FINAL WORD
34 %, to 135,000 from 2020 to 2021 and a further 25,000 were needed .
Variety is the spice of a ransomware actor ’ s life
Mark Lukie , APAC Sales Engineer
Manager , Barracuda
The impacts of these shortages will be felt for years , but as organizations continue to rapidly increase their use of public cloud services the lack of skills needed to ensure correct configuration , and hence the security , of these facilities will make them increasingly vulnerable . In mid-2021 Gartner forecast Australian spending on public cloud services to reach A $ 13.8b in 2021 and A $ 16.7b in 2022 .
Security incidents related to their cloud-based services will continue to grow , because the skills shortage is not going to disappear anytime soon . The solution is automation . Organizations need to deploy continuous , automated policy compliance tools .
As industrial networks grow , so does the risk
Operational technology to control and monitor industrial systems has been widespread for years . It is now morphing into the Industrial Internet of Things ( IIoT ) where industrial devices become connected to corporate IT networks and to the Internet , exposing them to all the dangers it brings .
Under the many pressures produced by the pandemic – on supply chains , energy prices and more – organizations of all kinds have increased connectivity of their facilities in search of increased efficiencies and lower costs . When these developments are made under pressure , security tends to suffer .
In August 2021 security researchers revealed four vulnerabilities in the NicheStack TCP / IP stack used to enable communications in IP-connected OT and IIoT devices . These vulnerabilities could enable attackers to mount remote code execution , denial of service attacks and more .
Security measures such as firewalls and microsegmentation can add additional protection , but these vulnerabilities still must be patched , which can be difficult to do in a continuously operating production environment .
As the cost of ransomware attacks and cyber insurance payouts rise insurers are demanding increasing stronger baseline security from policyholders . When organizations beef up remote desktop protocols , VPNs and email security , attackers devise new ways to bypass security .
Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular . So any organization with digital links to its business customers could be compromised to gain access to the attacker ’ s ultimate target .
Attackers will also explore new channels to gain entry , such as SharePoint , OneDrive , Google Drive and Google Docs . These SaaS platforms have already been compromised with new and highly original phishing campaigns , and the number of successful attacks will certainly increase . A high level of visibility and tight control of corporate IT systems and data is essential to detect and thwart these advanced threats
Zero exceptions to Zero Trust for US Government
On 21 May 2021 US President Joe Biden issued an Executive Order on Improving the Nation ’ s Cybersecurity . To the surprise of many in the cybersecurity industry it required the Federal Government to ‘ advance toward Zero Trust Architecture ’, in other words , it mandated the use of Zero Trust across federal government entities .
This edict is likely to spur a significant increase in the adoption of Zero Trust security by the US private sector and elsewhere as boards and senior management realize that it not only significantly strengthens their security but confers competitive advantage .
However , they must understand that Zero Trust security is not achieved simply by deploying a product that claims to provide Zero Trust security . Zero Trust is a state of security achieved only by addressing multiple issues with the appropriate solutions .
The first steps are easily achieved with existing security solutions such as host-based firewalls , microsegmentation , data loss prevention , roles-based access controls , etc .
There are many more point solutions , all of which can contribute to optimizing an organization ’ s cybersecurity and building adaptability and resilience . p
84 INTELLIGENTCIO APAC www . intelligentcio . com