Cybersecurity landscape shifts in 2020, as per Mandiant CEO's assessment, due to these three critical threats:
In the rapidly evolving landscape of cybersecurity, several trends and challenges have emerged over the past year and a half.
One of the most significant developments has been the increased use of zero days by criminal actors, a trend highlighted by FireEye's discovery and disclosure of the SolarWinds breach. Mandia, a cybersecurity expert, has emphasized this shift, stating that zero days are being used more frequently in cyberattacks.
The heightened threat level has led to a change in the role of Chief Information Security Officers (CISOs). With the increased cyberthreats and attacks, CISOs are leaning more towards earlier involvement with their C-suite and board. This shift is essential as CISOs now have more influence than ever before, needing to make their vision a reality.
In response to these threats, the White House has called for tech companies to create technologies that are easier to defend but more difficult to attack. The Biden administration has also formally addressed supply chain security, with the May executive order and the August White House summit with tech CEOs, focusing on securing the nation's critical infrastructure.
Ransomware attacks have been a significant concern, with their sophistication escalating rapidly. These attacks have changed the way businesses operate, with two primary continuity considerations following a ransomware attack: privileged access reduction and segmentation, and backups.
Coordination among ransomware gangs and their affiliates has made attacks more damaging and targeted. This coordination has been observed across the globe, with nation-state actors from countries such as Russia, North Korea, Iran, and China reportedly conducting ransomware attacks.
The SolarWinds implant attack has underscored the importance of information sharing in dealing with supply chain compromises. Mandia has emphasized the need for transparency in such situations, stating that revealing implants as soon as possible is crucial for defence.
Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks, including the question of whether they are a target. This increased awareness has been driven by the unprecedented cyberattacks that have affected both private and federal sectors over the past year and a half.
Remediation for zero days generally involves basic cyber hygiene and patching. However, the growing number of zero days discovered each year presents a significant challenge. In 2021, the number of known zero days (64) is more than those found in 2019 (32) and 2020 (30) combined, according to Mandia.
In the face of these challenges, Mandia has suggested that red teaming, or simulating cyberattacks to uncover a business's "unvarnished truth," is the only way to truly test and strengthen resilience against ransomware attacks. This approach, along with continued collaboration and information sharing, will be vital in the ongoing fight against cyber threats.
