Security Leaders Don’t Believe In Traditional Approaches!
Each year, the cybersecurity world encounters new challenges and obstacles that organizations need to overcome. However, 2021 turned out to be an exceptionally dangerous year. Most notably, ransomware was a consistently hot topic within the industry following a string of high-profile incidents in which enterprises such as Kaseya and the Irish Health Service became targets. The ransomware attack on JBS was a stark reminder of how serious supply chain attacks can be. From a broader perspective, permanent shifts towards a hybrid mode of working and rapid cloud adoption have also led to organizations having to re-evaluate their security infrastructure, so that remote workers are fully safeguarded.
In a survey conducted in collaboration with Sapio Research in February 2022, among 200 security decision makers in companies with over 1000 employees in KSA and UAE, Vectra determined that 80% of respondents think traditional approaches do not protect against modern threats and that ‘the game needs to be changed’ when dealing with hackers.
76% say cybercriminals leapfrog current security tools, and that security innovation lags years behind hacker innovation
65% note that prevention is becoming obsolete – hackers have access to all prevention tools, so they already know how to navigate them
65% believe security guidelines, policies and tools are failing to keep pace with advances in cybercriminal Tactics, Techniques and Procedures (TTPs)
But while the region’s security professionals are clearly spot on regarding the need for a fresh approach to security with a focus on detection and response, and moving away from prevention-first strategies, there seems to be a disconnect. This is because 66% believe preventing hackers from breaching defenses is more important than detection after a breach has already occurred. Consequently, 48% invest more in prevention tools (only 21% reported investing more in detection and 32% reported spending around the same).
This may in part be due to legacy thinking about security and a lack of communication between security teams and the Board. 54% of respondents believe the Board to be a decade behind when it comes to security discussions, while 84% say the Board’s security decisions are influenced by existing relationships with legacy security and IT vendors. A further 60% say it is difficult to communicate the value of security to the Board, since it is notoriously difficult to measure.
The culmination of these factors does not bode well for regional organizations – 86% of respondents reporting that they purchased a security solution which has failed on at least one occasion and with 80% of respondents reporting a significant security event that required an incident response, the responsibility ultimately lies with organizations to rethink their security approach. Digital transformation is driving change at an ever-increasing pace. Yet companies are not the only ones innovating, cybercriminals are too. An evolving threat landscape is rendering traditional, prevention-focused defense increasingly ineffectual. Organizations need modern detection and response tools that shed light on blind spots to deliver visibility from cloud to on-premises.
This new approach to security could create the right conditions for effective cyber risk management. However, in order for the wider security industry to embrace this proactive culture, there needs to be greater communication and consultation between IT teams and the Board to ensure all parties have the same information.
Four areas of cybersecurity that will evolve in 2022
So how will the lessons learnt from the past shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.
1. Cloud security will come under increasing pressure
First, ransomware will shift to exfiltrating and encrypting cloud data. While this has occurred by attacking third-party processors of data (as we recently witnessed with the Labor Party member data being ransomed), 2022 is the year when data on the customer’s side of the ‘shared responsibility’ model will undergo direct attack by one or more ransomware gangs. Additionally, network defenders in the hybrid-cloud world must understand that RansomOps may be just as interested in pivoting up to the cloud from traditional corporate network enclaves, as they are in directly attacking cloud assets – perhaps, unsurprisingly, they will take the path of least resistance.
2. Adopting a proactive approach to minimize ransomware attacks
In terms of defending against ransomware, we are going to see a rise in the public dismantling of ransomware gangs and increased formal oversight over Information Security due to the prevalence of ransomware attacks. Yet, we can also expect a lamentable lack of preparation among many public sector entities to address the threat. Finally, we will see a relative reduction in ransomware outcomes versus data loss or exfiltration outcomes, so that Human Operated Ransomware is detected and stopped before it goes nuclear.
Summary and Overview
- Prevention trumps detection – Most believe prevention of attacks is more important than detecting the threats they pose. Just under half of the companies invest more into prevention tools.
- Difficulties in detecting modern threats poses dilemma – Failing to detect modern cyber threats is the most frequent issue, where most companies feel they may have been breached unbeknownst to the most, security solutions have failed to perform as expected at least one occasion.
- Middle Eastern companies make use of the guidelines – The majority of Saudi & UAE respondents have read the cyber security guidelines, with most finding them at least somewhat useful
- Regulators and legislators are generally up to speed – The general consensus is that regulators have adequate understanding of challenges while legislators are well-equipped for designing regulations.
- Room for improvement going forward – Over a third feel more security talent is needed on their team. Additionally, security tools are not always reliable and may miss threats.
3. Organizations have a growing demand for Managed Detection & Response services and automation
Besides ransomware, while the volume of managed security services will continue to grow, a non trivial subset of organizations will meet talent shortfalls with automation, orchestration, and analyst-augmenting AI. Organizations will recognize that outsourcing business contexts to an external entity might be exceptionally difficult, and a few well-equipped and supported internal resources may be more effective than an army of external resources.
4. Increased use of AI to counteract malicious use of MFA
The final area to focus on revolves around Multi-Factor Authentication (MFA). MFA is being enforced by some of the major tech giants including Microsoft and Google. This is mainly because hackers continue to succeed in stealing credentials and bypassing basic authentication. Although MFA is a step that everyone should take – criminals continue to prove that it is not enough to keep them out. In some cases, criminals are even using bots to help them work around MFA and this will continue to be an uphill battle for organizations. As a result, we will witness more organizations turning to AI-driven security tools to help prevent attacks that infiltrate MFA.
Being one step ahead in 2022
As 2022 presents its own set of security-related hurdles, it is vital for organizations to get ahead of the game to guarantee they have the best possible protection against potential threats. To achieve this, organizations should aim at implementing a detection and response strategy. This will usually employ combinations of AI and Machine Learning (ML) to identify crossover between authorized but suspicious activities, and the type of behavior exhibited by an adversary as part of an unfolding attack. If organizations assume they have been compromised and actively search for signs, they will be much better placed to detect all sorts of attacks in good time and stop them before they become breaches.