FeatureThe cybersecurity industry saw some key trends emerge from defenders and attackers in 2021. The defence trends were, in almost all cases, a direct result of the threat trend, these defence trends were reactive, and for many, it was too late.
Attack surface management is an important area. We are predicting growth in this area, which supports the concepts of predictive defence. Once you understand your attack surface, you can create a threat landscape and threat profiles linked to cyber threat intelligence services with Priority Intelligence Requirements and Organisation Specific Intelligence Requirements.
MSP and CSP have value but also risk
These allow an organisation to shift from a reaction-based defence right of boom to a proactive-based defence left of boom. The growth of proactive-based defence is an area where we push into 2022 and hope others will too.
One of the growing threat trends we have seen over the last year is targeting Managed Services Providers, MSP and Cloud Services Providers, CSP. This targeting allows an attacker to have a significant impact per attack as it can span numerous victims.
Running on someone’s infrastructure means you lost control of how and if that infrastructure is protected
MSP and CSP have value but also risk. Running on someone’s infrastructure means you lost control of how and if that infrastructure is protected.
In response to this trend, defence trending is growing in attack surface awareness, commonly referred to as digital foot printing. We see a slow yet growing understanding of this need. As users of MSP and CSP now have a greater need to understand their entire attack surface, not just what is left in-house.
It’s no surprise that ransomware is still the leading threat trend. As the value of crypto rises, the greater the incentive for cybercriminals. Every time a victim pays, it guarantees further attacks against others and, in many cases, repeated attacks upon themselves.
In almost all cases of ransomware investigated, unpatched remotely managed or cloud-hosted systems were initial points of access
In almost all cases of ransomware that we have investigated, unpatched remotely managed or cloud-hosted systems were the initial point of access. These systems loop back to the defence trend of attack surface awareness.
The world’s most fantastic AI threat prevention solution cannot save you if you leave the front door wide open with a welcome mat out and no one to check the IDs of the people walking or out of that door. The same is true for MSPs — they need to take the security of their infrastructure as a critical service, offering complete vulnerability management and real-time monitoring and response within their managed infrastructure.
These systems loop back to the defence trend of attack surface awareness
The evident concern is corporate assets operating outside of the controlled environment, this needs to be handled in a draconic manner. The best way to manage these devices is with combinations of application and access controls. It is deploying connection-aware host-based firewalls, remote gateway proxies, and MFA VPN solutions.
On top of this level of access control, other requirements are software inventory management, agent-based policy auditing, vulnerability management, and fully managed anti-malware, host intrusion detection prevention system, all with reporting to real-time monitoring and response. In a more straightforward statement, the more visibility, the greater the ability to protect, detect and respond.
Once you understand your attack surface, you can create a threat landscape and threat profiles linked to cyber threat intelligence services.
