Base on a review of 3 key trends in the 2020 global cybersecurity landscape, a threat report offers 5 insights and recommendations for future network security.
The cybercrime landscape in 2020 was characterized by three key trends involving phishing attacks, ransomware and supply chain attacks.
In its recent report on network security testing, Keysight Technologies shed more light on these trends and also came up with five strategic insights for 2021 and beyond to tackle the mounting cyber threats.
The report from the firm’s Application and Threat Intelligence (ATI) Research Center drew on a globally distributed team of dedicated cybersecurity professionals that monitor and analyze evolving threat indicators across the Dark Web; crowdsourced intelligence; honeypots placed worldwide to trap cyberattacks; social media and partner feeds, as well as independent research.
Three critical network security concerns
With a critical look back on 2020 data, the researchers have summarized the extent of the three critical ongoing network security threats:
- Phishing attacks increased by 62%: There was rapid increase in these attacks when the pandemic took center stage in March and April as social engineering attacks were related to the pandemic.
- Ransomware surge driven by monetary motivators: There was a huge uptick in the deployment of ransomware starting in June. While this trend was directed across all industries, healthcare was hit especially hard. Some 59% of the attacks occurred during the second half of 2020.
- Supply chain attacks hit the headlines with the SolarWinds attack. The supply chain continues to be a weakness and the SolarWinds attack reinforced the need for security architects to embrace a holistic and comprehensive approach.
Said the firm’s Vice President (Security Solutions), Scott Register: “Cybercrime did not take a holiday during the pandemic. Cybercriminals leveraged phishing, ransomware and supply chain vector attacks to strike networks for financial gain. We believe that these network security trends will continue in 2021.”
Strategic cybersecurity insights for 2021
With lessons learned in 2020, the report now offers the following strategic insights and recommendations for network security professionals for 2021 and beyond.
Insight #1: Phishing and additional social engineering attacks will continue to take advantage of pandemic-related headlines.
Recommendation: People need to recognize social engineering vaccination scams, and network security teams must be aware that bad actors target personally identifiable information (PII) in a healthcare and government setting.
Insight #2: Ransomware is highly popular because it makes a lot of money for bad actors. While it is not going away, business models continue to mutate along with malware variants. Recommendation: Keep enterprise threat detection systems up-to-date with the latest signatures and behavioral patterns, as ransomware builders are getting better at obfuscation and avoiding detection. In addition, network security teams should also be aware that exploitation practices evolve at a furious pace.
Insight #3: An organization’s supply chain is more than just components. There is a tendency to think of a supply chain as outside entities that either supply a company with software and hardware components or the supplies used when building a product.
Recommendation: The supply chain is critical to the operation of a business, including utilities, email, cloud providers and even coffee suppliers. Network security must consider non-traditional components that may touch an organization and IT systems.
Insight #4: Zero-trust is more than just a buzzword. It does not mean limiting what users can see when they connect to an organization’s network.
Recommendation: A successful zero-trust implementation requires that systems and users can only access the internal or external resources that they absolutely need.
Insight #5: Assume an organization is breached and behaves accordingly.
Recommendation: Organizations need visibility into their networks and cloud resources. If network security teams cannot spot anomalies hiding in their network (whether on-premises, in the cloud, or a remote user), then they are allowing breaches to remain undetected indefinitely.
This report concludes with the following key takeaways:
- Act like your network has already been compromised: Create a plan to quantify risk and impact; assess and validate your current operations.
- What should you be doing right now? Look for any indicators of compromise; create a data collection infrastructure—taps & packet brokers; insert appropriate security tools—DLP, IDS, and DPI solutions; quantify risk and impact to prioritize tasks.
Finally, defenders are advised to continually assess and validate operations with Breach and Attack Simulation solutions.