What will 2023 bring in terms of cybercrime? The following insights will help you plan your cyber defences for next-generation threats in the coming year and beyond
“Every great man, every successful man, no matter what the field of endeavour, has known the magic that lies in these words: “Every adversity has the seed of an equivalent or greater benefit.” Very profound quote by, W. Clement Stone, the American philanthropist who co-authored “Success Through a Positive Mental Attitude.”
The last two years of pandemic have undoubtedly been adversity, but there has also been enormous learning for humanity. From the perspective of cyber security, the lessons are more applicable, as there are many parallels between the real world and the cyber world in terms of pandemic management. COVID-19 is essentially a zero-day threat which does not have any preventive control.
In the cyber world, such zero-day threats are quite common, and there are standard ways to control them too. All these controls are more or less the same way we fought the pandemic. Although, in the cyber world, implementing controls is more efficient because computers are designed to obey instructions efficiently, which humans are not.
The overall learnings from the pandemic are immense. Let me flag few learnings which, in my opinion, are very important in planning our cyber defence for new generation threats in 2023 and beyond.
1. Preventive control is essential but not sufficient.
The way threats are emerging, having a strategy to prevent them will not be very efficient. Even today, we do not have any preventive control for ransomware because each ransomware threat is different and is “Zero-Day” in nature. We need to have different controls to detect anomalous behaviour in various parts of the system and take corrective action. EDR and XDR somehow help us in generating such alerts at the operating system level, but this is not sufficient; we need to detect such anomalous behaviours in other parts like databases, middleware, etc.
2. Securing supply chain is extremely important in a connected world.
Thanks to the hyperconnectivity among all entity, the interdependence in the entire ecosystem has increased manifold. Drift or vulnerability in any component of supply chain has a contagion effect. In cyber world, this has more ramifications as a digital system usually consists of many disparate components which are joined together to deliver required functionalities. This makes the entire supply chain dynamics more complex. We may call this “Nested Supply Chain.” Increasing use of opensource solutions, dependency of third parties also have expanded the attack surfaces related to supply chain.
There is no silver bullet solution for supply chain security. Cyber discipline by each stakeholder, multiple security testing, software composition analysis are effective ways to start with.
3. Respond and recovery are particularly important.
The World Economic Forum in their world risk report 2021 has flagged “Cyber security failure” as one of the top ten global risks. The perception is very clear that “Falling is imminent,” what is important is, “failure to get up.” Respond and recovery are thus important. During the pandemic, we all have evaluated our preparedness for eventualities and learnt lots of lessons. It is time to integrate those in our respond and recovery strategy. Solutions like BAS (Breach Attack simulation” will play a very important role in this stress testing exercise. I think stress test for cyber security controls needs to be institutionalised like any other risk portfolio and must be done on a regular basis.
4. IOA (Indicator of Attack) is more important than Indicator of Compromise (IOC).
Threat Intelligence is gradually becoming especially important. Although there are lots of niche service providers in this space, they need to concentrate more on IOA (Indicator of attack) rather than IOC (Indicator of compromises). This will help them making this intelligence more actionable. We all have been suffering from “IOC Fatigue.” The same IOCs are provided by multiple service providers, government agencies and also the OEMs. In a scenario where there is hardly any signature-based attack, these IOCs like IP addresses, hashes etc. have very less use. What is important for us to know if there are any unknown vulnerabilities which have the potential to be exploited. This kind of proactive threat hunting will really help any organisation in fortifying their cyber defence to combat new generation threat.
5. Orchestration and automation to be an integral part of defence strategy – play books play a vital role.
This pandemic has shown us how orchestration and automation make defence strategy more efficient. A case in example is our “CoWin” and “Arogya Setu” applications by the Government of India. The story of CoWin has truly been one of the national impacts and importance. And while the story started during the pandemic, it will not end with the pandemic; it will segue into a repurposed digital platform for more health use-cases in future. Implementing the world’s largest vaccination program, executing this in record time of 18 months and integration of multiple other application through API are really examples which have the potential to be implemented in cyber world to track cyber health. A food for thought for cyber security professionals in the year 2023!
The SOAR (Security Orchestration, Automation and Response) solutions which came to the market in 2015 (assumed), have actually not been taken up because there were real challenges in automation and orchestration. Now the same SOAR is coming in a different avatar as a functionality in new generation SIEM, but the constraints of play book automation still remain as a challenge.
We need to take a cue from the human immune system, where “Acquired Immunity” is like a play book which gets replayed in case of a known/similar attack. Hopefully, the new generation SOAR will try to mimic the “Acquired Immunity” for generating and implementing the playbook more efficiently.
6. Evolution of a true next generation cyber security skill.
Skill shortage was perceptibly felt during the pandemic management. In the cyber space, we also have been facing a serious skill challenge. I feel the current supply side constraint of cyber security skill will grow further and there will be an emergence of a next generation cyber security skill. A skill, which is business focused and completely market-to- market. It is difficult to predict the exact skill requirement as the skill which has the highest demand today did not even exist 15 years before. “Market-to-Market” is the way.
7. Basic cyber hygiene is necessary.
The pandemic has helped us reinforce the requirement for health hygiene. Hygiene helps in institutionalising a collective habit, and collective habits foster a culture. This applies to all domains, including cyber security. Lack of basic cyber hygiene is the main reason for most of the cyber-attacks across the world. It’s time to make cyber-appropriate behaviour a societal value. This will ultimately lead to fostering a cyber security culture, which will be an ultimate cyber defence weapon.
Edited by Tanmoy Mitra