Ransomware and Cloud Security
Vectra sees conventional approaches at the end
Every year, the world of cyber security faces new challenges and obstacles that companies have to overcome, but 2021 was an exceptionally dangerous year. Ransomware, in particular, has been a constant topic in the industry after a series of high-profile incidents that have affected companies such as Kaseya and institutions such as the Irish Health Service. In addition, the ransomware attack on JBS was a clear reminder of the possible severity of attacks on the supply chain. The constant shift to hybrid forms of work and the rapid introduction of the cloud have meant that companies have had to reassess their security infrastructure to ensure that employees at remote locations are fully protected.
Andreas Riepen, Head of Central & Eastern Europe at Vectra AI , names four areas of cybersecurity that will evolve in 2022:
Andreas Riepen, Head of Central & Eastern Europe (CEE) at Vectra AI
Cloud security will come under increasing pressure
First of all, ransomware will shift to the exfiltration and encryption of cloud data. So far, this has already been the case with attacks on third-party processors of data, as recently with the extortion of data from members of the Labor Party. 2022 will be the year when data located on the corporate side of the “shared responsibility” model will be directly attacked by one or more ransomware groups.
Proactive measures to minimize ransomware attacks
What about the defense against ransomware? The high-profile dismantling of ransomware gangs and the increased formal supervision of information security due to the frequency of ransomware attacks will increase. However, it is also to be expected that many public institutions are insufficiently prepared for this threat. Finally, we will see a relative decrease in ransomware consequences compared to the consequences of data loss or data exfiltration, as human-powered ransomware is detected and stopped before it spreads.
Growing demand from companies for Managed Detection & Response Services and Automation
Apart from ransomware, the volume of managed security services will continue to increase. A significant number of companies will compensate for the shortage of skilled workers through automation, orchestration and AI to improve analytics. Companies will realize that outsourcing the business context to an external company will be extraordinarily difficult. It will be seen that some well-equipped and supported internal resources can be more effective than an army of external resources.
Increased use of AI to combat the criminal use of MFA
The last area that companies should focus on is multi-factor authentication (MFA). MFA is enforced by some of the big tech giants like Microsoft and Google. In large part, this is due to the fact that attackers continue to successfully steal credentials, bypassing basic authentication. Although MFA is generally important, criminals continue to prove that this is not enough to keep them away. In some cases, they even use bots to bypass the MFA, and this will continue to be a difficult struggle for companies. Therefore, more and more companies will turn to AI-driven security tools to stop attacks that pass by the MFA.
As the year 2022 brings a number of security-related hurdles, it is important that companies are one step ahead of the game. You should make sure that you have the best possible protection against potential threats. To achieve this, companies should implement a recognition and response strategy. As a rule, combinations of AI and machine learning (ML) are used to look for overlaps between authorized but suspicious activities and the behaviors that an attacker will exhibit in the context of an evolving attack. Companies should assume that they have been compromised and actively look for the signs. Only then will you be in a much better position to detect all types of attacks in time and stop them before they develop into more massive security incidents.