Defense-in-depth strategy can help organizations counter surging levels of cybercrime.
Although exact figures won’t be tallied for another couple of months, most security analysts expect 2021 to rank as perhaps the worst year ever for cybercrime. With data breaches, ransomware attacks, phishing scams and malware infections all increasing at a record pace, global damages from cybercrime are expected to reach more than $6 trillion by the end of the year — six times more than in 2020.
Don’t expect cybercriminals to take a vacation in 2022.
“The sophistication and scale of cyberattacks will continue to break records, and we can expect a huge increase in the number of ransomware and mobile attacks,” said Maya Horowitz, VP of Research at Check Point Software. “Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent — without disrupting the normal business flow — the majority of attacks, including the most advanced ones.”
The Expanding Attack Surface
The changing nature of network computing plays a significant role in the worsening threat landscape. Cloud, edge and mobile computing, along with remote work and the Internet of Things, have effectively erased the traditional network perimeter. With a far more distributed computing environment, organizations today must support a greater variety of technologies in many different places — which, of course, means they must contend with a greatly expanded attack surface.
Ransomware, phishing and identity theft will likely remain the most common forms of attacks in the coming year, and analysts predict increasing levels of supply-chain attacks and state-sponsored attacks on critical infrastructure. Mobile malware attacks, social engineering and cryptocurrency scams are also likely to increase.
There’s a tendency to respond to increasing threats by buying and deploying new security tools. That is not always the ideal strategy, however. Research suggests that an overabundance of tools may actually compromise security by increasing complexity. In a recent IDG survey of security professionals, 85 percent said they are adding security technologies faster than they can productively use them, and 71 percent said the increasing amount of time they spend managing tools inhibits their ability to defend against threats.
The better approach may be to shrink the security software stack by eliminating tools that are underutilized or aren’t producing expected results. This can reduce complexity and enable a stronger focus on creating a multi-layered defense composed of tried-and-true solutions that work together to block threats.
With multi-layered defenses, an attack that defeats one security mechanism can still be thwarted by other measures. One effective strategy is to focus on building security into each of the OSI’s seven layers of cybersecurity. Here are some layer-by-layer suggestions:
Human Layer. Most data breaches are caused by human error. Phishing attacks, poor password practices and lost devices are among the leading causes. Consistent training and education programs reinforce the need for employee diligence. Training should include instruction on phishing awareness, good password and email habits, and how to spot the latest scams and threats.
Perimeter Layer. Perimeter security begins with a robust firewall solution that can prevent much malicious traffic from ever reaching the network. The firewall is also where much of the layered security integration takes place. Along with deep packet inspection capabilities, next-generation firewalls include antivirus, web filtering, Secure Sockets Layer (SSL) and Secure Shell (SSH) inspection, and reputation-based malware detection.
Network Layer. Network access control (NAC) solutions help organizations manage and control which users and devices can access corporate networks based on policies, including endpoint configuration, authentication and user identity. NAC policies should be based on “least-privilege” access principles that only allow users to access the systems and resources they need to do their jobs.
Endpoint Layer. Endpoint protection platforms (EPPs) provide an important first line of defense for endpoints by integrating antivirus, anti-malware, intrusion prevention, data encryption and personal firewalls to detect and block threats. Endpoint detection and response (EDR) solutions go further, using advanced behavioral analysis and machine learning to identify suspicious files. Data loss prevention (DLP) solutions monitor endpoints and other network entry and exit points, alerting administrators when the sharing or transfer of data violates company policies.
Application Layer. Application security measures prevent data or code within the app from being stolen or hijacked. Regular penetration tests and threat assessments provide visibility into any vulnerabilities, and regular patching and updates help ensure that any known security problems are fixed.
Data Layer. Encryption is the No. 1 measure for protecting critical data assets. Other essential data protection solutions include regular backups, two-factor authentication, enterprise rights management, and policies that ensure data is wiped from devices that are no longer being used or that are being sent to another employee for use.
Mission-Critical Assets. These are an organization’s “crown jewels” — anything that would cause a major business disruption if compromised, including operating systems, financial records, contracts and cloud assets. Protecting these assets will require access management, encryption, network segmentation and a well-designed and tested business continuity plan.
