At the beginning of every year, it's customary to reflect on the past year and predict what will happen next. After all, It's human nature to want to know about the latest events and trends, so you can better prepare for them. Managed security service providers (MSSPs) have a wealth of data detailing cybersecurity developments and forecasts for 2022. From what I've read so far, and also based on what we are predicting at FortiGuard Labs, next year will be about more and more automated and opportunistic attacks, as well as more targeted campaigns – leveraging AI. The coming year will also likely see more advanced persistent threat actors and more sophisticated ransomware and supply chain attacks. There's even the potential for threats in space as criminals target satellite-based communications.
But rather than talk about new threats, I'd like to turn the conversation around from predictions to expectations. What can MSSPs expect in 2022? At the risk of taking the sheen off shiny objects, my answer is "more of the same."
Old Exploits Still Work
The same risks and threats that have plagued cybersecurity aren't going away. Indeed, they are only going to become more difficult as organizations of all sizes, adopt remote working and cloud computing while facing persistent issues of complexity and skills shortages.
Although new developments in cybersecurity are certainly important, we’re still seeing exploits of known vulnerabilities. Before focusing on new threats, MSSPs should also be mindful of cybersecurity fundamentals.
Although patching is a cornerstone of any vulnerability management strategy, it's often difficult and not enough. The practical reality of legacy multi-vendor solutions is a lack of consistent visibility, and you can’t protect what you can’t see.
Much as everyone would love a silver bullet that would protect them from every attack, cybersecurity is a lot more complicated and requires a multi-faceted approach to defend against simple, intermediate and advanced attacks. Indeed, today’s attacks are complex and sophisticated, and MSSPs need to minimize risks by approaching security from multiple fronts. You need to reduce the attack surface with hardening, which includes forcing all users through fewer points of entry or potential threat vectors and implementing a Zero Trust-based security model with multifactor authentication. At the same time, MSSPs also should also help clients implement basic security hygiene and security awareness training to address the known-known attacks that still plague so many organizations .
Start from Where You Are
Taking these basic steps is just the beginning. Even if you do everything you can to reduce exposure, it's not enough. To defend against threats, you need to understand your current state. If you don't have visibility, you don't know what you need to add or change.
Complete visibility means that you are able to see any device anywhere on the network and understand its state. Only then can you know if there are devices that are properly patched, configured and operating as expected. This is especially true in the case of endpoints which may include servers, laptops, mobile devices, point of sale systems, equipment, sensors, and scanners. As new network edges appear and the number of endpoints continue to expand, MSSPs need capabilities to establish persistent visibility on the LAN, WAN, data center and cloud edges.
Once you have established consistent visibility, you can effectively enforce security policies and controls as well as use data to proactively address any questionable network device, IoT device, applications, and user. MSSPs also need to make sure they don't overlook threats that work slowly and over time. It's important to have AI and behavioral analytics in place that can identify low-level attacks that traditional security systems may not detect. In many cases, these types of threats are only detected after a significant amount of data is lost.
At the other end of the spectrum, some ransomware solutions that can bypass file-based malware prevention can destroy a system in a matter of seconds. These attacks occur faster than any security team could manually respond to, it's essential to have endpoint protection and network security solutions that include real-time, automated mitigation.
Getting the Basics Right
New attacks, tactics, techniques and procedures are continually appearing, but that doesn't mean that cybercriminals discard the old methods. Indeed, we’re seeing a mix of new and old attacks threatening organizations of all sizes. MSSPs need to be able to see, control, and protect the entire network with an effective balance of prevention, detection, and response capabilities. New types of attacks are undoubtedly coming soon to a network near you, but don't let that distract you from what needs to be fixed now. Thus, it's always important to be aware of emerging threats, but it’s equally prudent to continually defend against the multitude of known threats and risks that lurk in your extended networks.