The Cybersecurity Year in Review Report from CyberRisk Alliance (CRA) starts with a trendy title—“Everything, Everywhere, All At Once”—and proceeds into a document as chaotic, informative, and hopeful as the referenced film.
Where We’ve Been and Where We’re Going
The cybersecurity industry faced rapid changes in 2020 with remote work and increased digital demands but adapted with new tools in 2022, including a major shift towards cloud solutions.
The 2022 Cybersecurity Year in Review Report from CRA covers seven categories—summaries detailed below—but some broad patterns did emerge:
The CRA Report also dove into categories of challenge and growth over the year. Here are the highlights:
‘Companies scrambled to address pandemic-era cloud security gaps’
After two chaotic years of taking whatever measures possible to keep businesses afloat, 2022 heralded security practitioners finally having time to catch up with all the moves that had been made.
Confidence levels lagged, however: Cloud Security Alliance (CSA) researchers reported that 39% of organizations surveyed said they had high levels of confidence in their ability to secure cloud data. And that wasn’t particularly surprising: 37% of respondents reported their organization experienced a cloud-based attack or breach in the last two years.
2022 also demonstrated the legal changes to cloud security, and showed us how companies can be held responsible for breaches, if they are deemed to be the result of failure to effectively secure cloud environments. Take for example the Wegmans case, where the grocery store chain was hit with a $400k fine for allegedly exposing customers’ personal information.
As a result, 90 percent of CRA respondents reported plans to spend 3-10% more on cloud defenses than they had in 2021.
‘Zero trust adoption lagged’
Organizations that hadn’t already made the leap to zero trust policies said the transition was just too difficult and wouldn’t be effective at their organization. Others said budget limitations and inadequate staff to provide oversight or support for a zero-trust model kept them from adopting it. The most prevalent obstacles in adopting zero trust, however, were the lack of knowledge about the framework and lack of buy-in from senior management.
‘Endpoint security tested by proliferation of non-traditional devices’
As security professionals caught up with the huge numbers of work devices being used at home, they identified a multitude of risks associated with endpoint security. Consumers and businesses alike increased their use of Internet of Things (IoT) devices, both at home and in workplaces.
Survey respondents cited many challenges to device security, including limited budgets and resources, outdated acceptable use policies, and lack of upper-level management support for device management strategies. The fear of ransomware, and the damage it could inflict in their environments, remained a top concern for security teams.
‘Attackers on high ground as organizations struggled to secure email’
Despite increased attention paid to email security in 2022, threat attackers continued to have the upper hand, exploiting the vulnerabilities that come with remote work, user habits, and weak credentials. In addition to phishing emails designed to capture login credentials, email attacks also contained payloads that included traditional viruses or application macros.
Several breaches detailed in the report showed that email security is “at its core a people problem, requiring security teams to address risks that can often linger beyond the realm of their control.” To fight back, respondents indicated intentions to increase education regarding social engineering and configuration management.
One key piece missing from the CRA report was commentary on how compromised credentials factor into these risks. Many breaches rely on account takeover somewhere in the attack chain, and solutions exist that will assist organizations with locking down their login procedures.
A strong password provides a first line of defense against unauthorized access to systems, making it difficult for attackers to gain entry and install ransomware. One way to ensure a strong password stays strong is by ensuring that it has not been exposed in a data breach. Monitoring the deep web helps to identify any threats before they become a problem, as well as identify any leaked data that can be used to craft more effective attacks.
In addition, strong passwords can prevent unauthorized access to sensitive data, even if a system is misconfigured and left vulnerable.
Monitoring the Dark Web can provide insights into the motivations, techniques, and tools used by ransomware attackers, enabling organizations to better understand the threat and implement more effective countermeasures. This can also provide early warning of misconfigurations that are being exploited by malicious actors. By combining strong passwords and deep web monitoring, organizations can better protect themselves against misconfigured systems and the growing threat of ransomware.
Even in these uncertain economic times, businesses across all industries need to allocate budget to cybersecurity solutions. Already, too many businesses are allowing remediable problems to go unsolved due to budget restrictions. But threat actors won’t stop.
Read more about compromised credential solutions.