What’s the best way to get a leg up on cybersecurity in 2020? Learning from the biggest problems of the past year can show emerging patterns and trends that can help shape your security strategy, ensuring that you know what to watch for and prioritize. Read on to learn how to deal with four major cyber threats of the past year that will continue to evolve and plague organizations into 2020 and beyond.
Fileless malware was on the rise in 2019. This tricky variant of malware is particularly dangerous because it does not use executable files to install new software, but instead is a type of living off the land attack, leveraging pre-existing software and applications. It is primarily memory resident, which makes fileless malware incredibly difficult to uncover, since it leaves no signature behind. Since it can evade detection fairly easily in most environments, fileless malware can also have a significantly longer dwell time. It’s unsurprising that, according to the Ponemon Institute, fileless malware attacks are far more likely to succeed than other types of threats. Given this success rate, fileless malware will continue to wreak havoc into 2020.
So how do you fight back against malware that is designed to remain invisible? Instead of looking for the malware, you must look for the symptoms. Focus on detecting what the malware is trying to do, instead of the malware itself. For example, Network Insight uses advanced threat detection to determine with certainty that a device is infected by observing device behavior over time, gathering evidence of malicious activity. Network Insight can determine an asset is infected simply from the actions the malware has taken, without having to first identify the actual malware. By focusing on attributes of malware, instead of the malware itself, organizations can thwart fileless malware by reacting before real damage is done.
Cloud and SCADA Pen Testing
Pen testing has been around for years, but this year, Core Security, a HelpSystems Company, saw a notable uptick in requests for pen testing two environments: the cloud, and SCADA systems. With increased attention on these important environments, it’s important to ensure your organization is prepared for attacks that have these targets in mind. 2020 will continue see an increase in specialized penetration tests pinpointed on cloud management consoles and SCADA systems—and for good reason. They can provide insights on potential weaknesses that will instantly be a high priority for remediation, given the sensitive nature of these assets.
While cloud security has been improving over the years, more recently, threat actors are moving beyond simply stealing valuable data, which can be attained from things like misconfigurations or compromised accounts. As more organizations have moved all their services to the cloud, attackers are seeing more opportunities to gain not just data, but control. They are now also going for the crown jewels of cloud servers: full administrative control of the cloud management console. From there, they can compromise users, data, passwords, and infrastructure.
Though commonly associated with manufacturing plants, SCADA environments are present across many industries, from public utilities to pharmaceuticals to technology companies. These systems are in charge of centralizing communication and control processes for industrial equipment. As more and more SCADA systems become connected to the internet, what they gain in efficiency and features, they lose in security, as it provides more potential openings for attackers to exploit. Threat actors gaining access to SCADA environments can have far reaching consequences.
So how do you protect these critical systems? Beat threat actors to the punch by making a point to test these systems for exploitability, through pen testing services or with the aid of pen testing tools. Tests can vary widely in form and scope. For example, a SCADA pen test may involve attempting to physically breach the facility, since many SCADA systems have touch screen panels that can be compromised through in-person access. Alternately a tester may easily gain administrative access to SCADA environments remotely since most are now accessible through the internet. Testing these important environments can give a more holistic view of your security gaps and how to close them.
The End of the Security Perimeter
For many years, cybersecurity practitioners have attempted to use the method of perimeter protection—fortifying their infrastructures as much as possible in order to prevent any malicious threats from getting through. As threats continue to evolve and the need for data and applications to be shared across a wide variety of constituents, this strategy is not always effective in securing critical data and assets. As exemplified by the fileless malware mentioned above, it is widely accepted that perimeters are being, and will continue to be breached. With the number of data breaches continuing to increase year over year, 2019 had many realizing the secure perimeter strategy needs to be only a part of their strategy.
This doesn’t mean that every breached organization will suffer the extreme consequences that we’ve seen in headlines. It simply means that protection needs to be present throughout your environment. A zero-trust strategy has become increasingly popular and may continue becoming standard practice into 2020. A zero-trust approach is the idea that everything must be verified—both externally and internally.
So how do you go about shifting from perimeter mindset to zero-trust? This means increased monitoring and other internal controls must be as high a priority as those that protect against external threat actors. For example, identity governance and administration (IGA) focuses on providing users with only the access they need, when and where they need it. IGA solutions provide automation capabilities for creating and managing user accounts, roles, and access rights for individual users within the organization. By tightly controlling access through IGA, along with other controls like SIEM or Privileged Access Management (PAM), you’ll provide the granular verification that successful zero-trust requires.
Cybersecurity Maturity Model Certification (CMMC)
This year, many organizations that have or hope to have contracts (or even subcontracts) with the Department of Defense (DoD) began discussions on the potential implications and changes necessary to pass the upcoming Cybersecurity Maturity Model Certification. This regulation aims to reduce risk by requiring more advanced cybersecurity measures. The official version will become available in January of 2020, with a grace period until June of 2020 to begin compliance.
Though not yet finalized, drafts have been published that give a brief idea on what to expect. For instance, there will be five levels of certification, with level five requiring the most advanced cybersecurity measures. Lower risk projects would not require as high a level of certification. Additionally, there are 17 domains that will be assessed, including access control, audit and accountability, identification and authentication, incident response, and risk management.
Organizations will need to carefully evaluate their own policies in order to begin or continue working with the DoD. Additional personnel may be required, new tools might become essential, or additional training could be needed in order to pass muster. Organizations that do not work with the Department of Defense may also want to pay close attention to the CMMC in 2020, as it may serve as a model for other agencies in the future.
Whether or not you have a regulation that requires it, everyone should resolve to do that much more in order to improve their security posture. Staying vigilant, improving processes, and using the right cybersecurity solutions can help organizations spend next New Year’s Eve celebrating a safer year.