The nature of a trend is that it is developing consistently enough to catch the attention of the general public or a specific audience. Well, for better or for worse, cybersecurity professionals, experts and analysts are noticing troubling trends in malicious cyberattack activity—trends that don’t look like they’re going away any time soon:
- Expanding attack surfaces: An organization’s attack surface will only continue to increase due to the corresponding increase in the use of digital systems and hybrid work environments—60% of workers are remote and 18% of users won’t return to the office.
- Ransomware: While ransomware is not a new trend, the volume, cost and impact continue to increase. Just last year, there were 700 million attempted ransomware attacks in 2021 (up 134% from 2020).
- Policy changes: There’s an increase in security and privacy regulatory requirements, such as the Cyber Incident Reporting for Critical Infrastructure Act, which came about as a direct result of the increasing malicious cyberattack activity.
- Supply chain risk: The biggest cyberattacks of 2021 happened to large-scale supply chain and critical infrastructure operations, which reflect the major and increasing risk supply chain organizations face.
- Continued attacks on identities: Attacks on identities and credential compromise and misuse continue to be a common attack vector, with a specific focus on privileged credentials. Attackers are now actively targeting the IAM infrastructure itself.
Given all of this, Gartner predicted that by 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.
These trends are growing exponentially, showing a profitable and successful year for hackers and cybercriminals. But what’s not reflected in this data are solutions designed to combat these threats and the trends moving us toward a more secure and threat-thwarting future. Let’s dive into one of the most popular cybersecurity trends of 2022: Cybersecurity mesh.
Cybersecurity mesh, or cybersecurity mesh architecture, enables any person or thing to securely access and securely use any digital asset, no matter where it is located and to better defend the organization against security threats and sophisticated attackers. Digital assets (and individuals like remote employees and vendors) are increasingly located outside of the office, which is forcing organizations to rethink their approach to security controls. The perimeter defense strategy that shaped traditional cybersecurity approaches is, for all intents and purposes, gone. Cybersecurity mesh architecture helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers or in the cloud. It’s adapted through interoperable technology that can integrate and collaborate with other security tools to leverage insights, analyze data and instinctively adapt and react to access-related threats and activity.
Cybersecurity Mesh Examples
Cybersecurity mesh might seem like a great concept, but how can you realistically implement it into your security structure? We can examine several challenges organizations face to see how cybersecurity mesh practices can tighten security controls.
Example One: Siloed Technology
- The Challenge: Attackers don’t think in silos, but organizations often deploy siloed security and identity solutions. The challenge with siloed, legacy security tools is their reliance on their own analysis of data; few tools from different vendors truly interoperate with each other for shared security intelligence and triggering.
- The Cybersecurity Mesh Approach: Rather than every security tool running in a silo, a cybersecurity mesh enables tools to interoperate, share and leverage security intelligence. Cybersecurity mesh architecture creates the foundation for those tools not just to be loosely joined, but to truly integrate together and share data and security analytics to create a holistic view of security intelligence and create the ability to trigger actions in multiple systems.
- How to Implement: Identify opportunities for integration and interoperability within your existing security stack, as well as when evaluating new solutions. Prioritize new security solutions that allow for this interoperability with robust APIs.
Example 2: Decentralized Identities, Access Points and Assets
- The Challenge: As we already discussed, the “traditional” perimeter has become more fragmented and is essentially gone. Many applications and data are no longer in the company-owned data center, and users are accessing cloud-based applications from anywhere. Traditional perimeter security is no longer an effective form of controlling access.
- The Cybersecurity Mesh Approach: When assets are located everywhere and access can occur from anywhere, identity and context have become the ultimate source of control. Cybersecurity mesh creates a distributed identity fabric that can support identities from multiple places. This can provide capabilities such as directory services, adaptive access, decentralized identity management and identity proofing.
- How to Implement: Move away from VPN access to more controlled zero-trust network access (ZTNA) integrated with an access management tool. Implement multifactor authentication (MFA) with adaptive processes to verify identities.
Example 3: Scattered Access Policy
- The Challenge: Many organizations are adopting a multi-cloud strategy and need a consolidated security approach. According to several studies, organizations tend to consume services from more than one cloud provider. Since every cloud provider supports a different set of access policies, creating a consistent security posture across cloud providers is challenging.
- The Cybersecurity Mesh Approach: Cybersecurity mesh architecture calls for centralized policy management. Traditionally, most security tools make their own decisions; you define policies that are configured within the tools themselves alone — hence, security tools operate within a silo. Cybersecurity mesh uses flexible security tools that split decision-making (the policy) from decision enforcement. A distributed architecture decouples policy enforcement from the assets being protected.
- How to Implement: Centralized policies can be created with consolidated dashboards, which offer complete and comprehensive views of policy across the security ecosystem. This gives your team a greater opportunity to respond quickly and efficiently to security incidents, like users who are outside of policy.
Overall, cybersecurity mesh promotes cohesiveness between all security technologies and creates a “mesh” of security strategies that govern, control and monitor all user access to protect highly sensitive digital assets and identities. The trends in cybercrime are showing a fast-paced and more sophisticated increase in cybersecurity threats. But trending cybersecurity efforts, like mesh, can prepare you for what’s ahead.