Enterprise security trends and recommendations for 2022

As we’re moving into the new year, this post is a round-up of key trends in cybersecurity that we have observed in recent weeks.

Here is all you need to know about the threat landscape right now, with 3 practical steps at the end of this post.

Key points:

• What are currently the biggest security challenges?
• What are the key trends in cybersecurity?
• What can you do to protect your employees and colleagues?

Here is what you need to know about enterprise security right now.

A WORD FROM A FRIEND

We asked cybersecurity expert Alex Weinert for his insights on the current threat landscape. Here are his thoughts and advice for you:

The biggest cyber trends I see in the next 12 months are going to be centered on accountability. The executive order, combined with the profound increase in supply chain attacks and demonstrated vulnerability of critical government and civil infrastructure is going to force us all to demand and provide accountability in our cybersecurity practices between organizations and their partners, regulators, and customers.

Meeting these demands will be out of reach for many organizations, so helping them partner with security organizations (infra providers, consultants, etc.) as well as trust their vendors at every level will require doubling down on certifiable audits and increased transparency in security practices.

From a technical perspective, we will see increased utilization of Nobelium style techniques (including supply chain and app abuse) for penetration and detection avoidance, but with luck we will also realize that much of the vulnerability surface area can still be addressed with the basics of Zero Trust – explicit verification of requests, strict application of least-privilege access policies, and ensuring you have telemetry and automation for an “assume breach” posture.

The vast majority of Nobelium attacks were derivative of on-premises network compromise and lax multi-factor-authentication policies – so I really hope one of the trends of the next 12 months is broad adoption of security fundamentals like multi-factor auth.

- Alex WeinertDirector of Identity/Security at Microsoft

CYBERCRIME IS AN INDUSTRY

Ransomware should no longer be considered just a cyberattack – it is clearly made for profit, as are other incidents.

Hackers even disclose some industry configuration details for other attackers to use in their attempts. You could practically get 24/7 support for performing your own cyberattack if you wanted.

It’s big business, and it should be treated as such.

PHISHING ATTACKS ARE THE LARGEST CYBER THREAT

Last April, Microsoft took down 2000 fake logon sites for Office 365 in just one day. Bad agents take quite an opportunistic approach, targeting mainly small businesses with COVID-relief packages.

If it seems like the bad guys are getting organized, it’s because they do. In fact, you’ll likely sooner find instructions for how to create a phishing email, than on how to identify one.

1. Around 30% of attacks are based on social engineering, especially phishing. Once user credentials are taken, permissions can be elevated, getting the bad guys further into your environment.
2. An attack can last a few weeks, during which your corporate information is being downloaded. Then attackers can install ransomware and lock you out of your systems.
3. By the time you get the payment request, it’s already too late. And if your business information leaks, that’s not good news for your customers nor stakeholders.

Everyone assumes it won’t happen to them – it will. It might already be happening.

Identity First and Zero Trust can support your strategy

The security perimeter has changed. Your users are now the weakest point of your network. In addition to protecting identities, you need to make sure every employee knows they’re part of the threat environment. Make them part of the solution, instead of the problem.

It doesn’t mean you need to make everyone an expert, but everyone at your organization should have a baseline understanding of best practices. Security is everyone’s business.

The Zero Trust approach puts identities at the core of your security. It works on the principle of continuous access evaluation.

You can use tools like Microsoft Graph Security to assess a user’s threat profile at every request. If anything changed – permissions, resource, connection, device, or anything else – reauthentication is triggered.

It’s not just about access and passwords – Zero Trust also applies to developers and apps. When building a new product, we need to think about how to embed security within. It needs to be a part of the package, not an add-on.

Here you can read more about Zero Trust.

BUSINESSES STILL FAIL ON THE CYBERSECURITY BASICS

The technology to help your business stay secure is already there. In fact, often organizations have too much technology in place, already paid for, but they’re not making the most of it.

Your attitude to risk is what can make the difference between an incident and a disaster.

There are easy things you can implement today to make your network safer:

• Multi-factor authentication –we mention it at every opportunity, and still, it’s not implemented often enough. It can reduce the number of incidents with credential phishing
• Conditional-based access – key to limiting access to your resources
• Full remote device management – endpoint security is especially important for a remote workforce
• Patching – Software vulnerabilities leave gaps in your network. Move updating to the cloud, so it’s done automatically. The economy of scale works to your benefit – new patches are rolled out all at once to everyone, so you can take advantage of them.

3 steps to a better security posture

Here is what you can start doing today to improve your organization’s preparedness when it comes to cyberthreats.

1. INTRODUCE THE CULTURE OF SECURITY

If you want to stay in business, you need to make security the top priority for your company. It means you’ll need to be an internal salesperson, to get the buy-in from the decision-makers. Some practical advice:

1. Visualize the cost of threats to the board of directors.
2. Think of security as insurance – you always buy one for your car with the assumption that nothing will happen and you won’t need it. The same goes for cybersecurity.
3. Show employees what they can do themselves – whether it’s assigning a larger budget, conducting internal training, or implementing best practices in daily work. Work up and down the chain of command.
4. Challenge yourself – think about what you don’t know and be curious. A lot has changed in recent years. Keep learning and leading by example, to foster a culture of security at your company.

2. DON’T PANIC

Remember the key principle: observe – orient – decide – act.

You can’t act until you understand what’s happening. You’re wasting efforts that way.

Your tools are only as good as your configuration. Specify the key assets to protect and make sure you’ve got your basics sorted out, like offline backup and incident response procedure.

One of my favorite quotes goes: “all of this has happened before, and will happen again”.

So be prepared for the future. Address the basics. Know who has access keys to the backups, and whom to contact when you need help getting back online.

3. GET SUPPORT

Here’s the thing about cyberattacks – most organizations will only deal with them once. This means there’s nowhere to get experience with them ahead of time.

But you no longer need a large in-house cybersecurity team. Services like Azure Security Center and Azure Sentinel can provide crucial SIEM and SOAR capabilities.

Even better, security tools – and consultants – are available as a service. Like the one we offer: Managed Security Operations Center. Take advantage of it and don’t fight your battles alone.

Key takeaways:

1. Don’t underestimate the risks. Make security your priority, not an afterthought.
2. Review the basics. Many attacks can be avoided by simple processes like regular patching, using MFA, and conditional access.
3. Plan for the worst-case scenario. What will you do if your processes fail? Make sure you have a recovery procedure in place and emergency contacts on hand.

‍