With cyber-attacks only predicted to surge, CISOs need to come up with the necessary measures to secure their infrastructure. They need to adopt better cybersecurity practices in 2022.
The cyber-attacks in 2020 and 2021 have grown at an unprecedented rate. With organizations forced to accelerate their digital transformation initiatives to maintain their survival, they neglected to take the necessary precautions to secure their infrastructure. This has resulted in many of them becoming the victims of advanced cyber-attacks. While many of them were able to emerge from their compromised situations, some were forced to permanently close their shops.
To not become another victim or fall prey to another cyber-attack, it is wise for organizations to start taking necessary steps to secure their infrastructure. While it may not necessarily help them to prevent an attack, it will most likely help them to prevent it.
Here are three cybersecurity practices that CISOs need to adapt to protect their infrastructure in 2022 and beyond:
Secure the remote workforce
“I humbly predict the renaissance of war driving in 2022, ”
says Dan Rheault, Product Manager, Security Solution, at security policy management company Tufin. “This, for those who have too soon forgotten, is the act of drive-by wireless access point exploitation, potentially complemented by men-in-the-middle attacks for more targeted efforts,” adds Dan Rheault.
“With many companies honoring their prior decision to enable employees to work from home, a new problem has arisen. Now, their employees’ at-home networking gear has in essence become an extension of their corporate network. The lofty priced suburbs are now the most diverse and vulnerable demographics for attackers, – and now the corporate network is only as secure as their employee’s discretion to update their router’s firmware (which they haven’t done since they paid someone to configure it years ago).
While the legal gray areas are there and will be sorted out in the years to come, the reality is that companies need to treat employees’ home networks and equipment as their own, and secure it as such, as attacks that damage the business could happen while the details are being fully worked out.
If attackers are able to compromise home networks of high-ranking employees, there is little to prevent escalation as the attack happens outside the grounds of the business and in many cases, outside of the security team’s typical purview. That purview needs to be updated for the modern remote and hybrid work era,” says Dan Rheault.
Assess third-party vendors
According to a recent report, 51% of organizations have experienced a breach caused by third party vendors. “Companies are only as secure as their least secure vendor or partner,” ”
says Mike O’Malley, SVP of SenecaGlobal. He adds, “In the first half of 2021, we witnessed serious blows to enterprise security as companies like Colonial Pipeline, Solar Winds, and JBS suffered sophisticated cyber-attacks that shut down supply chains and impacted multiple government departments.”
“I predict that in 2022, there will be a renewed focus on safeguarding third-party and ecosystem vulnerabilities. As more organizations shift their operations to the cloud, some are not as focused on third-party access risk and, as a result, expose their networks. This year organizations will reprioritize third-party remote access and be more discriminating to pick the “right” cloud provider to ensure their long-term success. As many businesses continue to outsource critical business processes to third-parties, I foresee that they will do a better job of assessing their third-party partners’ security and privacy practices before granting them access to sensitive and confidential information,” says Mike O’Malley.
Securing the 5G network
“In the world of carriers, several predictions paint a picture for 2022, says Shai Haim, Security Product Marketing Manager at Radware. “For starters, some of the same attack trends we saw in 2021 will continue into next year. Expect to see a greater number of more sophisticated, higher intensity attacks at lower volumes. But don’t be fooled by lower volumes. Phantom floods – the relatively low volumetric floods that fly under the radar, especially in high bandwidth networks – can be equally as disruptive and damaging as the higher volumetric attacks that make news headlines. To detect and mitigate this new generation of attacks, carriers will need to use more automated, granular, and dynamic security solutions,” adds Shai Haim.
“This whole scenario will be further complicated as 5G continues to ramp. We already feel the anticipation across our carrier base. In 2022, expect 5G to deliver much beyond 4G. Low latency services’ new “buds” will emerge and catch on. There will be more movement to the cloud, more edge access points, more mobile services, and smarter IoTs. To secure this new world order, carriers will need to protect their service regardless of location, platform, or deployment. They’ll have to go into the cloud and out to the edge without friction, without latency and without interruption to the user experience,” adds Shai Haim.
For more such updates follow us on Google News ITsecuritywire News