Every year, IT and cybersecurity companies compile a list of their forecasts for the near future. While predictions have a certain allure in the commercial sense, Attivo Networks specialists provide their evidence-based predictions on cyberattacker behaviour, tactics, strategies, and procedures (TTPs).
The 2021 Verizon Data Breach report highlighted that 61 percent of breaches involved credential data. “If there is one thing we can learn from 2021, is that the cyber attackers focus on credentials to expand their reach into their victim’s networks. Take, for example, the Colonial Pipeline incident where fuel shortages resulted from a single compromised password or the Solarwinds breach,” said Ray Kafity, Vice President – Middle East Turkey and Africa (META) at Attivo Networks.
He added, “The focus of the defenders in the coming year would be on technology and solutions that can detect and derail such attacks before they can cause great harm to the organisation.”
Attivo Networks, experts in avoiding identity privilege escalation and identifying lateral movement threats, provided their cyber security predictions for the coming year.
The rise of third-party attacks, the security dangers associated with remote working, and the ongoing evolution of ransomware have all underscored the fact that traditional security solutions are no longer adequate. While conventional identity management solutions such as Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) provide basic identity safeguards, their concentration on authorisation and authentication leaves gaps for attackers to exploit. Enterprises must invest in Identity Detection and Response (IDR) systems that can provide extended exposure visibility and detection related to credential misuse, excess entitlements, privilege escalation, and other typical identity-based attack behaviours in order to fill those gaps.
Ransomware 3.0 is here, and it’s characterised by double extortion, in which cybercriminals encrypt files and release information online in order to severely harm a company’s reputation, earnings, stock price, and other factors. When it comes to guarding against these attacks, there is no longer a one-size-fits-all solution. Stopping ransomware, which has over 300 versions, necessitates a multi-pronged approach that begins with securing Active Directory and privileged credentials. Organizations will not understand how each group functions in 2022, therefore they will need to increase their visibility to exposures and include techniques-based detection methods. Traps, deceptions, and speed bump lures set up along the path will also function as effective deterrents to prevent an attacker from succeeding.
Although AD is an important part of a company’s network architecture, it is inherently vulnerable and notoriously difficult to safeguard. Attackers are well aware of its flaws, and they diligently target AD in order to get more rights, scale their attacks, and encrypt data in bulk for ransom. Active Directory exposures are the #1 reason ransomware assaults continue to succeed, according to Mandiant, a leader in incident response services. Visibility and organisational divides cannot afford for business executives and IT decision-makers to leave risks unattended and vulnerable to attack.
Ransomware expenditures are predicted to reach $265 billion by 2031, according to Cybersecurity Ventures, with a 30 percent year-over-year increase in damage costs over the next ten years. Insurance firms will raise premiums and impose strict security technology requirements as a condition of extending coverage or paying payouts in order to reduce their risk. Due to the fact that Active Directory is a key component of practically every ransomware assault, insurance companies will choose systems that identify in-network lateral movement and credential misuse, seek privilege escalation, and safeguard identity management systems like AD.
Due to supply chain challenges, businesses must order materials months ahead of time, in larger quantities, and from new suppliers. As organisations adapt their purchasing, and maybe standards, to support business operations, the absence of supply will add complexity to new vendor management and qualifications. New supply chain security risks could occur as a result of software, hardware, and logistical security vulnerabilities as a result of this transition.
When it came to their employment, the pandemic had a disproportionately negative impact on women and single parents. With numerous employees leaving their positions in 2021, a skilled IT scarcity, and the looming Great Resignation of 2022, businesses will continue to fight to attract and keep highly trained cybersecurity professionals. Companies that offer competitive benefits and advantages, such as remote working, flexible hours, and subsidised daycare, will win the talent war.
As we approach 2022, one thing is certain: it is not a question of if, but when, attackers will enter Middle Eastern organisations. With the increased emphasis on sophisticated attackers compromising identities, CISOs should look for important features when selecting technology to prevent and detect Active Directory vulnerabilities, threats, and assaults. High visibility for AD vulnerabilities and exposures, as well as detection of live attacks, is among these features.
