Looming threats and advanced data protection in 2022

In terms of information security (IS), the year of 2021 presented a serious challenge for many companies. Regardless of methodology used to measure the «average temperature across the hospital» in the area of IS, all findings indicate that a new record has been set for both the average cost of a cyber attack to a business and the total number of reported cybercrimes. As early as at the beginning of Q4 2021, there were more reported cyberattacks than in the entire year of 2020, while the total damage from encrypting viruses alone is estimated at $20 billion (versus $11.5 billion in 2019).

What can we expect in 2022? And how to secure your business amid growing risks? Let’s look at the trends and find out.

Ransomware

For years, encrypting viruses and ransomware have been the bogeyman of IT executives. And for a good reason:
- As already mentioned, in 2021, the damage from encrypting viruses reached $20 billion. Unfortunately, the outlook for the next 10 years is not good. The research indicates that, by 2031, this amount will spike more than 10-fold.
- According to a survey of 5,400 companies in 30 countries, in 2021, 37% of organizations have been exposed at least once to an attack with encrypting virus.

Note that, even after paying the required ransom, the victim recovers only about 60% of its total data as, in many instances, it cannot be decrypted due to a fault in the encrypting virus.
There are several reasons for such explosive growth.

First, the encrypting virus operates in accordance with a very simple principle and often uses the built-in operating system mechanisms. On your computer, the data is continuously encrypted and decrypted for a variety of «legitimate» purposes that pose no threat whatsoever. That’s why the encrypting viruses often successively hide from the protection tools.

Secondly, the resale of encrypting viruses is gaining popularity in the darknet. This relies on a scheme called «Ransomware as a Service» when the hackers sell (and sometimes distribute for free) off-the-shelf ransomware. You don’t need any special skills to use them.

Attacks against software vendors

Last year was marked by a series of attacks related to vulnerabilities in the software provided by the vendors. It all started with a leak of SolarWind’s source code discovered near the end of 2020, which subsequently revealed a number of critical vulnerabilities in Orion platform used for IT infrastructure monitoring.

Microsoft also added more work to IT security experts and IT managers with a series of critical vulnerabilities in MS Exchange (the most popular mail server)..

The icing on the cake was a vulnerability in the log4j library which, without exaggeration, can be called one of the most severe vulnerabilities in history given its extremely high prevalence. This library has been used virtually everywhere — from computer games to enterprise level software.

For many companies, it was a huge issue as this class of vulnerability allows to gain full access to the resource exposed on the corporate network. This raised the question of finding vulnerabilities in an infrastructure spanning across hundreds or even thousands machines. Moreover, this has to be done as quickly as possible, because procrastination means multiplying the risks of being hacked. In addition, vulnerabilities must not only be identified but also promptly eliminated. In such situations, the effectiveness of such elimination depends on three key components:
- Well-established vulnerability management process.
- Human resources capable of conducting vulnerability analysis and assessment.
- Tools required to support the entire process.

The companies with inadequate investments in IS are expected to suffer the most. Many experts are still unable to assess the damage caused by log4j alone, calling it «unquantifiable.» Statistically, 3 out of 10 operating websites were affected by this vulnerability at the time when it was reported.

User-centric approach

Traditionally, the user is seen as the weakest link in the chain enabling a cyberattack and, so far, there is no apparent reason to change that opinion. According to studies, on average, every employee receives 14 phishing emails a year and, in some sectors, such as retail, this figure reaches 50. Note that, for a hacker, phishing is the most popular «entry point» because such attacks are very easy to scale. Entire databases of user addresses from various companies are offered for sale on the Internet. It’s easy to automate the distribution of such emails and, among the thousands of recipients of malicious emails, someone is bound to make a mistake.

The goal of a phishing attack is always the same — to manipulate the user into taking a reckless step by following a link to a malicious site, opening an attachment, or providing their details. All this sets off a chain of subsequent events. This is why IS experts pay special attention to communicating with their users by holding regular internal courses and sending dummy phishing emails for training purposes.

What can we do?

Clearly, responding quickly and appropriately to cyberattacks will soon become a matter of survival for businesses — the threat of attack is becoming too common, and the cost of ignoring it is too high. There can only be one conclusion — businesses will be forced to invest more and more in their own cybersecurity, security mechanisms, and human resources.
What aspects and technologies should be prioritized to build the most effective security in the company?

Your employees are the key!

There are a few tips to consider when building your future team for managing the information security:
- Avoid giving the IS function to your IT administrators as an additional task. First, this represents a potential conflict of interest. Secondly, this usually requires a totally different employee profile.
- Pay attention to processes. Clearly define how you will respond to various IS challenges. A clear process will save time and enable you to identify risks more effectively. There are many international standards and best practices — look at what they offer and improve your most liked version to customize it for yourself.
- Contact a professional, whenever possible. Consulting in the area of IS is very developed today. Sometimes, it's easier, faster, and less costly to seek outside expertise by arranging security as a service.

Advanced protection mechanisms

Just as any tool requires good and capable hands, so any good and capable hands would need a quality tool. Unfortunately, in the area of information security, there is no «silver bullet» in a form of a tool that would cover all your issues at once. Instead, imagine that the protection tools are bricks, each covering a different area.

Here is a short list of the most relevant solutions, in my opinion:
- Vulnerability Scanner is part of a must-have kit for every information security expert. It is at the center of the vulnerability management process. This class of solutions enables you to survive a log4j type crisis with much less loss and labor costs.
- Security Information and Event Management (SIEM) system is at the heart of the cybersecurity control center. This is where data from the entire infrastructure is accumulated and then analyzed to identify anomalies and suspicious scenarios. The solution becomes even more effective when you use analytics involving machine learning.
- XDR is a buzzword in the 2022 marketplace. This technology is a combination of EDR and NDR solutions that use artificial intelligence to analyze data streams on protected devices.
-A PAM system that monitors the use of accounts with elevated permissions. Monitoring these accounts is a cornerstone of information security.

Clearly, the list can go on and on, depending on the task at hand. It is based on the most common «pain points» found in most companies.