It is hard to
believe that that there are only now two months left in this year. But now as we approach December, this is the time
now that many Cybersecurity pundits start to predict what they think the big
threat variants will be for 2025.
I usually
hold off on making my predictions, until closer to the New Year. But in this blog, I will give you a blatant
hint as to what I think of the big issues will be for next year: the level of
interconnectivity that exists in the world today.
One of the side
effects of this are what is known as the “Supply Chain Attacks”. I have written about this before, but to
refresh your memory, it can be technically defined as follows:
“A supply chain attack uses third-party tools or services
— collectively referred to as a ‘supply chain’ — to infiltrate a target’s
system or network. These attacks are sometimes called “value-chain attacks” or
“third-party attacks.””
(SOURCE: What
is a supply chain attack? | Cloudflare)
And as the definition
points out, it is typically a mechanism that is used by a third-party supplier
that is in turn used by the Cyberattacker in which to infect thousands of endpoints. The best examples of these are the Solar
Winds and CrowdStrike hacks.
They have
many customers obviously, and of course they cannot update each of one their
systems individually, it would simply take way too long.
So instead, both
companies have created specialized platforms in which updates can be sent to all
the customers in just one shot. Solar
Winds calls theirs “Orion”, and CrowdStrike calls their “Falcon”.
While is an
efficient process, the problem here is that if there is just one weakness in
them, the Cyberattacker can easily insert a malicious payload through that
point of entry, and from there it will be deployed all over the world in just a
matter of minutes.
Yes, this is
a very scary situation. But it is also
important to put things in some perspective.
Of course, both companies should have kept checking their respective
platforms. The truth of the matter is, both situations simply illustrate just
how fragile the infrastructure of the world has become.
And this is
all due to the elevated level of connectivity that everything has with each
other. But as we advance further in technology,
especially with that of Generative AI, this level of connectivity is only going
to expand, and in manner of speaking, get worse.
The bottom
line is that this is simply increasing the attack surface. This can be easily compared with the defense
perimeter a company has. For instance,
if they have too many network security devices from many different vendors, then
of course their level of attack surface will be that much more proliferated.
So now you
may very well be asking at this point, how can you avoid this situation happening
to your business? Well, the bottom line
is that we are all at risk from being impacted by a security breach. The key takes away here is how to mitigate
or reduce that level of risk.
Here are some tips for you:
1)
Conduct
a Risk Assessment:
Let
us use the example I just set up. If you
know that you have too many network security tools, take inventory of what
exactly you all have. From there, create
a visualization of where they are all located at. If they are scattered all over the place,
then try to consolidate them down, and place them strategically, as where they
are needed. For instance, instead of
using ten firewalls, try to condense that down to five or fewer. Another key point to remember here is to try
to procure any future security tools that you may acquire through just one or
two vendors at most.
2)
Test
the patches:
If
your business relies upon someone like Solar Winds or CrowdStrike, do
not have them deployed automatically into your production environment!!! Instead, get the patches, and
test them in a sandbox like environment first, to make sure that they will work
with the systems that you already have in place. Also, this will give you some extra time in
case the vendors notice that there is even flaw with the updates that they have
sent over to you. This will help you avoid
what is known as a “Zero Day Attack.”.
3)
Deploy
the Zero Trust Framework:
This
is a methodology where you segment your entire IT/Network Infrastructure into
different “zones”, with each one of them making use of Multifactor
Authentication (MFA). The basic idea of this
is that if the Cyberattacker breaks through one line of defense, the odds of
them going deeper becomes statistically zero.
4)
Have
the IR Plan:
This
is an acronym that stands for “Incident Response”. Having this kind of plan in place, and regularly
practicing it is of utmost importance. This
kind of document will allow you and your IT Security team to respond to and
contain a security breach quickly.
5)
Use
EDR solutions:
This
is also an acronym that stands for “Endpoint Detection and Response”. These are solutions that are typically
deployed on the devices that your employees use to conduct their daily job
tasks, whether they are remote or hybrid.
They can be used to monitor and contain any threat variants that are incoming
into these devices.
So, there you
have it, my first prediction of what the Cyber Threat Landscape could look like
in 2025. Stay tuned for more of them.
