Richard Barretto, CISO, Progress, provides us with an updated list of IT infrastructure security threats and concerns that business and technology leaders need to watch out for for the remainder of 2022, along with specific actions they should take to optimize the security of their network monitoring.
The year 2022 has already been rich in attacks, with movements in global financial markets and geopolitical pressures adding to the threat burden already felt by organizations in APAC.
The fact that hybrid working – and therefore the move to the cloud – has become our new norm adds further pressure, not to mention the growing shortage of trained security personnel in nearly every country in the world.
Hackers are becoming more numerous, aggressive, organized and sophisticated, and the cybercrime landscape is changing at a pace never seen before. It is no longer enough to know the latest advances and techniques used from time to time by cybercriminals. CISOs and security experts now need to stay constantly updated on the latest security threats, knowing that things will change every few months.
Here is an updated list of IT infrastructure security threats and concerns that business and technology leaders should watch for the rest of 2022, along with specific actions they should take to optimize the security of monitoring their network.
Six IT infrastructure security threats to watch out for
Even before the invasion of Ukraine, many countries were on high alert for potential attacks by Russian cybercriminals, particularly targeting critical infrastructure and essential service sectors. In recent months, cybercriminals have taken advantage of heightened geopolitical chaos to target both nation states and organizations operating in these critical sectors.
Ransomware still on the rise, boosted by AI
Ransomware is certainly nothing new. What is new is that it is getting worse, becoming more widespread, becoming more and more sneaky and dangerous. In fact, Asia-Pacific ranked the the world’s third most targeted region for ransomware. What’s really worrying is that the AI is expected to drive even smarter and more insidious ransomware attacks over the next six months.
Automation of attacks and Fraud-as-a-Service
More and more attacks are now automated and various attack styles are available for download or even as a service. Some threat actors have started monetizing their fraudulent exploits by turning them into a cloud service that cybercriminals can simply subscribe to. These can even include AI-like features such as voice bots that impersonate businesses and engage in social engineering feats robotically.
The attack surface of organizations and workers increases as networks grow
As organizations’ networks expand and applications and devices increase, driven by the rise of hybrid working policies, the attack surface also increases. The Internet of Things, cloud applications, digital supply chains, open source code, and even social media place organizations’ attack surfaces outside of a set of controllable assets.
More and more people are now security decision makers, leading to a radical decentralization of security-based decision-making
In an attempt to gain control over more digital assets, we see specific departments taking control of their IT and, by extension, security decisions. These decisions are often made without any consultation with IT departments, leading to an increasing decentralization of security-based decision-making. This is driving an evolution of the CISO role to higher level and more strategic positions, as well as a need to better align the organization’s cybersecurity posture and strategy.
Hybrid work a hacker field day
Hybrid working has truly created a whole new realm of threats and challenges for CISOs and security experts. Many remote or hybrid devices are still unknown and unmanaged by IT and connect to organizations from outside the network. This not only widens the attack surface – and makes attacks such as phishing more prevalent – but many of these devices and the networks they use to connect have little or no protection. This will be a major challenge for organizations to solve in the second half of 2022.
Five Steps to Optimizing IT Infrastructure Monitoring Security
Decide what to monitor
In-depth monitoring of every piece of IT infrastructure would become a heavy undertaking; each CISO must choose their battle. Priority should be given to first capturing status information on current network devices such as routers and switches as well as critical network servers, and second ensuring that essential services such as email, website and file transfer services are always available.
Accept the complexity
The rise of cloud, multi-cloud and now hybrid working has made enterprise networks very complex to untangle. But instead of fearing this complexity, CISOs might instead learn to embrace and master it, simply because things will only get more complicated from here.
Understanding the makeup and complexity of the organization’s network and having the ability to be informed of the performance of all individual elements at any given time is a key success factor in maintaining network performance and integrity.
Navigating the Storms of Warning
Not understanding dependencies can lead to an aggravating condition called alert storms where the alarms sent are not false, but rather useless. The network monitoring solution or disparate monitoring tools are configured to send alarms and alerts if something goes wrong with that particular component. IT needs to know which component is really the problem and not be distracted by all the calls for help from the dependent component.
According to dependencies
Network monitoring should take dependencies into account. Not only do IT teams need to see all network devices and services and how they interconnect, but they also need to be able to analyze them automatically. Now, instead of that vexing storm of alarms, IT is only alerted to the device that’s actually at fault.
Consolidate around a central tool
Many organizations today rely on a myriad of tools to monitor their network devices. The solution to optimizing network monitoring isn’t necessarily to throw away these tools, but rather to not depend on them for things that centralized network monitoring can more easily and efficiently provide. CISOs should aim to create a consolidated view of their entire network infrastructure, with a holistic view that creates broad and deep visibility that cannot be matched by an array of disparate monitoring solutions.
With the cybercrime landscape changing so rapidly, the key word for the CISO for the rest of the year must be preparedness. If you have followed the preparation steps and practice regularly, you can adapt and react much faster whenever a threat or change occurs. That’s really what creates resilience.
Click below to share this article