By Oluwaseun Adebisi Olaniyan - Senior Analyst, Supervisory ICT Risk and Cybersecurity, MFSA
The ever-changing cyber-threat landscape can be described as a cause-and-effect relationship globally. This article examines some notable current trends in Cybersecurity.
A Growing Attack Surface
In recent times, there has been a massive migration to cloud technology, deployment of artificial-intelligence-based solutions, and the proliferation of the internet of things (IoT), amongst other developments. These products range from workloads like containerised applications and services, to devices like smart phones, desktop computers, earbuds, and smart systems with inherent vulnerabilities, that constantly increase over the years. Certain processes such as unplanned cloud migrations and the swift procurement of IT products and services, to accommodate a newly remote landscape to keep business operations running, have created new levels of vulnerability and associated risks.
As the attack surface(s) continue to grow, it is important that organisations adopt an enterprise-wide strategy on identity and access management, enabling them to secure better the digital assets that drive their business processes.
Malware and Phishing
According to ENISA , “the threat landscape is becoming extremely difficult to map. Not only attackers are developing new techniques to evade security systems, but threats are growing in complexity and precision in targeted attacks”. The sophistication of cybercriminals has also improved over time with stealthier attacks and zero days: using advanced malware, encrypting enterprise data and backups, and actively exploiting misconfiguration in cloud services.
In recent times, cyber-criminal groups are becoming more advanced in their phishing exploits with the use of machine learning, and more organised sharing of information on the dark web.
Also, supply chain attacks have become prevalent, with major examples being the SolarWinds’ Orion and Microsoft exchange server exploits, in the first quarter of 2021.
The Era of Remote Working
Before the COVID-19 pandemic, most organisations’ policies were adamant about allowing employees to work remotely. The pandemic has pushed organisations to provide either full or partial remote working for almost all staff. Working remotely has become the “new normal”, even as pandemic restrictions are eased, and has broken an age-long barrier in the corporate environment.
From a Cybersecurity perspective, this has shifted the security perimeter away from the organisation’s physical infrastructure to the end-user or endpoint as the case may be. Policies, tools, and continuous awareness for end-users should be in place to ensure that risks emanating from the ‘new normal’ are adequately mitigated.
Improved Security Capability and Cyber-Inclusion
The risk associated with the pandemic era has given the Cybersecurity aspect more capability - with organisations compelled to reference and employ more Cybersecurity experts or create units to tackle matters related to corporate security and risk. Additionally, there is an increased budget for Cybersecurity programs, including the purchase and deployment of security solutions and products. According to a Gartner survey “78% of Chief Information Security Officers (CISOs) have 16 or more tools in their Cybersecurity vendor portfolio; while 12% have 46 or more.”
The use of Extended Detection and Response (XDR), Security Information and Event Management (SIEM); Security Orchestration, Automation, and Response (SOAR), Network Traffic Analysis (NTA), and Endpoint Detection and Response (EDR), has increased visibility across networks, cloud, and endpoints, while correlating threat intelligence across security products is further boosting detection and response.
Moreover, lessons learned from cyber-breaches and vulnerabilities have facilitated the adoption of multi-factor authentication (MFA) and rapid adherence to zero trust policies.
Adopting and implementing security best practices to better mitigate risks and maintain the best security posture should be of utmost importance to every organisation operating in the “new normal”. Businesses should stop perceiving Cybersecurity as a technical subject, but rather treat it as a holistic business matter, that has a bearing on the survival of the organisation.