Last year cast a shockingly bright spotlight on cybersecurity with the risks that surfaced due to the rise of remote work. The year was capped off by one of the most significant supply chain hacks. This incident, coupled with the onslaught of ransomware and other cyberattacks in 2020, provides an opportunity for some deep insight into where the focus of cybersecurity efforts needs to be in order to prepare for the future.
By Derek Manky, Chief of Security Insights & Global Threat Alliances, FortiGuard Labs
The supply chain became a bigger target
Supply chains have faced threats since time immemorial, but this time the hack took the threat to a whole new level. As the attack unfolded, a significant amount of information was shared by affected organizations. Monitoring this emerging intelligence closely, enabled the creation of IoCs to detect related activity.
Communications with internet infrastructure associated with SUNBURST detected in 2020, show the attack made victims globally. The “Five Eyes” intelligence alliance exhibited particularly high rates of traffic matching the IoCs. Additional evidence of possible spillover targets underscores the interconnected scope of modern supply chain attacks and the importance of supply chain risk management.
The chief takeaway from all of this is that supply chain security can’t be ignored. CISOs need a supply chain risk management plan to establish policies and procedures for dependencies and exposures. This plan should document key risks throughout the system development life cycle. That includes design, manufacturing, production, distribution, acquisition, installation, operations, maintenance, and decommissioning.
Bad actors are rapt with APT
Though SolarWinds got most of the headlines at the end of last year, many other APT groups continued unabated in their illicit activities in the shadows. For instance, they kept exploiting the pandemic in a variety of ways in the second half of 2020. This included attacks focused on stealing intellectual property, gathering personal information in bulk, and nabbing intelligence aligned with the APT group’s priorities.
The more familiar an organization is with its adversaries and the better it understands their tactics, techniques, and procedures, the better it is able to array effective defenses against them. Persistent adversaries will get in somehow, but successful organizations are able to find and flush them out quickly. Visibility into and focusing on the latest tactics, techniques, and procedures relevant to your organization’s threat profile is a must. Ignorance is their ally, but it’s definitely not yours.
Home is where the heart – and the risk – is
At the risk of sounding like a broken record, the major shift to remote work has had a massive impact on cybersecurity and continues to do so – shining a light on all sorts of potential vulnerabilities and attack vectors. IoT devices gained importance for attackers, in large part because of the blurred divisions between home and corporate offices.
Malicious actors have demonstrated their willingness to subvert the sometimes less-than-enterprise-grade security inherent to many of these devices now that they’re effectively part of the corporate perimeter. That means employees may be accessing corporate resources from a compromised environment—a security model that many organizations are unaccustomed to.
Remote working isn’t going away. Rather, it’s become the standard for a significant portion of the global workforce. It’s unlikely that in-office working will return to pre-pandemic levels. Accordingly, CISOs must move toward deploying viable long-term security strategies for their remote workers.
Takeaways that drive a strategy
The supply chain is under serious attack, the devices and networks of home offices increase the threat landscape, and advanced persistent threats will persist. These are the key takeaways of 2020 that will inform the security strategy of 2021.
As organizations face attacks on all fronts, that strategy will need to be one of broad awareness and integration. Threat intelligence remains central to understanding these threats and how to defend against evolving threat vectors. Visibility is also essential, especially when a significant number of users are outside the typical network setting. Every device in a home office creates a new network edge that must be monitored and secured.
Organizations can leverage artificial intelligence in automated threat detection to address attacks immediately, not later, and is a modern requirement for mitigating attacks across all edges. They should also keep cybersecurity user awareness training as a priority since cyber hygiene is not just the domain of IT and security teams. Everyone needs effective and ongoing training on best practices for keeping individuals and the organization as a whole secure. In a threat environment that mixes old and new tricks, CISOs must create a strategy that can address them all.
About the Author
As chief of security insights and global threat alliances at FortiGuard Labs, Derek Manky formulates security strategy with more than 15 years of cybersecurity experience. His ultimate goal is to make a positive impact towards the global war on cybercrime. Manky provides thought leadership to the industry and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is actively involved with several global threat intelligence initiatives, including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee, and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.