Nearly three-quarters of the way through 2021, it is a good time to take stock on the state of cybersecurity and lessons learned this year.
As 2021 progresses, one thing is clear: attacks are on the rise and threat actors are seizing the opportunity to cause disruption in an industry still navigating the effects of a worldwide pandemic. In fact, according to State of Cybersecurity 2021 Part II, 23 percent of organizations reported additional activity disruption during the COVID-19 pandemic.
In the same report, information security professionals reported that the top five forms of cyberattacks experienced this year so far are social engineering (14%), advanced persistent threats (10%), ransomware (9%), unpatched systems (8%) and DDoS (8%).
But it is not all gloom and doom. In fact, many organizations have started to invest heavily in cybersecurity training and awareness programs to combat cybercrime and prevent breaches from occurring. Among those who have invested, 32 percent of organizations reported a strong, positive impact from training and awareness programs on their business in 2021.
To understand the current state of cybersecurity and what to expect for the remainder of the year, let us look back on the past nine months and examine some of the industry’s biggest moments of this year so far.
Current State of Cybersecurity
In 2021, cybersecurity has remained as relevant as ever for organizations with senior leadership teams and boards of directors prioritizing it as a business imperative.
Cybersecurity practices and measures are slowly getting better. However, adversaries are quick to come up with new and sophisticated ways to thwart our best efforts at protecting devices and data. While we continually improve on technical controls, the human factor is slow to catch up and is a consistent attack vector utilized by nefarious actors in the form of social engineering attacks such as phishing.
Among the many cyberattacks that have occurred in the last six months, one of the biggest was the Colonial Pipeline Attack. In April 2021, hackers entered the Colonial Pipeline Company networks through a private account, which was used by its employees to log in remotely. Although, the account was not in use, it was still accessible by hackers after its password was leaked to the Dark Web. On 7 May, an employee discovered a ransom note demanding cryptocurrency before 5 a.m. This, in turn, forced management to shut the entire pipeline down for the first time in its history.
Another big event in cybersecurity arrived in the form of the SolarWinds attack. Though it took place in late 2020, its effects continue to impact 2021. On 13 December, a commercial software application created by SolarWinds was the victim of a highly sophisticated cyber intrusion. The advanced persistent threat (APT) actors managed to infiltrate the SolarWinds supply chain and inserted a backdoor. As a result, once customers downloaded the installation packages from SolarWinds that were infected by Trojan Horses, the hackers were able to access the systems that run the products.
The Kaseya attack was another big event that occurred earlier this year. Also the victim of ransomware, the IT solutions developer, Kaseya, announced on 2 July that cybercriminals leveraged a vulnerability in the organization’s VSA software. Reminiscent of the SolarWinds attack, the attackers were able to compromise it so they could push malicious software updates to thousands of customers. The full extent of the attack and how many accounts were affected has yet to be determined.
These cyber incidents are all prime examples of how the threat landscape is changing as much as it is staying the same. But could this have been avoided?
As with most cyberattacks it’s easy to point out where the company went wrong and how it could have been avoided. The “hindsight is 20/20 rule” is in full effect with cybersecurity. However, most of the attacks mentioned are great examples of improperly monitored, documented and protected systems. While we do not know much about the attack vectors of Colonial and Kaseya, as investigations continue, one can guess that it was either a social engineering attack (via phishing most likely) or an unmonitored device. There was a report that Colonial had recently gone through a third-party IT audit and had either ignored the findings or was slow to improve upon controls and policies.
There are tools, such as cyber maturity solutions, that can aid in ensuring that cyber practices are not only in effect but also being measured and improved where needed. Cyber maturity practices also provide monitoring best practices to continually ensure safeguards are in place and up to date using best practices.
The Effects of COVID on Cybersecurity
As with most industries, COVID has had profound effects on the cyber landscape. As companies continue to move to remote operations, employees and infrastructure, it shifts the threads of the communications between devices. IT and cyber departments now have hundreds (if not thousands) of employees working from home all with different home network setups and security measures in place (or not). As a result, the cloud and digital supply chains have become the target of many attacks in recent months as well.
Attackers now have more devices on separate networks to try and use as a door into the large company networks, and there is no end in sight. Some companies are turning toward more aggressive protection models such as zero trust – however, the focus is shifting to end users and ensuring that employees understand the cyber risks and threats that are out there.
Cybersecurity in 2022 and Beyond
Ransomware is the new “smash and grab” of cybercrime.
Attackers will continue to go after the low-hanging fruit but prices for the return of precious data will most likely fall as people become more aware of the threat and new protections are put into place. Companies will need to take a serious look at the vendors they work with and what accesses and monitoring processes they are using for internal resources. The digital supply chain will become more vital and thus more of a target to attackers.
Moreover, social engineering will continue to dominate as the vector of attack until companies can find a way to build a true culture of cybersecurity, train employees properly and improve individual cyber-behavior and hygiene.
Even though data breaches continue to occur, cybersecurity technology and practices continue to innovate. To sufficiently protect against the many forms that cyberattacks can take, organizations need to place cybersecurity at the forefront. Understanding cybersecurity is key to locating the right kinds of protection.
Editor’s note: For more information on the latest in cybersecurity in 2021, download our infographic on the State of Cybersecurity 2021 Part 2: Threats. To improve cyber maturity in your organization and be better prepared for 2022, visit the CMMI Cyber maturity Platform.