The security landscape is constantly changing. We looked to three experts to share their perspectives on the current state of cybersecurity, the most significant challenges organizations face today, and what trends are worth watching over the next year.
How would you describe the general state of cybersecurity today?
Holschuh: Cybersecurity is starting to get the attention it deserves. News headlines are full of companies impacted by breaches or that had their operations disrupted due to an attack. Security companies continue to innovate and routinely surprise me with their new technologies. However, ever-evolving threat actors counter these innovations by finding new ways to exploit vulnerabilities and humans. Security teams must stay updated on current threats and invest in technologies with inputs from many different sources.
Azzone: I still see mid-sized businesses in regulated industries and companies in the public eye setting up security programs for the first time. Cybersecurity has been around for nearly two decades in a relatively mature state for government, energy, and other high-value target organizations. However, cybersecurity is still an afterthought for much of the private sector, especially those who don’t handle payment data.
What are the top concerns most industry-leading companies are facing in cybersecurity?
Holschuh: When speaking with my peers and executive partners, ransomware is one of the concerns that always bubbles to the top. There are so many potential delivery vectors that it isn’t possible to protect against them all. IT systems have become so critical to operations that a long-term outage would significantly impact revenue and reputation. The knee-jerk reaction is to pay the ransom to restore operations, but that money is re-invested in creating new ransomware technologies that continue the cycle. Even if you have good prevention technologies and solid back-ups, the time it takes to restore impacted systems might be longer than the business can tolerate. These attacks generate a significant amount of money for the bad guys, so it’s no wonder it is so pervasive.
Why are companies shifting more budget to security detection and response versus prevention?
Mayger: On average, companies detect intrusions in three weeks. During this time, cybercriminals have ample opportunity to steal data, extend their reach across the network, or achieve persistence and escalate their privileges. According to an IBM study, the cost of a data breach in 2021 was $4.24 million. Consequently, security budgets prioritize detecting and responding to malicious activity before attackers get on networks and cause damage.
Azzone: A major factor may be that traditional prevention technology typically aims at preventing known threats, while detection and response solutions are getting better at recognizing patterns of behavior for both known and unknown threats. These solutions can identify abnormal behavior that preventative software may entirely miss. It is critical for detection and response capabilities to quickly identify and respond to events, whether that be through automation or an effective Security Operation Center (SOC).
What do cybersecurity hacks look like in 2022?
Holschuh: I think the cybersecurity hack of 2022 involves minimal technology compromise. Social Engineering and Business Email Compromise attacks are on the rise and are very difficult to prevent. The goal is to trick the user into providing information or transferring money to the bad actor. These attacks include creating fake bank accounts, fake invoices, fake phone numbers, impersonated email signatures, and other brand impersonations. Implementing robust training, an awareness program, and additional email filtering systems are your best bet at protecting against this type of attack. Patching a vulnerability or closing a firewall port can’t prevent the attacks. You are relying on the human element, which can be very unpredictable.
Mayger: As Jeff mentioned earlier, ransomware will remain in the news. Companies will get hacked because their employees fall prey to phishing and other social engineering exploits. Attackers will find improperly secured networks, unpatched machines, and weak or default passwords. The news headlines will be that these companies aren’t following best practices.
What trends in cybersecurity are worth watching over the next 9 to 12 months?
Holschuh: Identities and end-users are two of the most critical components of cybersecurity. The corporate firewall once protected corporate systems. Now, applications are available to any device anywhere. The identity is the primary protection for these always connected systems and their associated data. Many of these systems have APIs and mobile-friendly sites that need authentication protections tailored to their use cases.
Finally, end-user training and awareness are as important as ever. I would watch for technologies that provide advanced email curation using AI and natural language processing. Filtering out social engineering attempts, detecting business email compromises, and removing content before it reaches the end-user will help protect against fraudulent financial transactions.
What can organizations do to operate in the cloud safely and securely?
Mayger: The best advice I can give is to have a cybersecurity program grounded in best practices. NIST and CIS frameworks and other best-practice cybersecurity frameworks provide guidance for a secure network environment, including the cloud.
Azzone: I think it’s essential to engage a third-party partner who can help with the journey and provide an outside perspective. From a solutions-based standpoint, I’d say finding the best detection and response solution for your particular workload is invaluable.