It is not an overstatement to say that 2020 produced tectonic-level shifts in the way we learn, work and interact with each other. Forget the Internet of Things, we became the Internet of everything.
While we did the best we could to change our daily routines to a virtual equivalent, many of those changes came with new risks. In our haste to transition to this brave new virtual world, hackers saw new opportunities to exploit, steal and expose. From derivatives of basic attacks such as pandemic-inspired phishing attempts to Solarwinds (possibly the worst data breach in U.S. history), it was a sadly notable year for cybersecurity.
As we move further into 2021, I teamed up with Anca Pop-Charles, Principal Cybersecurity Consultant at Ross & Baruzzini, to discuss the current state of the industry and where we should place renewed focus as we look to turn back the tide on the ever-changing landscape of evolving cyber threats.
The Challenges
According to Pop-Charles, challenges abound in the way remote workforces have taxed legacy corporate IT infrastructure. “COVID-19 forced organizations to accelerate digital transformation efforts without considering how these efforts might increase cybersecurity exposure,” she says. “For instance, legacy Virtual Private Network (VPN) infrastructure that doesn’t have appropriate security protocols or patches in place continues to be a weak link for many organizations. According to the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), unpatched VPNs are a common exploit target for foreign bad actors and made their first appearance on their list of top vulnerabilities after being absent from that list from 2016-2019. Flaws in Citrix VPNs and Pulse Secure were noted as the most likely targets.”
Also noted in the CISA report were additional vulnerabilities related to rushed installations of business collaboration software.
“Pandemic-related budget constraints create another dilemma for Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs). Many of these professionals have sought to consolidate vendors and security solutions,” Pop-Charles says. “This consolidation is often rushed and not thoroughly tested, which can lead to unpredicted security problems that are more difficult to detect.”
New threats are also being introduced by the ever-growing Internet of Things (IoT), which may introduce vulnerabilities that IT teams cannot address in a timely manner. “Zero-day vulnerabilities” – the term that applies to exploits that have been exposed but not yet patched by the manufacturer – grow in lockstep with the number of connected devices. This leaves strained IT departments struggling to keep up with fewer resources at their disposal. There is also a reluctance to patch systems that are precariously keeping the entire remote workforce connected and afloat.
Additionally, hackers continue to exploit systems that do not have the most basic of security mechanisms in place. In the recently-publicized hack on the Oldsmar, Florida water treatment plant (read more at www.securityinfowatch.com/21209487), computers were running Windows 7, which no longer receives routine Microsoft security updates. Even worse, the computers were using a shared password.
According to officials at CISA, vulnerabilities like these are commonplace among utilities, infrastructure, and public works departments throughout the country. Lack of budgets to provide regular technology updates and audits of cybersecurity practices are the most cited culprit.
Zero Trust
In this frightening landscape of rushed technology deployments and sophisticated threats, what can be done? “Organizations need to find ways to focus on building efficient and cohesive network architecture,” Pop-Charles says.
One strategy is the adoption of a Zero Trust Architecture. The concept of Zero Trust is rooted in its simple name – never trust, always verify. By segmenting networks and limiting mobility between network segments, threats are reduced. First, an organization identifies its most critical network-connected assets, called the “protect surface.” The protect surface then becomes the focus of its own protective network elements. A dedicated firewall may be put in place, for instance, between the protect surface and the rest of the organization’s network. That firewall is then programmed to only allow the least amount of needed traffic, services, and users through to the critical assets, with additional inspection to provide a higher level of scrutiny to traversing traffic.
“Working towards a zero-trust architecture with a threat-hunting frontline is the necessary cybersecurity mindset to protect network resources from hackers in 2021 and beyond,” Pop-Charles says.
Evolving Solutions
While Artificial Intelligence may be an overused industry buzzword (I have complained about that previously – see www.securityinfowatch.com/21081725), it has its place in cybersecurity.
“AI is increasingly used in cybersecurity, primarily for pattern and trend recognition,” Pop-Charles explains. “One application involves leveraging AI to monitor and develop profiles around the applications and endpoints on a network by analyzing packet data. These profiles can then be compared to live network traffic to look for anomalies and discover threats while they can still be contained.”
To further the point, research from MIT’s Computer Science and Artificial Intelligence Laboratory suggests that a combination of AI and people produce far better results in detecting cyber threats than either can alone.
What additional steps should organizations be taking? “Many of today’s IT departments are forced into reacting to threats instead of planning for them; organizations should look to be as proactive as possible,” Pop-Charles says. “Involving subject matter experts to augment existing staff and resources is one way to subjectively evaluate current cybersecurity practices. Working with these professionals, cybersecurity strategies can be developed that are considerate of business needs, operational objectives, and compliance requirements.”
Brian Coulombe ([email protected]) is Principal and Director of Operations at Ross & Baruzzini | DVS. Connect with him on Linkedin at www.linkedin.com/in/brian-coulombe or Twitter, @DVS_RB.
