Threat Landscapes

    Transitioning into 2021, we still believe ransomware and data leaks are going to be primary concerns for enterprises, as ransomware offers a very direct and quick pay-off for hackers. Additionally, when ransomware attacks are executed, there could be problems in the supply chain, also known as OT security.

    For example, recently, when a large pipeline was attacked via ransomware, gas prices skyrocketed. Data leaks, on the other hand, have an immediate negative impact on the brand name of the enterprise in question, which in turn can affect perception and value of a brand.

    Though we are no longer in a full lockdown, the remote work force status quo is becoming widely accepted and the new norm is now the hybrid work model. In such a scenario, CISOs now must concern themselves with how to secure this new environment. Are VPN solutions good enough? What about IoT devices, home networks, branch offices, and others? We believe these topics will be challenges in the coming year.

    Finally, we cannot discuss the changing threat landscape without discussing the expanded attack threat surface and how delivering the fundamentals of security is still imperative. New technologies and new forms of connectivity are continually sprouting up left and right. Despite that, don’t forget the fundamentals. Studies have shown that phishing is still the leading methodology utilized by hackers to infiltrate networks.

    Hackers are also still using malware, inserting viruses, and hunting for exploitations of commonly used programs, such as the recently discovered log4j2 vulnerability. We recommend enterprises to follow security best practices, keep up with the common vulnerability patches, and identify their critical assets that require protection.

     

    Cloud Security

    One major development in the cloud is the increased adoption of container technology. Containers are more dynamic than VM’s because they are deployed and retired at a much faster rate than even VM’s. The sheer volume of containers is much greater than the amount of VM’s deployed. Whereas a VM partitions a large portion of the physical CPU to operate as a separate “machine within a machine”, a container simply partitions a small portion of the physical device’s CPU for small tasks, such as running specific applications. 

    In 2021, we’ve also seen an increased demand for a hybrid/multi-cloud security solution. AWS is no longer the only prevalent solution — Microsoft Azure has been growing much faster in the US as well. Incidents like AWS’s eastern region blackout have shown enterprises that multi-cloud or backups may likely be the safe solution moving forward to avoid blackouts.

    As the cloud space is being utilized more, ZTNA and XDR are forced to evolve as well, with such solutions expected to support cloud technology. Additionally, as a result of this increased interest in the cloud, compliance responsibility isn’t as much a split responsibility between the Cloud Service Provider and the Corporation. Instead, it is now mostly resting on the shoulders of the CSP and has become a serious consideration when corporations look at CSPs.

     

    AI in Security

    In the past year, AI has proven to be promising technology that is sure to make a splash in the cybersecurity industry. Nearly all products in this space claim to implement elements of AI. Some may use machine learning, whereas others may use statistical methods.

    However, it should be noted that we are nowhere close to AGI. Such claims should be carefully reviewed before any serious consideration is made. That being said, AI still has many shortcomings. Current AI technology is capable of flagging many questionable events, but is often unable to explain the causal reasoning behind said triggers.  

    Just like how AI is being leveraged to bolster defenses, AI is similarly being leveraged to augment attack schemes. Oftentimes, hackers will simply purchase the latest detection engines, and train their algorithms and malwares to avoid detection protocols of a specific detection engine.

    This is additionally why we believe the future of AI implementation isn’t so much for augmenting signature-based detection, but rather, to be used in behavior-based detection. Whereas signatures can be hidden, there is certain behavior of a malware that is going to exist, no matter how the malware attempts to disguise itself. 

     

    Security for distributed workforce

    When the pandemic struck, the global workforce was obligated to shelter-in-place, thereby launching the dawn of the remote workforce. Though society is trending toward normalization, some trends are here to stay. Whereas full-on remote work may not be the status quo anymore, hybrid work — a blend of remote and in-person work — has taken over as the new status quo. Because of this, connectivity, in tandem with security, is still at an all-time-high demand.  VPN is still the dominant technology, despite a lot of interest in SASE and ZTNA.

    When it comes to ZTNA technology, it provides more secure access than VPN technology because it is controlled not just on the connection level, but also on the access level. Interest in remote work technology has boosted the interest in ZTNA. Although VPN may still be the dominant choice for legacy infrastructures, new infrastructures, such as the cloud, are privy to the implementation of ZTNA technology.

    What SASE envisions is an edge. On one side of the edge rests the home offices, branch offices, and other IoT devices interconnected by a security fabric. This fabric can then be delivered through the cloud as a service. We definitely see the validity of such an architecture and it is one of the technical directions we are working to move toward. 

    Compliance

    The past year has moved toward a prioritization of user privacy, especially in terms of giving users more control over how their data is being used. Moreover, as the geopolitical environment worsens, laws dictating how data is transferred between geographic locations have become more stringent.

    Just this past year, large enterprises were issued massive fines for not being compliant, such as the infamous Amazon incident. Moving forward, even small and medium sized businesses won’t be exempt from these rules. We foresee continued struggles between major powers playing a large role in data privacy evolution in 2022.

    Cyber resilience

    Long gone are the days where a security infrastructure is erected and users can go on about their day worry-free. Nowadays, when security incidents pop up, they are no longer considered exceptions; rather, they are considered the norm. With such a reality, it is perhaps even more important to bolster our ability to respond to said threats. To be resilient is to be able to bounce back quickly and efficiently despite threats and breaches.

    The process of reaching cyber resiliency can be broken down into a few steps. First, mapping out all digital assets and determining which ones are critical to business processes. 

    If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.

    Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.

      Follow us to learn more

      CONTACT US

      Let’s walk through the journey of digital transformation together.

      By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

      11 + 8 =