Takeaways from SecureWorld St. Louis 2022
As a security professional, you’re constantly trying to stay ahead of threat actors and their relentless tactics, both old and new, to exploit your organization. It’s no easy task given the complexities of today’s IT environments.
From the exodus to remote work, multi-cloud adoption, and the breakdown of the four walls that used to be our manageable environment, we can all agree that IT environments have gotten complicated – in fact, very complicated – often making them an ideal playground for bad actors to exploit.
At SecureWorld St. Louis last week, I had the pleasure of joining a panel of cybersecurity experts in discussions about the challenges we face given our current threat landscape. I was also able to listen in on a range of other sessions where speakers discussed the top threats keeping industry experts up at night, the intersection between cloud and security, and the odd cycle of what is old becoming new again as we head into 2023.
Here’s a breakdown of some of the top takeaways.
Industry threats, trends, and a recap of the day’s events at SecureWorld
There were plenty of good discussions with industry experts, but let’s focus on the top six takeaways from this day-long event:
Ransomware uptick continues. Ransomware is growing in commonality as accessibility expands. Now available are ransomware “kits” and ransomware as-a-Service (RaaS) where developers sell or lease easily deployable and scalable malware toolkits to individuals and groups. With a larger audience purchasing and using ransomware due to its expanded availability, we’re also seeing more targeted and far-reaching tactics that can encrypt, exfiltrate, extort, and expose critical data from their victims.
Business email compromise is on the rise. Email risk is inflating with new attack tactics. For example, a new version of Bumblebee malware loader has been identified, per panelis, Brian Roye, Senior Security Consultant, with Critical Start. His organization’s cyber research team is working to analyze and apply added detections across their clients to get in front of this attack at “initial access” or a stage prior to “execution.” This new version is loaded from memory and never touches the host's disk, minimizing detection and evading anti-virus tools. Furthermore, the new loader is enticing more ransomware and malware operators to increase capabilities with deploying their payloads, leaving clients on edge over all the possible attacks that could come.
Zero Trust adoption continues. Zero Trust requires that every entity that requests access to data first establishes its trustworthiness and permission to do so, every single time it seeks access. Zero Trust is now core to many organizations’ continued digital journeys. As companies around the world embark on cloud transformation initiatives, Zero Trust provides a blueprint that can address and close many security gaps identified in the cloud. It’s a welcome and widely accepted way of thinking, but many agree, it’s a journey that requires well thought-out planning and business buy-in for full adoption and deployment.
Cloud is a big focus, but be sure you’re a security-first organization, too. We heard loud and clear that even those that were cloud-averse are moving to the cloud, with the “great resignation” impacting this transition. While lack of resources and added convenience continue to drive organizations to the cloud, security should also be a focused outcome of cloud usage. The cloud relinquished a lot of on-prem controls that IT and security teams previously had. This has left many confused, trying to understand both the security capabilities offered by their cloud vendors as well as the tools and controls still required in-house to achieve a cohesive security strategy. Keeping track of your tools, maintaining visibility across all of your endpoints, and making sure your security and IT teams have a seat at the planning table should be a priority for cloud-first organizations.
Attackers are using old techniques on new technologies. While cyber threat strategies have continued to advance with new approaches, bad actors will continue to lean on their former playbooks and decades-old tactics that they are constantly re-tooling. Bad actors are modernizing old schemes using the victims’ own cloud-based services to conduct their data exfiltration and malware downloads. Often referred to as “Living off the Cloud”, these tactics are harder for victims to detect as legitimate tools in the cloud can provide camouflage for bad actors using them for harm.
Threat management is more manageable with good endpoint management. Good cyber hygiene and a strong security foundation enables you to block bad actors before they can cause damage. Enforcing operating system and third-party patches along with security configurations can dramatically reduce the time, effort, and complexity associated with managing the fundamentals of cyber hygiene.
Back to cyber hygiene basics
During the panel, I used a comparison relating today’s threat landscape to the recent rise in auto thefts. The auto industry has rolled out a plethora of new security alarms, tracking tools, and anti-theft devices to combat thieves. However, a ‘new’ old solution is making a comeback — and proving almost more effective.
The Club, an ’80s throwback security device, takes us back to the basics by locking down a car’s steering wheel. Auto theft is almost impossible when the steering wheel is locked down – and achieves the end goal without any new, shiny devices or alarms.
Similarly, make sure you’re keeping with the trusted-and-true security hygiene basics: Endpoint and patch management that proverbially locks the door on cyber crime, allowing your security and IT teams to focus on other priorities instead of tackling a mountain of threats that could have been avoided in the first place.
In a world where bad actors are constantly looking for cracks in our defenses, we as security professionals, organizations, and vendors alike must also join forces to strengthen and elevate our defenses against these criminals. It's no easy task, but after the discussions and sessions at St. Louis’ SecureWorld conference, I am confident that those defending our cybersecurity are making it more difficult for bad actors to weaponize and exploit our defenses.