In 2020, chief information security officers (CISOs), chief information officers (CIOs), and their cybersecurity teams faced a digital pandemic of breaches, widespread supply chain attacks, and ingenious uses of human engineering to compromise enterprise systems. Bad actors were quick to capitalize on the chaos the COVID-19 pandemic created in order to compromise as many valuable enterprise systems as possible. The number of breaches soared as attackers targeted the millions of remote workers who didn’t have adequate security protection or sufficient training to be able to spot hacking and phishing attempts.
Enterprises fast-track cybersecurity as a top goal
According to PwC’s 2021 Global Digital Trust Insights report, 96% of business and technology executives prioritized their cybersecurity investments due to COVID-19 and its impact on their organizations this year. The report is based on interviews with 3,249 business and technology executives worldwide, and half of the surveyed executives said cybersecurity and privacy were being included in every business decision and plan. In 2019, that figure was closer to 25%.
The findings from PwC’s 2021 Global Digital Trust Insights: Cybersecurity Comes of Age study and the conversations VentureBeat has had with CISOs in the last year tell the same story: Enterprises are most concerned with protecting their cloud infrastructure from endpoint-based attacks.
While 64% of enterprise executives expect revenues to decline, 55% said their cybersecurity budgets will increase this year. To further accentuate how vital cybersecurity is to enterprises, 51% said they plan to add full-time cybersecurity staff this year.
Above: More executives are increasing their cybersecurity budgets than decreasing them in 2021. (Source: PwC 2021 Global Digital Trust Insights Survey)
Gartner’s 2021 Boards of Director’s Survey and VentureBeat’s conversations with CISOs, CIOs, and their teams over the past three months also corroborate PwC’s claim that cybersecurity spending is going up and being fast-tracked even in enterprises that expect revenues to decline. Gartner’s survey also had the following to say:
- Boards of directors and senior management teams see cyber-risks as the hardest to protect against and the most potentially lethal and damaging to current and future revenue streams.
- Boards’ interest in and support of security and risk management strategies is at an all-time high today, with a strong focus on how to reduce the incidence of human-engineered attacks succeeding against their enterprises.
- By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.
- By 2024, 60% of CISOs will need to establish critical partnerships with key executives in sales, finance, and marketing, up from less than 20% today as the business case for cybersecurity becomes more integral to the success of an enterprise.
Top cybersecurity lessons learned in 2020
Enterprises had to reinvent themselves in record time to keep running and be digitally adept as offices closed, and stayed closed. As a result, enterprises are now seven years ahead of schedule on their digital transformation initiatives, according to McKinsey’s recent COVID-19 survey. Record ecommerce revenue results for 2020 reflect the success of that effort for many organizations. On the flip side, the fact there were many cybersecurity incidents — many still unsolved — reflect the failures of that effort.
Bad actors’ abilities to home in on the cybersecurity gaps, in both systems and people, proved unerringly accurate in 2020. Of the many lessons learned in 2020, perhaps the most valuable is that the human element must come first. The following are the top 10 lessons learned one year into the pandemic, according to CISOs, CIOs, and their teams:
- Real-world supply chains are vulnerable to cyberattacks.Cybercriminals and advanced persistent threat (APT) groups are masquerading as trusted entities (pharmaceutical companies and health care providers, for example) to obtain privileged access credentials in attacks against the COVID-19 vaccine supply chain, according to the COVID-19 Exploited by Malicious Cyber Actors threat analysis from U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The attackers rely on techniques such as phishing, malware distribution, impersonating legitimate domain names by using terms related to COVID-19, and attacking remote access and teleworking infrastructure. A global phishing campaign targeted the COVID-19 vaccine cold chain in 2020, according to IBM Security X-Force’s threat intelligence task force tracking COVID-19 vaccine cyber threats. Privileged access management (PAM) is an area that survived IT budget cuts last year, CISOs told VentureBeat. Leaders in this area include BeyondTrust, Centrify, CyberArk, and Thycotic.
- Virtual workforces make self-diagnosing and self-remediating endpoints a necessity.With so much of the workforce operating virtually, endpoint protection is more important than ever. Endpoint protection platforms must be capable of securely configuring, patching, and managing operating systems and applications. That must include updating the security protocols, as well. Leaders in this area include Microsoft, CrowdStrike, Symantec, Trend Micro, and Sophos. In Absolute Software’s approach, the protection is embedded in the BIOS of devices from Dell, HP, Lenovo, and 23 other manufacturers to provide useful asset management data and continuous protection.
- Touchless commerce means QR codes are now the fastest growing threat vector.In 2020, businesses switched to QR codes for touchless transactions, and fraudsters capitalized on that trend. This shift makes unified endpoint management (UEM), passwordless multifactor authentication (Zero Sign-On), and mobile threat defense (MTD) essential for mobile devices. Fraudsters combined social engineering with easily created QR codes to access and drain victims’ bank accounts, install malware on devices, and penetrate entire corporate networks. Malicious QR codes can be used to open webpages, make a payment, or send messages without the user’s authorization, according to Ivanti’s QR Codes: Consumer Sentiment Survey.
- Cyberattacks against managed service providers (MSPs) are growing.MSPs are attractive because once a cybercriminal gains access to the MSP’s internal systems, all the customers are exposed. In 2020 cybercriminal gangs and state-sponsored hacking groups targeted MSPs with greater intensity than in previous years to gain access to the larger organizations that are their clients. “Threat actors are using hacked MSPs to launch cyberattacks against service provider customers’ point-of-sale (POS) systems and perform business email compromise (BEC) and ransomware attacks,” the United States Secret Service said in the Compromise Managed Service Providers information alert on June 12. The National Cybersecurity Center for Excellence and the National Institute of Standards and Technology has published recommendations for MSPs on how to defend against and recover from a breach. Recommendations include encrypting all data at-rest or in-transit to prevent data disclosure, both accidental and malicious. Vendors who provide cloud-based key management systems that support multi-cloud configurations include Fortanix, Micro Focus, Sepior, Thales, Townsend Security, and Utimaco.
- Attackers can compromise the software supply chain and modify executables.The SolarWinds breach showed that state-sponsored actors can penetrate the software supply chain and modify the executable files, all the while mimicking protocol traffic to avoid detection. Enterprise software companies, especially those involved in cybersecurity, need to design preventive privileged access controls into their DevOps process and strengthen them with detection-based controls (often included in privileged identity management platforms). SolarWinds taught everyone that having multiple preventive controls as part of a PIM strategy is essential. Key elements include having strong passwords, rotating passwords, adopting federated credentials and multi-factor authentication (MFA), and requiring privileged users to log in as themselves for better auditing and accountability. Leaders in this field, according to The Forrester Wave: Privileged Identity Management (PIM), Q4 2020, include CyberArk, BeyondTrust, Thycotic, and Centrify.
Above: The 10 providers that matter most and how they stack up. Source: The Forrester Wave: Privileged Identity Management (PIM), Q4 2020
- Social engineering can compromise social media platforms. Cyberattackers sold 267 million Facebook user profiles in criminal forums for $540. High-profile Twitter accounts for celebrities and political figures were hijacked to promote a cryptocurrency scam. In the Twitter breach, the bad actors used several techniques to access accounts, including bribing Twitter employees to access privileged account credentials and administrative tools. These incidents highlighted a stark lesson on the value of MFA and PAM, and suggest it’s time for social media platforms to require MFA to create an account. Leading providers of MFA solutions include Microsoft, Duo Security, Okta, Ping Identity, and Symantec.
- Use zero trust to manage machine identities.IT teams rolling out IoT sensors and devices into the production environment need to micro-segment the devices in a manner consistent with the organization’s zero trust framework. Securing these devices by taking a least-privileged-access approach is a must-do to prevent malware-based botnet attacks. The Mirai botnet was able to grow so large and powerful because so many machines and IoT devices did not follow the zero trust model and were deployed online with default security credentials. Leading zero trust security providers for machine identities, including bots, robots, and IoT, are BeyondTrust, Centrify, CyberArk, and Thycotic. Another to note is HashiCorp, which provides a purpose-built vault that scales to protect machine identities throughout DevOps cycles.
- Bad actors turned health care records into best sellers.From stealing laptops from medical centers to bribing medical staff for administrative logins and passwords, bad actors placed a high priority on stealing and selling protected health information (PHI). One of the largest laptop-based breaches recently compromised 654,000 patient records after someone stole a laptop from a transportation vendor who works for the Health Share of Oregon. The records contained patient names, contact details, dates of birth, and Medicaid ID numbers. A quick scan of the S. Department of Health and Human Services (HHS) Breach Portal shows that the average stolen laptop in the health care industry contained over 69,000 available PHI records.
- Cloud security misconfigurations are the leading cause of cloud data breaches. Misconfigured cloud systems open up opportunities for bad actors to access password storage and password management systems. According to a survey of 300 CISOs, 8 in 10 U.S.-based companies have experienced a data breach due to misconfigured cloud servers and accounts. The top three cloud security threats are configuration errors in production environments, lack of visibility into who has access in production environments, and improperly configured identity access management (IAM) and permissions. What’s needed is continuous assessment and improvement of cloud security configurations throughout the life cycle of applications and platforms. Cloud security posture management (CSPM) platform providers include Alert Logic, CrowdStrike, Palo Alto Networks, Saviynt, Sonrai, and VMWare.
- Infrastructure monitoring is essential for identifying anomalies. Breaches happened because administrators either didn’t implement monitoring or did not configure it to find anomalous events. This is one aspect of how the human element was one of the major weak points in cybersecurity last year. Log monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real time. AIOps is proving effective in identifying anomalies and performance event correlations on the fly, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform has proven successful in troubleshooting infrastructure problems and ensuring business continuity.