Exclusive: Learning the lessons of 2021

Mark Adams of Cohesity discusses the new strategies that CIOs and CISOs need to employ to mitigate the cyber threat.

Those intent on infiltrating computer systems to access, delete, exfiltrate or immediately extort sensitive data constantly evolve their approach to counteract measures being taken to block them. Inevitably this means those tasked with protecting computer systems and data also have to evolve their strategies.

While we see security breaches appear in the news with alarming frequency, what hits the headlines is just a small proportion of the true picture. Large, household name organisations are understandably reluctant to admit to gaps in their security setup, while smaller and medium sized organisations, even if they do go public, are less likely to make headline news.

With successful attack numbers likely to be much greater than we know, what have we learned about security in 2021, what should organisations be looking out for and what should Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) consider as they think about bolstering cybersecurity defences in 2022? 

Ransomware continues to evolve

Ransomware continues to be a powerful and potentially devastating type of cyberattack. In particular, Ransomware as a Service (RaaS) has seen continued evolution during 2021. This phenomenon, whereby bad actors develop software and make it available to non-technical cybercriminals, has opened up more opportunity for targeting smaller and medium sized organisations.

The logic is clear. A ‘bespoke’ attack on a large organisation can yield multimillion dollar payouts but needs technically astute execution. A generalised attack on smaller organisations via RaaS may have smaller individual yield, but a greater overall yield. 

However, in its Sophos 2022 Threat Report the cybersecurity firm says that the release of some materials relating to RaaS has helped them to identify tactics, techniques and procedures that might indicate an attack in progress, helping them to thwart attacks.

RaaS will continue to be a significant threat in 2022. For CIOs and CISOs the challenge is not just ensuring their defences are strong and able to cope with evolving ransomware strategies, but they have a suitable set of recovery plans in place to deal with issues when they arise; which they inevitably will.

Using AI to bolster threat intelligence

The last two years have seen many organisations learn that they can work well with a distributed workforce and this has become the norm for a significant number. A distributed workforce means that protecting a corporate network as a ‘walled garden’ is no longer appropriate. Today endpoint security is vital. That means not just securing a device, whether that’s a tablet, smartphone or laptop, but also being aware of how people are using these devices. Devices bring new threats into corporate networks and put your corporate data at risk.

Artificial Intelligence (AI) tools used as part of the IT offering from existing vendors can be used to enhance cybersecurity systems and tools. IT leaders should evaluate existing solutions to seek interoperability for threat intelligence. With some businesses getting over 200k cyberattack threats per year it is impossible for humans alone to manage this. While not providing any sort of blocking facility for incursions, AI can be used to identify potentially suspicious activity, can trigger automatic blocking and can alert the IT and security personnel that judge whether the activity is accidental, malicious or allowable mitigating the threat risk. CIOs and CISOs have an increasing need to be aware of the potential of AI in their cybersecurity armoury.

Going beyond Zero Trust in 2022

In May 2021, President Biden’s executive order called for improvements in national cybersecurity cited Zero Trust, a security methodology and framework built around the idea that no traffic on enterprise networks should be trusted, even if it’s generated by authenticated users.

The Zero Trust security framework is becoming an essential tool in the CISO’s arsenal, as it forces teams to rethink the way network access works and more closely scrutinise the products they rely upon.

However, in 2022 security teams must not only better understand Zero Trust methodologies and products and be ready to implement them but be ready to go beyond Zero Trust. Security can become an enabler for business that allows more intelligent access to systems and data while delivering a greater level of protection and governance.

Dealing with the cybersecurity skills shortage

If the constant evolution of the threat landscape doesn’t give CIOs and CISOs enough to worry about, the ongoing digital skills shortage is the unwelcome icing on an unpalatable cake. The UK Government’s Cyber Security Skills in the UK Labour Market 2021 report points to both a lack of appropriate skills and a lack of people available to work in cybersecurity roles.

The report notes that a quarter of all UK businesses are not confident of their capability on penetration testing, 43% are not confident when it comes to developing cyber policies and 32% are not confident when it comes to dealing with a breach. It further points out that 37% of all vacancies for cyber roles since January 2019 have been hard to fill and 18% of firms have existing employees in cyber roles who lack necessary skills.

The headache for CIOs and CISOs is clear here and suggests that all but the largest organisations and most attractive of employers may already be experiencing some issues with staff team competence.

CISOs must also invest in building an organisation-wide security culture. The most common cyberattacks, after all, aren’t caused by technical failings but result from social engineering or phishing exploits that take advantage of human error or oversight.

Planning for 2022

With the cybersecurity threat evolving and no real signs that the skills shortage will ease any time soon, 2022 could be a challenging year for CIOs and CISOs. The strategies they put in place now will stand them in good stead as the year progresses.

While major challenges lie ahead in 2022, smart CISOs can already look to the future as they think about solutions to these emerging issues. By embracing security strategies like Zero Trust and looking beyond to Threat Defense architectures and improving automation tactics, they’ll be better positioned to support the demands of a new hybrid workforce.

For many, the best strategy is not trying to meet the challenges entirely in-house, but instead to leverage relationships with vendors that operate within the data management sector, not just the security specialists and find highly skilled third-party IT services organisations to provide cybersecurity solutions. Organisations need to adapt and restructure and take help and consider what is available to them.

Not only can vendors and service provider organisations take care of the day-to-day task of protection, recovery and they can advise on best practice – for example on managing and supporting a remote workforce and will always have an eye on how the threat landscape is evolving, with a view to staying ahead of threat actors.

This article appeared in the February 2022 edition of International Security Journal. Pick up your FREE digital copy on the link here