How can businesses protect their assets from cybercriminals in 2022? They need to start by staying ahead of threats; however, this remains particularly difficult when faced with a capable and determined set of adversaries. Protecting all assets all the time is unrealistic. The rate at which security patches are released is a testament to the number of vulnerabilities introduced, found and remediated. The industry is forever adapting to attacks and incursions, and the bad guys continue to win.
Data breaches. Ransomware. Both are at an all-time high. 2021 saw the highest average cost of a data breach in 17 years, and the shift to remote working continued to wreak havoc on networks, further impacting the cost. The average price of a data breach was $1.07 million higher when remote work was a factor. With remote workplaces here to stay, businesses must remain extra vigilant to protect their fortresses and prioritize network protections.
Ransomware continues to peak. It’s affected every aspect of people’s lives — from access to healthcare to the ability to get groceries. Ransomware doubled in frequency in 2021, and 37% of global organizations said they were the victim of some form of an attack last year. Attacks hit supply chains and caused widespread damage, and governments and vendors are taking note.
Perimeter-only defenses will no longer be fit for purpose in the next year with all these threats. Numerous recent cyber events that breach perimeter defenses are proof. The SolarWinds attack is a perfect example.
After criminals broke into the network, they inserted malware into a software that was pushed out and ultimately impacted customers.
The supply chain is still dealing with the consequences of this. The Colonial Pipeline hack is another example. When the system was breached, using compromised VPN credentials, the ransomware caused significant disruption and forced Colonial to shut down the major fuel supply for the East Coast, and it cost the company over $4 million in ransomware payments to turn it back on.
Network owners must assume that the perimeter will be compromised, and that means they must defend the internal/core network as if each node was a perimeter node.
The first course of action is to adopt a zero trust architecture. Organizations should have zero tolerance for not adopting zero trust, meaning it needs to be an absolute must for network managers — for your organization and your partners. If your business doesn’t adopt this approach in 2022, it’s negligent. It needs to be mandatory.
A zero trust paradigm requires network owners to address each asset individually and ensure it operates within security and compliance policy requirements. Network managers will need to continually assess all devices rather than assume they are in an acceptable state, as configurations change, resulting in unintended security and compliance errors. This is termed configuration drift and can expose security issues unintentionally.
This year, organizations need to focus on three priorities when addressing network device vulnerabilities:
1. Configuration. Many security problems arise through errors introduced unintentionally into the device configurations. Patching software will not address them. Knowing that technology is properly configured to prevent an attack and remediate. It is an important step to maintaining good cyber hygiene. Every configuration should be continually monitored to prevent devices and endpoints from becoming less secure.
2. Automation. The enormous size of software and misconfiguration vulnerability problems is evidence for why detection and remediation must be automated. Many of the leading security standards, such as the Federal CDM program, PCI-DSS 4.0, and the new release 5 of NIST 800-53 require a continuous approach to network integrity and vulnerability monitoring to meet compliance standards.
3. Developing a comprehensive cybersecurity posture. Software vulnerabilities and configuration errors give rise to security flaws. Businesses must develop a position that recognizes incursions will occur. This is where zero trust architecture comes in. It allows you to accept that intrusions are inevitable, and then your intent must be focused on limiting damage by preventing lateral movement in the network to the greatest degree possible.
How we defend networks has changed over the years. Defending the perimeter to ensure no one gets in doesn’t work. Someone always will. The question then becomes, how do you protect your assets once they do? Building sounds cyber resilience and adopting continuous measures is the foundation you need to build. Otherwise, next year, your business could become another statistic on the list of breaches that occurred.