Cyberthreats were a top concern for enterprises and small businesses alike in 2021, and things aren’t getting any better. The threat environment has, to a degree, been a byproduct of pandemic-driven remote work and the exposure of supply chain vulnerabilities.
The cyberthreat environment in 2022
The first quarter of 2022 has exposed more threats, with international tensions between major superpowers, tension between chip makers and cryptominers, and strengthening government alliances with corporations to pool their insights and resources for fighting cybercrime.
Trends to look out for throughout 2022:
● Ransomware continues to top the list of threats, with data theft and financial losses being only part of the picture. Exposure of sensitive data and political and activist threats are also part of the ransomware picture in 2022.
● Within ransomware groups, emerging disagreements can lead to the publication of an organization’s private data — even in cases where the victim did pay the ransom — making these threats even more serious.
● Phishing and malicious emails remain the main infection vector for attacks.
● Attacks on software supply chains such as Log4j and SolarWinds affect thousands of organizations worldwide, posing threats to critical infrastructure as well as businesses.
● Quiet attacks, particularly through remote employees often working on their own devices, are another security concern. These attacks involve cybercriminals gaining access to systems and extracting information without the victim’s knowledge. This type of attack is often attributed to corporate espionage.
● Linux and macOS are increasingly under attack.
In this evolving threat landscape, organizations are looking to create cohesive resilience plans to help protect their intellectual property, customers and supply chains. Many companies rely on managed service providers (MSPs) and outsource IT professionals to help them navigate these potential threats.
Cyber resilience for MSPs and IT pros
In addition to cybersecurity, organizations today talk about cyber resilience, which refers to the ability of the IT infrastructure to withstand changes and modifications and rapidly return to a stable state. In other words, the task of an IT department is to create an IT infrastructure that continues to perform, even after being penetrated or potentially compromised by cybercriminals. An IDC study showed that 73% of companies reported experiencing a major security breach in the previous two years.
Today’s security service providers and IT professionals need to assume that data is constantly under attack. So, it’s essential that cyber resilience must include the ability to continue operations while under attack and to recover from attacks.
Assessing clients’ specific needs is also important. Depending on the industry, the type of data being stored, the extent of remote work, and the jurisdictions in which a company operates, the requirements can differ. Offering different tiers of security plans and knowing the details will help you provide the right level of security for each organization. With each client, assess the most likely risks, survey the entire organization, and document the company’s key processes and procedures to create the appropriate cyber resilience plan.
IT service providers and cyberthreats: It’s your job
As an IT service provider, the role of cybersecurity protection falls on you. Clients may not explicitly ask about security, but if there is any data loss or breach, it’s certain they will hold their IT services provider responsible. Even the smallest companies and work-from-home operations are vulnerable to attack. Build cybersecurity and a cyber resilience plan into every single IT contract.
Remote workers and endpoint security
Despite the easing of concerns around the pandemic, remote work has now become the norm. This has enabled companies to hire people looking for work-from-home opportunities across the globe, and these individuals have no intentions of returning to an office. So as a result, and as mentioned above, IT security protocols need to take into account the vulnerabilities associated with endpoints, including phones and laptops.
Benchmarks for cyber resilience
Cyber resilience creates an end-to-end approach to threat management encompassing information security, business continuity, and disaster recovery. Government agencies, such as the Department of Homeland Security, the ISO standards association, and international banking associations, have created materials to help organizations carry out self-assessments or schedule facilitated sessions for companies. IT managers, service providers, and MSPs can avail themselves of such services to make sure they stay up to date and are using the latest benchmarks for their clients.
Other frameworks available include the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for Internet Security (CIS) Security Controls. These frameworks can provide an excellent benchmark for creating a resilience plan.
Creating a business continuity plan
Every organization should have a business continuity plan in place. Governmental organizations again provide a myriad of business continuity resources to help companies boost their cyber resilience. The following are essential steps for creating a cyber resilience plan:
● Business impact analysis: Identifying the specific risks and costs associated with the organization.
● Scenario creation: Mapping typical attack scenarios that are likely to play out in the current cybersecurity threat environment, as well as scenarios particular to the organization.
● Continuity and recovery strategies: Based on the scenarios, identify strategies that will keep the company in operation in case of an attack, as well as strategies for recovery in case of loss of functionality or data.
● Plan development: Creation of the actual plan, both in terms of documenting it and putting in place the technology for implementation.
● Staff training: In addition to training IT staff, the employees of the organization need to be aware of how to keep their endpoints updated and identify phishing and other types of social engineering attacks.
● Testing of cyber resilience plan: Testing scenarios and staff readiness for different types of plans. MSPs should have an array of testing tools to securely test and identify vulnerabilities.
● Review and improvement of the plan: A first-draft plan is unlikely to cover every possibility, so IT teams need to conduct retrospectives, identify weak points, and update planning and implementation of technology to cover any gaps discovered during scenario testing.
MSPs and security providers typically offer different tiers of standard security plans. The assessment and testing will allow the plan to be tailored to each client.
End-to-end cyber resilience approach
An end-to-end cyber resilience approach addresses all the key services in the organization, including operations, delivery, sales, and support. Challenges that can impact a company’s resilience include cloud migration, shadow IT, organizational silos, and concerns about the costs of security. The cyber resilience approach is to take a holistic view of the organization, understand what processes are essential for business continuity, and implement the structures and software solutions that will allow these different processes to operate across the organization.
Rather than looking for point solutions, cyber resilience views the organization as a whole. One common approach is scenario building. In this approach, the security team builds the most likely attack scenarios, based on recent historical attacks as well as the nature of the specific organization and the threats that management deems most likely or most dangerous.
Cyber resilience reviews
Once a company has a cyber resilience plan in place, keeping it up to date is the next step. MSPs should implement periodic cyber resilience reviews for all of their clients. The review should include reassessment of threats based on changes in the environment.
Regular threat analysis updates
Cybersecurity isn’t just about implementing a plan and upgrading the system. Regular threat analysis and testing the most common attack vectors are also key. The IT team can run some of the scenario tests in the original cyber resilience plan and consider emerging threats or changes to the company’s risk profile. Changes such as mergers and acquisitions, changes to the product offering or supply chain, new vendors, additional client geographies, or changing regulatory environments will require updating your threat analysis as well.
As part of the threat assessment, make sure to take note of the level of staff training, including security training for new employees or those who have been promoted. Social engineering is one of the major attack vectors, so assessment of staff readiness and frequent refreshers must be part of the regular threat analysis.
Providing the right software solutions for your clients
Taking a proactive approach is the core of cyber resilience. Until recently, data protection was limited to protection and restoration of data in case of disaster. However, in today’s environment, ensuring your systems remain operational during an attack and, if necessary, performing forensics to identify the sources of the breach are key. Companies taking a proactive approach and implementing the 3-2-1 rule are in a position to withstand a wide variety of threats and cyberattacks.
Multitenant software such as Acronis Cyber Protect, Acronis Cyber Protect Cloud, and other security products help MSPs and their clients take the right steps toward comprehensive cyber resilience for organizations of all sizes.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.