While we’re still at the beginning of a new year, so we wanted to take the opportunity to look at the cybersecurity landscape to help businesses prepare for the cybersecurity world of 2021. We’re going to be reviewing what cybersecurity looked like last year, what’s carrying over, and what we think might be coming up and how you can protect yourself. Keep reading to learn more or watch our comprehensive webinar to hear from the experts themselves!
Learning From Recent Cyber Hacks
When looking back at cybersecurity in 2020, the biggest incident that many of us have probably heard is the hacking of SolarWinds. SolarWinds is a large Texas-based enterprise that was stealthily infiltrated by a Russian hacking arm called Cozy Bear. This group initiated a supply chain attack that went undetected for nearly eighteen months and affected some of the biggest companies and organizations worldwide.
SolarWinds worked with 425 of the Fortune 500 companies, the Big 5 accounting firms, the top ten 10 telecommunications companies, hundreds of colleges and universities, and the U.S. military and government. So how did they infiltrate such a large company that surely has cybersecurity measures in place?
The hackers gained access through a monitoring tool called Orion and impacted the updates with a trojan component. Once inside, the attack was dormant for up to a period of two weeks before it began retrieving and executing commands. These commands were able to transfer files, execute files, profile the system, reboot the machine, and disable system services. Through this, the malware was able to masquerade itself as network traffic to stay under the radar and blend in with normal activity.
All in all, the malware was extremely tough to detect because it’s a new form called “teardrop.” This malware loads directly into the memory and leaves no trace on the disk. It’s able to run file replacement commands so that scans don’t find anything missing and use virtual private servers that look normal to trickle traffic out slowly.
This type of advanced persistent threat attack is a really sophisticated long-form attack. To carry this out requires unlimited patience, superior skills, and unlimited funds. Stealth is a huge component at every stage of the attack. The malware was eventually detected (almost out of luck), but it still evaded detection for over a year from the best cybersecurity firms in the world.
So, what does this major cybersecurity hack mean for other businesses? It means you have to be prepared. And being prepared all comes back to the basics. If you look at the initial access in Solar Winds, it comes down to a horrible password. So, note #1: have strong passwords.
Next, develop vulnerability scanning. You should be taking a proactive stance to detect and secure any patches. Also, when you see these types of attacks like SolarWinds, pay attention to the tactics that were used and implement ways to block these tactics in your own systems. Patch management, password management, and monitoring your environment are key basics you need to implement.
Looking Back on 2020
So, we’ve seen what we can learn from a recent large-scale cyber attack, but let’s take a more general look back on 2020.
2020 was the year of remote work and cybersecurity. Working from home caused a big push in companies that realized they needed to ensure their remote workers were secure.
Another big cybersecurity player in 2020? Ransomware. Ransomware did not relent in 2020—if anything, it got worse.
Finally, another big 2020 move was a shift to SaaS applications. The pandemic caused many companies to embrace SaaS applications, which are great! Unfortunately, many operations groups didn’t have the same level of experience with these applications, so they made some mistakes that made the SaaS apps vulnerable to attacks.
Overall, in 2020 the cybercriminals were putting in the extra hours. They were creating new attacks and exploiting existing vulnerabilities. Whether it’s remote work, ransomware, or SaaS, take a minute and determine if these cybersecurity issues need a second look at your organization.
What About New Crimes on the Horizon?
So, what about going forward into 2021? Well, first, it’s going to be a lot more of the same. Remote work will continue to be normal, so protecting home infrastructure is a top priority.
Large Enterprises Dive Into 5G
Another element that’s finally being implemented is 5G. However, it’s mostly only large enterprises that are beginning the experimentation with this highly-talked-about tech.
Cybersecurity Maturity Model Certification
Also coming this year is more of a focus on the Cybersecurity Maturity Model Certification (CMMC). Many companies will be enforcing this certification on contracts, meaning if you’re working in the cybersecurity field, this might be of interest.
Behavioral-Based Detection Models
Last but not least, we think there will be a big push for change detection this year. Companies will be looking to behavioral-based models more than reactive models to ensure their environments are safe.
What About Data Breaches and Prevention?
And finally, let’s talk a little bit about prevention and protection. Many organizations will confirm that their number one worry is a data breach. So, what can you do about this worry?
Well, the first step is one of prevention. And this doesn’t have to be fancy or expensive either. Start with the basics and move up from there. For example, email remains the most common attack vector for criminals. So, if you aren’t already, start regular security awareness training with your employees. And we mean ALL of your employees! From your senior leaders who have the power to move money or provide credentials and access to valuable resources to your lower-level employees that might fall for a phishing scam and let hackers in the back door to your organization. Hone everyone to be aware of potential cyber threats. Other methods of prevention include:
- Multi-Factor Authentication Apps
- Tools such as Acronis and Arctic Wolf
- Spam Filtering
- External Scans
- Updated Software
Many of the listed items don’t require large amounts of time or money. And, if you have a low budget for IT and cybersecurity, consider outsourcing. Outsourcing allows you to work with professionals to create a personalized plan that will offer you exactly what you need at an affordable price.
Finally, let’s assume the worst: a breach has already occurred. What do you need to have in place to get back on your feet?
First, proactive monitoring and creation of logs. If you don’t have logs, you can’t figure out what happened. Then you want to have your logs and environments actively monitored so you can catch attacks quicker.
Next, disaster recovery cloud-based services are a manageable and affordable solution that even small businesses can implement. These services will give you the backups you need to ensure your data is still there even after it’s been compromised.
Incident response planning is another really important step and should include any part of the organization that might be touched by an attack. Incident response planning involves thinking about how you communicate your response. This includes your response to customers, investors, employees, and the public at large. Using this plan, schedule regular drills and exercises so you can refine your plan as well. An unrehearsed plan doesn’t do much.
And a few more simple steps to take:
- Determining roles and responsibilities
- Collecting contact info for everyone
- Post-detection analysis
- Eradication and recovery
- Communication and notifications
In the end, cybersecurity is an ever-changing landscape and always deserves time and attention to keep your business safe. Here are a few top priorities in the cybersecurity realm that are continuing from last year or building momentum this year. See if your organization would stand up to these types of threats.