Most business ventures rely on lessons learned to improve outcomes. They analyze what they did right or wrong to fill gaps and adapt strategies is often a barometer of future success. The cybersecurity industry needs to follow this heuristic model. In 2021 we are already facing a variety of cyber-attacks and look to lessons learned to close cyber vulnerabilities. Three trends to focus on include 1) the expanding cyber-attack surface (remote work, IoT supply chain), 2) Ransomware as a cyber weapon of choice, 3) threats to critical infrastructure via ICS, OT/IT cyber-threat convergence.
1) Expanding Cyber-Attack Surface (Remote Work, IoT, Supply Chain)
According to cybersecurity ventures, The world will store 200 zettabytes of data by 2025, according to Cybersecurity Ventures. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices. The World Will Store 200 Zettabytes Of Data By 2025 (cybersecurityventures.com)
There are several factors that have led to the Malthusian expansion of the global cyber-attack surface. These influences include digital transformation and the commercial model of more people doing business over the internet. We have moved into the early stages of the Fourth Industrial Revolution that is highlighted by digital interactions and the meshing of machine and human. Our way of life is increasingly online.
The digital transformation was rapidly pushed by Covid19 and the need to move individuals working in offices to working remotely from their homes. That led to essentially millions of connected offices. It is estimated that nearly half the U.S. labor force is working from home, and that it is greater in many other countries due to lockdowns. Home offices are not as protected as the fortified office sites that have more secure firewalls, routers, and access management run by Its security teams. Remote work has created new opportunities for hackers to exploit vulnerable employee devices and networks. Dorit Dor, vice president of products, Check Point Software elaborated on how the digital transformation. “Businesses globally surprised themselves with the speed of their digital initiatives in 2020: it’s estimated that digital transformation was advanced by up to seven years. But at the same time, threat actors and cyber criminals also changed their tactics so that they could take advantage of these changes, and the pandemic’s disruption, with surges in attacks across all sectors.” Check Point Software´s Security Report Reveals Extent of Global Cyber Pandemic, and Shows How Organizations Can Develop Immunity in 2021 | Nasdaq
Also, the reality of the Internet of Things has completely changed the dynamics and the size of the expanding cyber attack surface. With an estimated 50 billion connected devices and trillions of sensors working among those devices, hackers have a multitude of options to breach cyber-defense and exfiltrate data. “By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average and that also amounts to trillions of sensors connecting and interacting on these devices. State of the IoT 2020: 12 billion IoT connections (iot-analytics.com). According to The McKinsey Global Institute, 127 new devices connect to the internet every second.
The 2021 Director of National Intelligence (DNI) report estimates that IoT will reach 64 billion objects all monitored in real time. ” Looking forward, a hyperconnected world could support up to 1 million devices per square kilometer with next generation cell phone systems (5G), compared with the 60,000 devices currently possible with current cell networks, with even faster networks on the horizon.” Office of the Director of National Intelligence – Global Trends (dni.gov)
The Internet of Things (IoT) is related to supply chain vulnerabilities. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices. Supply chain cyber-attacks can be perpetrated from nation state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain. This is often done through taking advantage of poor security practices of suppliers, embedding compromised (or counterfeit) hardware and software, or from insider threats within networks. Please see my FORBES article: Cybersecurity Threats: The Daunting Challenge of Securing the Internet Of Things Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things (forbes.com)
Protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices.” One way to address the expanding attack surface is to use an automation tool chest can now utilize horizon scanning technologies, analytics, audits, incident alert tools, diagnostics, and even self-repairing software. Artificial intelligence and machine learning technologies can also provide for more efficient decision making by prioritizing and acting on threats, especially across larger networks with many users and variables.
Ransomware as a Cyber Weapon of Choice
Ransomware has been around for almost two decades and has grown in popularity because it can more easily bring financial rewards to hackers. It is estimated that there are now 124 separate families of ransomware and hackers have become very adept at hiding malicious code. Success for hackers does not always depend on using the newest and most sophisticated malware. It is relatively easy for a hacker to do. In most cases, they rely on the most opportune target of vulnerability, especially with the ease of online attacks.
Last year, ransomware made up nearly a quarter of the incident-response engagements for IBM Security’s X-Force threat intelligence group. Fifty-nine percent of the ransomware incidents involved cybercriminals exfiltrating, before encrypting, the data — so-called “double-extortion” attacks. Ransomware, Phishing Will Remain Primary Risks in 2021 (darkreading.com)
The reason is that ransomware became a weapon of choice for hackers in the COVID-19 induced digital landscape. The transformation of so many companies operating is a mostly digital mode had created more targets for extortion. According to a research study by Deep Instinct, ransomware increased by 435% in 2020 as compared with 2019. And the average ransomware payout has grown to nearly $234,000 per event, according to cybersecurity firm Coveware. Malware increased by 358% in 2020 – Help Net Security
The trend in 2021 is that criminal hacker groups are becoming more sophisticated in their phishing exploits with use of machine learning and more coordinated sharing on the dark web and dark web forums. Hackers are also able to get paid via cryptocurrencies that can be difficult to trace making ransomware more a priority in their exploit toolchests. With the advent of cryptocurrencies in ransomware, it became a profit motive for a lot of the criminal enterprises. They replaced brick and mortar crime with digital crime.
The estimated cost of ransomware was $20 billion in 2020, a rise from $11.5 billion in 2019 and $8 billion in 2018. That trend will continue to grow. 22 Popular Types of Cyber Attacks in 2021 – CyberExperts.com The likely impact for the near-term future is that there will be more ransomware attacks against institutions and corporations who are less cyber secure and cannot afford to have operations impeded such as health care, state & local governments, and educational institutions.
Preventing ransomware requires cybersecurity awareness and preparation based on anti-malware programs, secure passwords, updating patches and having secure routers, VPNs, and Wi-Fi. Most important of all do not fall for the Phish and be sure to back up sensitive data.
Threats Against Critical Infrastructure; ICS, OT/IT Cyber-Threat Convergence
The 2020 World Economic Forum’s Global Risks Report listed cyberattacks on critical infrastructure (CI) as a top concern. WEF noted that “attacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation.” The Global Risks Report 2020 | World Economic Forum (weforum.org)
Dragos Inc. “Year in Review 2020” report of industrial control systems (ICS) and operational technology (OT) cyberthreats, vulnerabilities, assessments and incident response insights determined that threats have increased threefold in the past year. Dragos: ICS security threats grew threefold in 2020on February 24, 2021 at 12:00 am SearchSecurity (itsecurity.org)
The threats are growing along with the attack surfaces associated with CI. The types of cyber threats include phishing scams, bots, ransomware, and malware and exploiting software holes. The global threat actors are many including terrorists, criminals, hackers, organized crime, malicious individuals, and, in some cases, adversarial nation states. Hackers often seek out unsecured ports and systems on industrial systems connected to the internet. IT/OT/ICS supply chains in CI can be particularly vulnerable as they cross pollinate and offer attackers many points of entry and older Legacy OT systems were not designed to protect against cyber-attacks.
In the U.S., most of the critical infrastructure, including defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking, and finance, is owned by the private sector (about 85 percent) and regulated by the public sector. The energy sector stands out as being particularly vulnerable. This ecosystem of insecurity includes power plants, utilities, nuclear plants, and The Grid. A reason for why the sector has become more vulnerable is that hackers have gained a deeper knowledge of control systems and how they can be attacked and can employ weaponized malware against power stations and other energy related CI assets.
The recent Solar Winds Cyber-attack can also be viewed as a wake-up call for interactive nature of OT/IT infrastructures. According to Grant Geyer, chief product officer of Claroty. the advanced capabilities and backdoors in use by the attack “should put any organization that includes nation-state actors as part of their threat mode on alert, including critical infrastructure, industrial control systems (ICS) and SCADA operators.” SolarWinds: Why OT should worry (controlglobal.com)
Protecting critical Industrial Control Systems (ICS), Operational Technology (OT), and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. The explosion of connected devices comprising the Internet of Things and The Internet of Industrial Things is challenging. The trends of integration of hardware and software combined with growing networked sensors are redefining the surface attack opportunities for hackers across all digital infrastructures.
To help ameliorate threats, critical infrastructure operators should apply a comprehensive risk framework to implement to address vulnerabilities to OT/IT convergence including “security by design”, defense in depth, and zero trust to counter cyber threats. It is especially important for the public and private sectors to coordinate and apply and enforce industry security protocols, especially related to Supervisory Control and Data Acquisition (SCADA). The Internet was not built for security at its inception; it was built for connectivity. Following industry and government protocols derived from lessons learned is essential for protecting vital infrastructure.
Other mitigation efforts can be done by employing new technologies that monitor, alert, and analyze activities in the network. Emerging technologies such as artificial intelligence and machine learning tools can help provide visibility and predictive analytics. It is also good to have diversification and multiple sourcing for suppliers in the event of a breach. Preparation and redundancy are advantageous in crisis scenarios. But like most issues in cybersecurity, it comes down to people, vigilant processes, and technologies coupled with risk factors constantly being reviewed.
Of course, there are many other compelling trends and threats to the cybersecurity ecosystem. More to cover in future articles. I have highlighted the more immediate trends of the expanding cyber-attack surface remote work, IoT supply chain, ransomware as a cyber weapon of choice and threats to critical infrastructure via ICS, OT/IT cyber-threat convergence. The most important tasks based on analyzing trends is to be have a mitigation strategy, be vigilant, try to fill gaps, and learn from lessons of the recent cyber-breaches.
Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020 Onalytica “Who’s Who in Cybersecurity” – as one of the top Influencers for cybersecurity issues. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic. Recently, Chuck briefed the G-20 Energy Conference on operating systems cybersecurity. He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. Chuck is Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.