Sunday, November 3, 2024

The Next Great Cyber Threat In 2025: Interconnectivity

 


It is hard to believe that that there are only now two months left in this year.   But now as we approach December, this is the time now that many Cybersecurity pundits start to predict what they think the big threat variants will be for 2025. 

I usually hold off on making my predictions, until closer to the New Year.  But in this blog, I will give you a blatant hint as to what I think of the big issues will be for next year: the level of interconnectivity that exists in the world today.

One of the side effects of this are what is known as the “Supply Chain Attacks”.  I have written about this before, but to refresh your memory, it can be technically defined as follows:

A supply chain attack uses third-party tools or services — collectively referred to as a ‘supply chain’ — to infiltrate a target’s system or network. These attacks are sometimes called “value-chain attacks” or “third-party attacks.”

(SOURCE:  What is a supply chain attack? | Cloudflare)

And as the definition points out, it is typically a mechanism that is used by a third-party supplier that is in turn used by the Cyberattacker in which to infect thousands of endpoints.  The best examples of these are the Solar Winds and CrowdStrike hacks. 

They have many customers obviously, and of course they cannot update each of one their systems individually, it would simply take way too long. 

So instead, both companies have created specialized platforms in which updates can be sent to all the customers in just one shot.  Solar Winds calls theirs “Orion”, and CrowdStrike calls their “Falcon”. 

While is an efficient process, the problem here is that if there is just one weakness in them, the Cyberattacker can easily insert a malicious payload through that point of entry, and from there it will be deployed all over the world in just a matter of minutes.

Yes, this is a very scary situation.  But it is also important to put things in some perspective.  Of course, both companies should have kept checking their respective platforms. The truth of the matter is, both situations simply illustrate just how fragile the infrastructure of the world has become. 

And this is all due to the elevated level of connectivity that everything has with each other.  But as we advance further in technology, especially with that of Generative AI, this level of connectivity is only going to expand, and in manner of speaking, get worse.

The bottom line is that this is simply increasing the attack surface.  This can be easily compared with the defense perimeter a company has.  For instance, if they have too many network security devices from many different vendors, then of course their level of attack surface will be that much more proliferated.

So now you may very well be asking at this point, how can you avoid this situation happening to your business?  Well, the bottom line is that we are all at risk from being impacted by a security breach.  The key takes away here is how to mitigate or reduce that level of risk.  Here are some tips for you:

1)     Conduct a Risk Assessment:

Let us use the example I just set up.  If you know that you have too many network security tools, take inventory of what exactly you all have.  From there, create a visualization of where they are all located at.  If they are scattered all over the place, then try to consolidate them down, and place them strategically, as where they are needed.  For instance, instead of using ten firewalls, try to condense that down to five or fewer.  Another key point to remember here is to try to procure any future security tools that you may acquire through just one or two vendors at most. 

2)     Test the patches:

If your business relies upon someone like Solar Winds or CrowdStrike, do not have them deployed automatically into your production environment!!!  Instead, get the patches, and test them in a sandbox like environment first, to make sure that they will work with the systems that you already have in place.  Also, this will give you some extra time in case the vendors notice that there is even flaw with the updates that they have sent over to you.  This will help you avoid what is known as a “Zero Day Attack.”.

3)     Deploy the Zero Trust Framework:

This is a methodology where you segment your entire IT/Network Infrastructure into different “zones”, with each one of them making use of Multifactor Authentication (MFA).  The basic idea of this is that if the Cyberattacker breaks through one line of defense, the odds of them going deeper becomes statistically zero.

4)     Have the IR Plan:

This is an acronym that stands for “Incident Response”.  Having this kind of plan in place, and regularly practicing it is of utmost importance.  This kind of document will allow you and your IT Security team to respond to and contain a security breach quickly.

5)     Use EDR solutions:

This is also an acronym that stands for “Endpoint Detection and Response”.  These are solutions that are typically deployed on the devices that your employees use to conduct their daily job tasks, whether they are remote or hybrid.  They can be used to monitor and contain any threat variants that are incoming into these devices.

So, there you have it, my first prediction of what the Cyber Threat Landscape could look like in 2025.  Stay tuned for more of them.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...