Top Cybersecurity Lessons from 2022 for Security Teams – Part 2

Written by

This article continues Infosecurity Magazine’s list of top lessons for cybersecurity teams to take from 2022 into next year and beyond. Part 1 can be viewed here.

Focus on Security Basics Ahead of New Tech Solutions

With the world entering turbulent economic times, it is likely that many businesses will scrutinize their investment in cybersecurity. With this in mind it is imperative to focus on getting the security basics right, such as password and patch management, ahead of adding expensive new tools to the security stack.

Additionally, the increasingly complex technological environment has led to a large volume of new security solutions and approaches, which can bring new problems to IT teams, according to Markus Strauss, head of product management at Runecast.

“By now, the average enterprise organization deploys 10+ security tools. Each being a great fit for their respective use-case but with the developing economic challenges we have seen already in 2022 and the consistent increase in added complexity in environments, it’s time to look at security more holistically and start consolidating solutions into more manageable, efficient and effective solution sets or platforms,” he explained.

“This will ensure the few highly skilled resources available within security teams can focus on the most business impactful tasks instead of having to manage the multitude of tools, reports and dashboards that come with having a large number of point solutions deployed.”

Chris Dobrec, VP of product and industry solutions at Armis, concurred with this assessment, and argued that organizations should focus on utilizing their existing capabilities as effectively as possible ahead of new technology investments.

“Complexity of technology environments continues to grow, vulnerabilities are being disclosed at an unparalleled rate, and attackers are maturing and evolving their capabilities and even business models at scale. For these core reasons, we’ve seen the market move away from large-scale investment in new cyber tools over the course of the last decade towards optimizing the technology stacks already employed. From there, it’s about focusing on people, tools and process, and continually assessing the entire portfolio, its capabilities, as well as capability maturity and efficacy.”

Organizations Must Improve Asset Management to Secure Hybrid Workforces

A major consequence of the shift to hybrid working following the COVID-19 pandemic is the surge in the number of internet-facing assets used across workforces. These include the use of personal laptops and mobiles to access organizations’ systems and data and the growing presence of home smart devices, which are heavily targeted by cyber-criminals.

With hybrid working a reality for many, organizations need a comprehensive strategy to monitor all internet facing assets and take any necessary action to secure these devices.

John Stock, product manager, Outpost24, commented: “The only way CISOs can be sure that they are securing the organization is to have their security teams track and find this information themselves. The growth of simple cloud computing means it’s possible for new Internet-accessible resources to be run up in a matter of minutes by, for example, the marketing or development teams, that grows the infrastructure and/or application outside of the normal IT security processes.”

He added that without strong asset management practices in place, organizations are substantially more vulnerable to attacks.

“After all, an attacker’s entry point is often the server that nobody knew existed, the laptop that runs out of date software, the application that was missing a patch, the port that was left open, or the user account that wasn’t protected with a strong password,” said Stock.

For organizations in which remote working has become a permanent fixture, they must change their security posture from the traditional ‘perimeter’ based approach of protecting corporate buildings, to one that secures every endpoint.

Paul Bischoff, privacy advocate at Comparitech, stated: “Many remote workers are not coming back to the office. More organizations need to adopt policies and services that secure remote devices as well as company data and networks. Mobile device management (MDM) and Secure Access Service Edge (SASE) services can help organizations monitor remote workers and secure their access to company resources."

Social Engineering Attacks Are More Sophisticated Than Ever

Social engineering attacks surged during the COVID-19 pandemic and this method remains highly popular and effective among cyber-criminals in 2022.

A Proofpoint study from February 2022 found that 91% of UK organizations were successfully compromised by an email phishing attack in 2021.

Threat actors are becoming far more sophisticated and personalized in their approach, progressing from sending automated campaigns to surgically targeting individual people. This includes using information on social media profiles to make messages appear legitimate and even building fake profiles.

Business email compromise (BEC) is a particularly lucrative approach, in which scammers impersonate members of the board and c-suite to trick other employees into transferring vast sums.

Erfan Shadabi, cybersecurity expert at comforte AG, commented: “Threat actors can take a silly email about the CEO losing a credit card or needing account credentials and turn that into virtual gold.”

These techniques are increasingly a gateway to launching high-level attacks on organizations, such as ransomware.

Shadabi added: “Threat actors are taking their ability to use social engineering and other forms of trickery to gain access to corporate systems, launch debilitating ransomware software, and watch the target squirm.”

Speaking on the December 2022 episode of the IntoSecurity podcast, Larry Whiteside, CISO at RegScale and founder and chairman, Whiteside Security LLC, discussed the re-emergence of social engineering in the past few years.

“Think about all of the hacks that are coming in via email – it’s all social engineering,” he noted and admitted to being taken aback by how successful these techniques continue to be in the face of improved awareness and education programs.

“The growth in that is surprising because I thought that people had got smarter; we’ve been putting so much effort into cybersecurity awareness training, we have cybersecurity awareness month and we’re talking about these things all the time. And yet people are clicking on malicious emails because they’ve been socially engineered,” he outlined.

Whiteside said that CISOs have to move beyond education, and focus more on implementing strategies like identity access management and zero trust. “We’ve got to look back at some other tactics as it relates to how we protect our end users from themselves,” he explained.

What’s hot on Infosecurity Magazine?