by Tom Kellermann, Cybersecurity Advisor at Attivo Networks
Cyber attacks are on the rise the world over and the landscape is ever-changing. From the dangers posed by administering a remote workforce, to the proliferation of malware and ransomware, planning defences against contemporary threats can be intimidating. Here, Tom Kellerman, Cybersecurity Advisor at Attivo Networks, provides an overview of his top five security trends for the coming year.
- Identity visibility in the era of cloud adoption
Organisations are migrating in historic numbers to the public cloud, but with this expansion comes unexpected security concerns with user identity management and the rise of “non-human” identities such as applications, databases, and data repositories. According to Gartner, Inc., “By 2023, 75% of security failures will be due to insufficient management of identities, access, and privileges, up from 50% in 2020.” Unfortunately, existing security systems are unprepared to handle this surge in resource management, resulting in over-provisioning access and increased security vulnerabilities.
CISOs must focus on identity-first security solutions that can keep up with this expansion as enterprises continue to embrace cloud infrastructure at an increasing rate and human and non-human identities expand to match. This can be accomplished by implementing a Cloud Infrastructure Entitlement Management (CIEM) system, which provides security teams with the maximum flexibility and visibility for ongoing monitoring of identities, entitlements, and correlation across standard cloud-based services.
Another option for businesses to protect themselves from credential theft is to use the “principle of least privilege,” which states that identity should only have the permissions required to perform its primary job function. While it may be unpleasant for employees to request additional rights when they need access to a specific network asset or area, it ensures that a single set of hacked credentials does not put the entire network at risk. To prevent overprovisioning, review your permissions policies and cancel any privileges that appear to be excessive or unneeded.
2. Identity detection and response
In today’s threat landscape, it is no longer enough to focus only on provisioning, connecting, and controlling identity access. Identity security must also cover credentials, privileges, entitlements, and the systems that manage them from visibility to exposures to attack detection and response. In a recent Gartner, Inc. press release, they listed “Identity-First Security” as one of the top security and risk management trends for 2021.
Identity Detection and Response (IDR) technology focuses on identities. It operates alongside Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and other similar tools. Its purpose is to provide greater visibility into credential misuse, entitlement exposures, privilege escalation, and other common activities that attackers seek to exploit or engage in within the network.
Despite the relative newness of the IDR category—new research by Enterprise Management Associates (EMA) shows that 27% of enterprises are already using IDR tools to protect against advanced attacks. Identity security will continue to be an area of focus as attackers find new and innovative ways to exploit these vulnerabilities. And as identities continue to expand beyond users and into device, application, server, data, and other identities, the value of both IDR and identity exposure visibility tools will only continue to grow.
3. Malware and ransomware remain top concerns
Despite significant investments in prevention solutions, malware and ransomware continue to top the list of attacks that concern defenders, increasing significantly during the pandemic due to the shift towards digital resources. The impacts associated with these types of attacks have never been more significant, as 2021 witnessed a rise in supply chain attacks such as the SolarWinds and JBS attacks. These attacks have caused harm not only to the targeted company but also to the subsequently affected supply chain.
This result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks. Different detection solutions and/or organisations need more layers of defence to halt these attacks.
Ransomware as a Service (RaaS) will only grow more sophisticated in 2022, providing adversaries with little knowledge of cyberattacks the needed resources to strike their targets. RaaS evolves just as quickly as defences do and form an ongoing threat to organisations.
4. Cyber deception
In 2021, the industry and experts made a concerted effort to educate the general public about the advantages of cyber deception. With the sophistication and destructiveness of attacks increasing, it became evident that businesses required cyber deception capabilities to detect attackers attempting to break out of a compromised network.
Deception is also known for its effectiveness in identifying exposed and abused credentials, which attackers exploit in most attacks. Even though sophisticated deception platforms became available in 2014, many security experts have dubbed 2021 the “year of deception,” a trend set to evolve and prosper well into 2022.
5. Remote work and the challenge of managing credentials
The storm has settled, and things are finally going back to normal in the business stratosphere. However, the term ‘normal’ has been redefined due to the pandemic’s effects on the workplace environment. As companies adjust to remote and hybrid working, the dispersed workforce does not represent the only challenge that the accelerated digital transformation presents.
As companies were met with financial instability, human resources were globally affected, and turnovers were made during and post-pandemic, as the ripple effects of the lockdowns are still felt throughout economies worldwide. This has resulted in employee transience and change. For the cybersecurity world, this has created a need for better credentials management throughout the upheaval of the workforce. The constant change in staff could also lead to an increase in internal risks, a trend threatening to make its way into the new year.
Tom Kellerman joined Attivo’s advisory board in October.
