Cyber CEO: Cybersecurity in 2021 – What We’ve Learned So Far

July 29, 2021

Halfway through 2021 and it's been a year unlike any other in cybersecurity ! While the world transitions out of the pandemic, cyber adversaries have continued to take advantage of the chaos - cyber attacks have skyrocketed and are only becoming more frequent, destructive, and sophisticated. It seems every time we turn on the news there's been another breach, each bigger than the last.

I know what you're thinking - it's hard not to feel overwhelmed by the current cybersecurity landscape. But in spite of it all, the cybersecurity industry and the professionals within it continue to step up and tirelessly work to protect organizations against cyber threats. For every attack we hear about on the news, there are a hundred more that were prevented or detected and responded to by the cyber heroes behind the scenes. I've always believed that the best way to build a strong cybersecurity program is to utilize all the data. This means learning from the successes and the failures and using those learnings to enhance security measures, standards, and technology.

As we dive into the second half of 2021, it seems like a good time to reflect on the cybersecurity trends in 2021 and the key takeaways from what we've learned so far.

The Rise of Ransomware

I never thought I'd live to see the day where ransomware was a common household term. You know it's getting bad when your great aunt calls to chat about the increase in ransomware and what it means for our nation's security ! Unfortunately, this notoriety is a result of an unsettling amount of the most damaging ransomware breaches in recent history - all occurring in the past year alone.

Ransomware - the hacker's current cyber weapon of choice

Ransomware has become the weapon of choice for many threat actors. It's a lucrative cyber attack option and can be delivered in various ways. On top of this, the consequences of rapid digital transformation due to the COVID-19 Pandemic created the perfect storm for successful ransomware attacks. Threat actors have developed social engineering approaches that leverage the uncertainty and chaos of the pandemic in order to deliver their malicious software. They will often target vulnerabilities resulting from remote work environments, supply chain access that wasn't properly secured, and even distracting events like the 4th of July long weekend - as we saw with recent ransomware attacks including the Kaseya breach.

Your People are Your First Line of Defense

When it comes to ransomware, the most up-to-date cybersecurity technology or regimented program doesn't make an organization immune to an attack. The first line of your enterprise's defense is your people! Operating with a team of individuals who are cybersecurity savvy is one of the best tools for cyber risk management. Cybersecurity programs that educate your entire team on general information security tactics - including recognizing and addressing phishing scams - are essential.

Ransomeware-as-a-Service

The frequency of ransomware isn't the only thing on the rise. Ransomware-as-a-Service (RaaS) has emerged as a result of increasingly sophisticated phishing methods, coordinated sharing of leaked data, and a growing dark web community. Some of the largest data breaches in the past year have been carried out by RaaS providers REvil and Darkside.

Along with this, the cost of ransomware breaches continues to rise. The HG Threat Team recently released a report on the State of Ransomware in 2021. In it, they found that the average cost of recovery and ransom associated with a ransomware attack has been 2 times more than the 2020 average global ransom demand !

 

Cybersecurity - A National Security Priority

Critical infrastructure has been a hot target for cyber breaches in 2021. The attacks on Colonial Pipeline, JBS, and Kaseya have brought cybersecurity into the spotlight as a top priority for the United States government. In the U.S., critical infrastructure often relies on a mix of operational technology, information technology, and industrial control systems. This leaves many organizations particularly susceptible to data breaches because of the diverse range and large amount of entry points that are at risk of unauthorized access. The increase in connected devices comprising the Internet of Things and The Internet of Industrial Things is creating a major national information security challenge.

The Need for Cybersecurity Recognized at a Federal Level

The 2020 World Economic Forum listed cyber attacks on critical infrastructure as a top concern in the Global Risks Report, stating that “attacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation.” With threats against critical infrastructure like industrial control systems and operational technology tripling in the past year, it's no wonder the Biden Administration has recognized cybersecurity as a top national security priority. In May, Biden introduced the American Jobs Plan, an executive order focusing on strengthening U.S. cybersecurity capabilities and resources. The $2 trillion plan focuses mostly on critical infrastructure including billions of dollars dedicated to developing an improved baseline cybersecurity standard across both industry and government.

Taking Critical Infrastructure Cybersecurity to the Next Level

This newfound focus on cybersecurity at the federal level is a long overdue and welcome development, but I believe it's just the start of what needs to be done. The executive order is mostly focused on federal infrastructure security. This leaves private sector infrastructure vulnerable - a significant issue as much of the United States' critical infrastructure is privately owned. As we move forward it will be key to take a less siloed approach and nurture collaborative cybersecurity between the public and private sectors.

Another component that will be crucial is educational programming to address the growing cybersecurity skills gap - both for the private sector and for all levels of government. Understanding the complexities of both cyber threats and technologies is no small feat ! But without that understanding, business and government leaders alike are ill-equipped to deal with the cyber threats we have been experiencing and that we predict in the years to come. The solution is two-fold - first, we need to develop accessible programs to provide proper training and start filling the cybersecurity skills gap. Second, we need to increase cybersecurity awareness and education beyond those in technical roles so it is widely understood that while it may vary at differing levels, cybersecurity is everyone's responsibility.

Finally, we need to learn from our mistakes. The protocols and programs that should be introduced as we work toward a more cybersecurity savvy world should be based on lessons learned. Threat intelligence is one of our greatest advantages and should be used as such! At Herjavec Group, we don't consider a case to be closed when a cyber incident has been resolved. The post-incident forensic analysis is the most important piece of the incident response journey. This is where we learn how the threat actors entered the network, why they were able to access sensitive data, and what we could and should do differently to avoid this kind of breach in the future. We then implement these learnings into all future detection and response, strengthening our cybersecurity programs. Taking this data-driven approach to information security will ensure the momentous cyber attacks we witnessed this year will be built upon and serve as lessons to do better as we move forward.

 

Cybersecurity is No Longer an Option

At the beginning of 2021, Herjave Group released the annual Cybersecurity Conversations for the C-Suite Report. In it, I spoke frankly about the fact that continuous improvement in cybersecurity is not an option. Having witnessed the unprecedented year in cyber so far, I would take that statement one step further to say - cybersecurity is simply no longer an option.

All too often we hear the sentiments - "Why would cyber attackers target us when they could go for bigger, more lucrative companies?" or "The chances of it happening to us is so small!" If we've learned anything from this year, it's that your enterprise's size, industry, or location don't change the fact that if you are connected to an online network in any capacity, you are at risk of a cyber attack.

The Growing Attack Surface

We all know about the rapid digital transformation that took place at the beginning of the COVID-19 Pandemic. The rush to move businesses online in order to continue operations happened almost overnight. Remote work environments and cloud-based operations that would generally take months - if not years - to implement were deployed within days. Unfortunately, the priority was placed on business accessibility and not on cybersecurity, leaving many security operations teams scrambling to catch up once they were already online. This doubled the attack surface for cyber incidents in two ways:

1. The number of enterprises connecting to online networks was significantly increased
2. Many of them did so without the protection of a comprehensive cybersecurity program

The speed and success of many enterprise's move to remote work were impressive to say the least ! In fact, it's estimated that digital transformation has advanced up to seven years since the Pandemic began. But it's important to remember that threat actors have also augmented their tactics in order to take advantage of this new environment - and the new landscape is filled with opportunities to attack. The variety of endpoints that are connected to unsecured home networks alone create a perfect storm for hackers !

Now is the Time for Action

We no longer have the luxury of deciding whether or not cybersecurity is a priority. With the increasing number and sophistication of cyber attacks, particularly when it comes to ransomware, we have no choice but to act now. Thankfully cybersecurity professionals are working hard to keep one step ahead of the threat actors. We are using lessons learned along with innovative technology and methods to develop defensive protection and rapid responses for cyber breaches.

The next steps are up to you. I've said it once, and I'll say it again - cybersecurity is everyone's responsibility. If you are a leader in your enterprise, it's time to assess your information security strategy and ensure it is tailored to your company and properly scaled based on your company's move to the cloud. Identify your vulnerabilities and deploy security measures to address them. Support your team with resources and guidance that help them to make cybersecurity a priority.

If you are a team member at any level of your organization, it's time to learn about your company's cybersecurity programs and the many ways you can work to be an effective first line of cyber defense. Know how to identify malicious activities like phishing scams and understand how to safely address them.

 

We're only halfway through 2021 and it's already proven to be the most profound year in cybersecurity. We've seen incredible advances and devastating losses. But if there is anything we can take away from the past six months I believe it's that we as a cybersecurity community absolutely have what it takes to step up and meet the challenge ahead of us. Understanding that the future in cyber won't be easy and will require constant vigilance, but that we can add these learned lessons to our arsenal of cybersecurity defense strategies and move confidently forward into the second half of 2021 !

 

To Your Success, 

 

Subscribe below for new issues of Cyber CEO, timely Threat Advisories, and Herjavec Group Thought Leadership