By KAM

In honor of cybersecurity awareness month, here’s my choice for eight threats and emerging trends in cybersecurity that are worthy of putting on your radar.

#1 – Cybersecurity Insurance Claims are Growing

For example, Canadian Insurers report 2019 had a 39% rise and 2020 had a 105% rise in claims and I predict 2021 will continue that meteoric trend. In fact, after you’ve read my threats and trends, this CNN article with the same statistic will be an interesting read for their trends.

#2 Breach Fatigue is Growing

Breach Fatigue should be an entry in the Oxford Dictionary this year. People are plain tired of hearing about breaches and have become numb to hearing about it. How big does a breach have to be to make the news headlines anymore?

#3 More Attacks on Operational Technology (OT)

Many people are familiar with computers and Information Technology (IT) but far less people are aware of the risks and attacks on Operational Technology (OT).

Mark Rorabaugh, a critical infrastructure cyber expert, defines OT as anything that interacts with the physical world: a garage door opener, a motor operated valve, a smart thermostat, the sluice gate on a dam, and more.

Unfortunately, OT devices traditionally have very poor cybersecurity and present a growing risk as people connect them to IT networks for convenience without fully considering the security risks.

#4 Increased Use of Zero Trust Network Models

In May of this year, U.S. President Biden signed an executive order on Improving the Nation’s Cybersecurity and instructed each agency head to develop a plan to implement Zero Trust Architecture with 60 days.

Zero Trust was invented by John Kindervag while at Forrester and it implements a few key points:

First, by implementing multiple firewalls, it creates micro segments to limit lateral movement by bad actors to fix the key weakness of a perimeter-based firewall.

Second, by defaulting to zero access to resources, it requires an assessment of data toxicity. In other words, if certain data leaked, how toxic would it be? By doing this assessment, you know where your important data is and where your micro segmentation is needed.

Finally, by using a Kipling Tuple for firewall rule building, it can use more data to validate access requests such as location, groups, time of day, etc. The Kipling Tuple is named for a poem by Rudyard Kipling, it refers to the Who, What, Why, When, Where and How:

“I KEEP six honest serving-men
(They taught me all I knew);
Their names are What and Why and When
And How and Where and Who.
I send them over land and sea,
I send them east and west;
But after they have worked for me,
I give them all a rest. …”
Poem Source

The Kipling Tuple is used in Next Generation Firewalls (NGFW) as opposed to a 5-tuple for older TCP/IP Layer 3 Firewalls that use Source IP/Port, Destination IP/Port & Protocol.

Google’s BeyondCorp is an enterprise Zero Trust platform and also part of the move to the cloud which the executive order also requires agencies to “accelerate movement to secure cloud services.”

#5 Phishing is Becoming More “Elegant”

Elegant attacks have nothing to do with hackers wearing formalwear. Rather, elegance is a ratio of the resource utilization required to carry out an attack vs defend against an attack. Bad actors today are definitely leveraging open source intelligence like social media & out of office messages making attacks more elegant.

#6 Paying Ransoms for Cryptoware Attacks is NOT a Valid Plan

For some years now, I have talked about the issues of paying ransoms including but not limited to encouraging more bad actors, opening yourself up to issues with primary & secondary liability, CFIUS concerns, and running afoul of the American Terrorism Act. Most people don’t even know about IC3 forms and getting permission to pay ransoms!

However, not paying a ransom was made much clearer with the Sept 21, 2021 OFAC Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.

Put simply, paying ransoms is problematic at best and should not be a part of your disaster recovery plan. Instead, maintaining both Hot & Cold Backups with periodic restoration and disaster recovery exercises is the absolute best way to protect yourself against cryptoware!

#7 Work From Home Increases Attack Vectors

Working remotely became the new normal for many people during COViD-19. However, as the effects of the pandemic begin to lessen, work from home is here to stay for a lot of workers.

Unfortunately, many people are using home networks with other personal computers on the same network, using older computers, out of date firewalls, unpatched operating systems, outdated antivirus, not making backups, etc. All issues that would traditionally be the responsibility of corporate IT administrators in the workplace. But at home, there is a concern that these issues will increase the attack vectors for bad actors especially as the problems are unlikely to be fixed.

#8 Supply Chain Risk Awareness Growing

In late 2020, a hack of over 100 firms and 9 agencies was caused by a supply chain compromise in SolarWinds’ software. However, experts like Katie Arrington, the CISO for Acquisition & Sustainment at the U.S. Department of Defense (DoD) have long been developing the Cybersecurity Maturity Model Certification (CMMC) with security requirements for all DoD defense industry suppliers and their subcontractors to mitigate supply chain risk.

Additionally, a few weeks ago the U.S. Department of Justice launched a civil cyber fraud initiative that will impose severe fines on government contractors and firms that receive federal funding if they fail to disclose data breaches.

Supply chain risk is complicated. It can involve anything from adversarial threats, unintentional risks, counterfeit products, poor-quality software, and lateral movement using partners as an access vector. Make sure you are aware of and mitigating the risks in your supply chain. Plus talk to your partners and vendors to see how they are handling the risk.