Richard Barretto, CISO, Progress, provides us with an updated list of IT infrastructure security threats and worries technology and business leaders should watch out for in the rest of 2022, as well as specific steps they should take to optimize their network monitoring safety.
2022 has already been rich in attacks, with global financial market moves and geopolitical pressures that have added to the threat burden already felt by organizations across APAC.
The fact that hybrid work – and consequently the shift to the cloud – has become our new normal is adding more pressures, not to mention the growing shortage of skilled security staff in almost every country around the globe.
Hackers are growing in numbers, aggressiveness, organization and sophistication, and the cybercrime landscape is changing at a pace never seen before. It is no longer enough to be across the latest advancements and techniques used by cybercriminals every once in a while. CISOs and security experts now have to stay updated about the latest security threats constantly, knowing that every few months things will change.
Here is an updated list of IT infrastructure security threats and worries technology and business leaders should watch out for in the rest of 2022, as well as specific steps they should take to optimize their network monitoring safety.
Six IT infrastructure security threats to be on alert for
Russian cyberattacks
Even before the invasion of Ukraine, many countries were on high alert for potential attacks from Russian cybercriminals, particularly targeting critical infrastructures and essential services sectors. In the past few months, cybercriminals have taken advantage of more geopolitical chaos to target both nation states and organizations operating in these critical sectors.
Ransomware still on the rise, empowered by AI
Ransomware certainly is not new. What is new is that it’s getting worse, more widespread, increasingly devious and dangerous. Actually, Asia Pacific has ranked the third-highest region globally to be targeted by ransomware. What is truly worrying is that AI is expected to drive even smarter and more insidious ransomware attacks as we look at the next six months.
Attack automation and Fraud-as-a-Service
More attacks are now automated and various attack styles are available for download or even as a service. Some threat actors have started monetizing their fraudulent exploits by turning them into a cloud service that cybercriminals can simply subscribe to. These can even include AI-style features such as voice bots which impersonate businesses and embark on social engineering exploits in robotic fashion.
Organizations and workers attack surface is growing as networks expand
As organizations’ networks expand and applications and devices increase, pushed by the rise in hybrid work policies, the attack surface likewise grows. The Internet of Things, cloud applications, digital supply chains, open-source code, and even social media are bringing organizations’ attack surfaces outside of a set of controllable assets.
More people are now security decision makers, leading to a radical decentralization of security-based decision making
In an attempt to bring more digital assets under control, we’re seeing specific departments take control over their IT, and by extension security decisions. These decisions are often carried out without any consultation with IT departments, leading to a growing decentralization of security-based decision making. This prompts a change in the role of the CISO to a higher level and more strategic posts, as well as a need to better align the organization’s cybersecurity posture and strategy.
Hybrid work a hacker field day
Hybrid work has really created a whole new realm of threats and challenges for CISOs and security experts alike. Many of the remote or hybrid devices are still unknown and not managed by the IT department and connect to the organizations from outside of the network. This not only expands the attack surface – and makes attacks such as phishing more prevalent – but many of these devices and the networks they use to connect have little or no protection. This will be a major challenge for organizations to solve in the second half of 2022.
Five steps to optimize IT infrastructure monitoring safety
Deciding what to monitor
Monitoring every single element of the IT infrastructure in depth would turn into an unwieldy endeavour; every CISO has to pick their battle. Priority should be put firstly on the capture of status information about current network devices such as routers and switches as well as critical network servers, and secondly ensure that essential services such as email, website and file transfer services are consistently available.
Embracing the complexity
The rise of cloud, multi-cloud and now hybrid work has made enterprise networks very complex to untangle. But instead of fearing this complexity, CISOs might rather learn how to embrace and master it, just because things will only get more complex from here.
Understanding the composition and complexity of the organization’s network, and having the capacity to be informed of how all the individual elements are performing at any given time is a key success factor in maintaining the performance and integrity of the network.
Navigating alert storms
Not understanding dependencies can lead to an aggravating condition called alert storms where alarms sent are not false, but rather unnecessary. Either the network monitoring solution or disparate monitoring tools are set to send alarms and alerts when there’s a problem with that particular component. IT needs to know which component is actually the problem and not be sidetracked by all the dependent component’s calls for help.
Depending on dependencies
Network monitoring must be dependency-aware. Not only do IT teams need to see all the network devices and services and how they interconnect, they should be able to analyze these automatically. Now, instead of that vexing alarm storm, IT is only alerted to the device that is actually at fault.
Consolidating around a central tool
Many organizations today rely on a myriad of tools to monitor their network devices. The solution to optimize network monitoring isn’t necessarily to throw away these tools, but rather not to depend upon them for things that a centralized network monitoring can more easily and effectively provide. CISOs should aim to build a consolidated view of their entire network infrastructure, with a holistic view that creates broad and deep visibility that can’t be matched by an array of disparate monitoring solutions.
With the cybercrime landscape moving so fast, CISO’s key word for the rest of the year needs to be preparedness. If you’ve been through the steps to prepare, and you practise regularly, then you can adapt and respond way quicker each time a threat, or a change happens. That’s really what creates resilience.