email Compromise (BEC) and how attackers are using new techniques in phishing and Account Takeover (ATO) to create more damaging BEC attacks.
- Ensure that cloud collaborations channels are efficiently protected.
Additionally, I think that we will see more attacks on small to medium sized business (SMBs) in order to infiltrate larger organizations. Typically, SMBs do not have the security budgets, nor the SOC teams that enterprises have, which makes them a prime target for attackers. It is critical for cybersecurity companies to develop technologies that SMBs can deploy to protect themselves that do not require the budgets and/or human capital.
Lastly, organizations will need to shift from pure content-based detection and incorporate context-based protection into their cybersecurity stack. Both types of detection complement each other to a create “universe” of protection. Content-based protection is more deterministic in nature, e.g., figuring out whether an URL or file is malicious or not. Whereas context-based protection analyzes behavior, to see if there are any anomalies in order to suggest whether something is malicious or not. As cyber threats evolve, organizations will need to shift from pure reactive endpoint protection solutions to a more holistic approach that analyzes all network points for enhanced cyber awareness.
This article originally appeared in VMblog.com.