As 2021 wraps up, we’re taking stock of the year from our cybersecurity point of view. After a tumultuous 2020, this year continued to be a roller coaster of new workplace conditions, disruptive cyberattacks and optimism in government action.
Below we list our top 3 trends and hacks that stood out for 2021, followed by what we see are the trends to watch for in 2021.
If 2020 was the year of WFH (work from home), 2021 was the year of hybrid work. In many respects, it’s fascinating how much the workplace has changed in two years. Before 2020, while some businesses embraced a “work from anywhere” culture, only 20% of the workforce actually worked from home. Even with the capabilities to allow teams to collaborate, managers were still skeptical of the effectiveness of remote work and many companies, 80%, shunned remote work programs prior to Covid-19.
Fast forward to 2021 and businesses slowly began having employees return to the office, but now using a hybrid model where employees work part of the time in the office and WFH the rest of the time. However, for network security teams this is more than just having staff come back to the office, there are several complex network security considerations that must be addressed.
As employees rotate in and out of the office, companies will need to create plans and new safety protocols to keep their networks and employees safe. Most notably, employees could bring malware that is hiding in their laptops, waiting to move onto the corporate network. Employees may have also added unknown software and applications to help them while working from home. While helpful at home, they could prove dubious once on the network.
Shocking Infrastructure Hacks
Still reeling from the Sunburst cyberattack of December 2020, the summer of 2021 saw not only a rise in ransomware attacks, but malicious actors targeting critical infrastructure.
Attackers, such as the cybercriminal group DarkSide, have become more emboldened because of some of the incredible amounts of ransom paid for ransomware attacks recently. For example, attacks on the city of Florence, FL and Yazoo County School District, MS, cost each $300,000, while the University of San Francisco (UCSF) paid $1.14M in ransom. Once a capable hacker sees the potential to gain millions of dollars, many are willing to take the risk to try and infiltrate critical businesses in the hopes that one or more will pay up.
Critical services and infrastructure are also being targeted at increasing rates because bad actors found that by targeting infrastructure, they could not only disrupt business operations but society in general and hit consumers in the pocket. In addition, businesses don’t want to lose money by being offline, as every day not producing is very costly in lost revenue. Hackers found they can leverage causing societal disruption to demand larger ransoms delivered faster to get services up and running as soon as possible.
Significant infrastructure attacks of 2021:
Oldsmar Water Treatment Plant
On February 8, 2021, hackers accessed the water treatment plant of a small Florida city and changed the city’s water supply levels of sodium hydroxide from 100 parts per million to 11,100 parts per million. The changes were quickly discovered, and the sodium hydroxide levels were restored to their original levels with no harm to the water supply.
In March 2021, CISA assisted multiple government agencies, critical infrastructure entities, and other private sector organizations that had been using Pulse Secure’s VPN appliances targeted by hackers exploiting a zero-day vulnerability. This hack was significant because it targeted and compromised government agencies and companies in the U.S. and Europe.
On Friday, May 7, the news broke that Colonial Pipeline had been hacked and shut down its operations until the problem was resolved. The ransomware attack took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast. The attack was the result of a compromised password as hackers gained entry into the networks through a virtual private network account.
On June 1, 2021, less than a month after the Colonial Pipeline ransomware attack, JBS announced that they had experienced a cyberattack. A major, global meat producer headquartered in Brazil, JBS has more than 150 plants in 15 countries. The company was the target of an organized ransomware attack that affected servers supporting its North American and Australian IT systems.
Global and Government Coordination on Cybersecurity
International collaboration and government action on cybersecurity finally took center stage in 2021. In October, President Biden held a 30-country virtual meeting aimed at combating the growing threats of ransomware to economic and national security. The goal of the alliance is “to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically.”
In addition, the US and EU recently announced plans to join the Paris Call for Trust and Security in cyberspace, a multi-stakeholder group of supporters that includes states as well as private sector and civil society actors. The Call is built around a shared commitment to safeguard the benefits the Internet provides all people, protect individuals and infrastructure and promote the widespread acceptance and implementation of international norms of responsible behavior.
Lastly, efforts to protect schools from cyberattacks have increased with the K-12 Cybersecurity Act recently signed by President Biden that instructs the Cybersecurity and Infrastructure Security Agency (CISA) to look at the cybersecurity risks schools face, and to develop recommendations and guidelines to help schools implement protections against these risks.
TRENDS TO LOOK FOR IN 2022
The growing number of hacks and security risks has agencies and companies investigating or moving to zero-trust strategies, with the Biden Administration even mandating zero trust for federal agencies. Zero Trust is one of the latest cyber security trends to protect digital environments. However, it isn’t a platform or device, rather it’s an initiative to protect digital environments based on the key principle that instead of first making services available and then locking down access to those services, no access is granted at all unless it is specifically and deliberately given. This principle is applied to users and devices.
It’s a simple and clear concept, but the ‘how’ can vary depending on the way each vendor implementing the concept chooses to do so. At its core, it uses micro-segmentation to break up security perimeters into small zones to create separate access points for separate parts of the network. While access may be granted to one zone, access to other zones will require separate authorization. Policies are set to give users the least amount of access needed to complete a task.
For additional layers of security, Zero Trust employs other security measures such as two factor authentication, identity and access management (IAM), and other verification methods, or by using an Identity Provider so that all authentication and authorization is centrally managed.
For a company looking to set up a zero-trust solution, one of the potential misconceptions is that zero-trust requires a completely new type of infrastructure with a costly brand-new solution.
However, it’s feasible to build on the investments that companies have already made. Zero Trust is not one type of technology vs another. It’s not about whether VPN is used underneath or something else. Zero-trust isn’t a platform, or a device. It’s an initiative for digital environments based on the key principle that no access is granted unless it is specifically given. This can be done using solutions that provide zero-trust with VPN technology underneath, or it can be done with other technologies that grant or deny access.
Evolving Cyber Threats
After the success of high-profile ransomware attacks in 2021, look for these types of attacks to evolve and become more sophisticated. Malicious actors will use more AI and machine learning to be more convincing at compelling action that leads to a breach.
In 2022, cyber threats will include more deepfake content to trick victims. The audio or video used in deepfakes is developed using AI or machine learning to alter or create content that misrepresents someone. Deepfakes have been especially successful in phishing attempts and identity theft and financial fraud. For example, a phishing scheme may use audio or a video of a CEO asking an employee to send money. Thinking the request is real, the employee complies, and the funds sent are lost.
To combat deepfakes, steps to spotting and reporting them must be included in all employee cybersecurity training. For example, facial features are hard to recreate, and close examination may reveal a fake. In addition, if possible, confirm with the supposed sender to see if the message is real.
In Untangle’s 2021 SMB IT Security Report, “lack of manpower” was named one of the top three barriers to network security for small and medium businesses. The ongoing skills gap will continue to be a threat for 2022. Currently in cybersecurity, there is a shortage of workers in just about every position, from entry-level to executive, and across industries. At the core of the issue is there just aren’t enough skilled workers for the positions available. While computer science is a growing major in colleges, only a small portion of graduates are going into cybersecurity. To fill these positions, the industry and companies, will need to take action and:
- Learn how to recruit Generation Z
- Upskill current employees
- Invest in education
SOURCES2021 Cybersecurity Wrap-up and Trends for 2022 first appeared on Untangle.
*** This is a Security Bloggers Network syndicated blog from Untangle authored by [email protected]. Read the original post at: https://www.untangle.com/untangle/2021-cybersecurity-wrap-up-and-trends-for-2022/