Zero day and known vulnerabilities
Increased media attention and big payouts will motivate cybercriminals to launch an unprecedented number of zero-day exploits, surpassing the record-setting number in 2021.
However, security leaders still need to look out for older, known vulnerabilities. As we previously mentioned, old vulnerabilities are still traded and purchased in underground markets, as enterprises often struggle with complex patch management. In 2022, we’ll see malicious actors continuing to take advantage of the growing “patch gap” within enterprises.
Compromising the connected car
The automotive industry will also see an uptick in targeted attacks, as cybercriminals move beyond hijacking IoT gadgets and cash-in on the goldmine of data delivered by connected cars via cameras, lasers, and other sensors. Forbes predicted the demand for smart car information will be valued around US$450 to US$750 billion by 2030; evidently, malicious actors are poised to turn a hefty profit from the booming connected car industry.
Future-proofing your security strategy
Understanding the current trends of cyberattacks is the first step to establishing a strong cybersecurity strategy. Next, you need a security strategy to effectively address continuously evolving threat trends and cyber risk across your enterprise. As a part of that strategy, the use of a unified cybersecurity platform with broad third-party integrations that fit into your existing security stack can be very effective. Look for a platform with the capabilities to support these three cyber risk mitigation strategies:
1. Attack surface management (ASM)
Software supply chain and other types of attacks can seem daunting, especially since the majority of proprietary software includes open source code, which is notoriously difficult to manage and introduces significant potential risk. Introducing attack surface management (ASM).
According to Tech Target, “attack surface management is the continuous discovery, inventory, classification, and monitoring of an organization’s IT infrastructure.” The difference between ASM and asset discovery and monitoring is ASM evaluates security gaps from the attacker’s perspective.
By approaching security from the eyes of an attacker, organizations can better prioritize and address risky areas of the attack surface. As the attack surface is constantly evolving and expanding, it’s critical to continuously monitor your environment to prevent vulnerabilities from going unnoticed. Regular testing will shore up any potential risks such as weak passwords, unpatched software, encryption issues, misconfigurations, and any pesky Shadow Cloud within the development lifecycle.
Ideally, you should select a platform that can help you discover and understand the risks of your attack surface, giving you comprehensive visibility as it continuously changes. This is especially important if you’re building in a multi- or hybrid-cloud environment with resources living in disparate environments. Leveraging automation, ASM will ensure your organization’s attack surface is secure, without slowing down development workflows, enabling developers to meet business objectives.
2. Ransomware mitigation
We often get asked: “Should I pay the ransom?” In an ideal world: no. It perpetuates the crime and proves you’re a victim willing to pay, which puts a bigger target on your back. However, during a crisis, it can be challenging to thoroughly explore all options. Just like cybercriminals plan an attack, enterprises need to plan a response.
It’s crucial to establish a ransomware playbook addressing the entire impact across all stakeholders, how to mitigate operational risks, ensure business continuity, and even ransomware negotiation strategies. This typically includes using cyber insurance, which now require the use of advanced detection and response capabilities in order to qualify for coverage.
Another popular question is: “What are the early warning signs of a ransomware attack?” Remember, ransomware is a post-breach attack, so stopping the initial access is the top priority but being able to also see what’s happing across the attack surface and being able to detect and respond fast is critical.
The zero trust approach is a great way to keep the bad guys out. Follow the mantra “never trust, always verify” before granting users, devices, and applications access to your network. After initial validation, remember to continuously monitor users, devices, and applications for the usual tactics, techniques, and procedures (TTPs) used in a traditional breach, such as unusual sign-on attempts from multiple locations at the same time.
You can’t stop what you can’t see. To successfully apply the zero trust approach, choose a unified cybersecurity platform that provides comprehensive native visibility across endpoints, email, network, servers, and cloud. Look for a platform with XDR capabilities to collect and correlate data from native sensors and across your IT ecosystem for deeper insights and less false positives, enabling security teams to use their valuable time investigating the most critical alerts.
3. Vulnerability and patch management
2021 was a record-breaking year with over 80 zero-day vulnerabilities used in attacks. Effective vulnerability management starts with hardening admin, critical app, and database accounts with MFA, patching, and advanced detection technologies like machine learning, AI, and behavior monitoring.
Patch management is very important and oftentimes very difficult for organizations to manage. The sheer volume of patches is overwhelming—it seems every Patch Tuesday has nearly 100 patches. And that’s just Microsoft’s patches. If you’re using several vendors, it can seem nearly impossible to 1) decide what to patch and 2) actually patch.
The rapidly shrinking time to exploit doesn’t help patch management either. In previous years, it took 30-45 days on average before you would see a vulnerability in the wild or a proof of concept (POC) was created on a disclosed vulnerability. Today, this all happens within hours, giving organizations less time to react.
Preparation is key. Like the ransomware playbook, establish a patching action plan is crucial, so you can react quickly and limit the scope of the attack.
Don’t approach patching as a “defend all or defend none” situation. Evaluate which area can do most harm if infiltrated so you can prioritize protecting and understanding the vulnerabilities associated with your critical data, systems, and hardware. Also look for risk mitigation options like virtual patching that can shield vulnerable systems from attack until patching can happen.
For additional insights into Trend Micro One security capabilities, click here. You can also check out the following resources to learn more about attack surface management and cyber risk.
Read More HERE