As more and more devices are attached to the IoT (Internet of Things), the internet itself is weaken by saturation and anything weak is a target. With edge computing, AI (artificial intelligence) at the device level, and highspeed connections, data is flowing through wires and the air in unbelievable amounts. And much of that is unencrypted, critical data.
Digital Definitions: What is a Cyberattack?
What Is a Cyberattack?
As usual, the government—in this case the National Institute of Standards and Technology—has a say in defining a cyberattack. An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.
Culled down to the basics, a cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computing devices.
An attacker can be an individual, a collective, a government, or an automated process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent.
Cyberattacks can range from installing spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine data breaches and broader hacking activities.
As researchers from French cybersecurity firm Mandiant put it, the only constant in the cyber realm is uncertainty. Attackers are constantly evolving, becoming more sophisticated and changing their tactics, techniques, and procedures to try to get ahead of defenders.
Organizations have a lot to deal with in 2022 with economic renewal, COVID-19’s lasting impact, infrastructure concerns, and employee issues, but staying cyber vigilant will allow them to defend themselves against threats, present and future, and respond to those that inevitably get past current defenses.
Mandiant published a paper on cybersecurity threats predicted for 2022 and beyond that underscores the need for planning and action at every company connected to the Internet. Among its predictions are some scary concerns for contractors and businesses in general.
As noted, with more IoT devices, more vulnerabilities and more attack points result. As the number of IoT devices increases, there will be more holes to be spotted by bug hunters. These devices are connected, and the overall attack surface extends with the potential for significant impact. Unfortunately, there has not been enough focus on “security by design” of IoT devices to address these issues, so the situation could worsen in the coming years.
But IoT is not the only vulnerable area. Throughout 2021, Mandiant observed that unsophisticated threat actors learned that they could have a significant impact in the OT (operational technology) space, perhaps even greater than expected. In 2022, cybercriminals will continue to explore the OT space and will increasingly use ransomware in their attacks.
Indeed, the threat of ransomware has increased significantly over the past decade, and this upward trend will continue. The use of ransomware is simply too lucrative. Criminal operators engaged in increasingly complex extortion campaigns will continue to find more ways to force their victims to pay by blackmail, social pressure, and direct data theft.
In 2022, Mandiant expects attacks on critical OT environments will cause serious disruption and even threaten lives, increasing the pressure for organizations to pay a ransom. To compound the problem, many of these OT devices are not built with security in the design, and there is a massive increase in the number of vulnerabilities identified in OT environments.
While edge computing and IoT/OT devices are often a weak link, a massive movement to the cloud can present another target. As organizations continue to rely increasingly on the cloud and cloud-hosted third-party providers for key business activities, the pressure on these third parties to maintain both availability and security increases. Mandiant’s number of investigations into incidents involving cloud resources has increased in recent years, and the company expects cloud compromise and abuse to continue to grow alongside enterprise cloud adoption throughout 2022.
According to the 2021 SonicWall Cyber Threat Report, criminal activity soared in 2021. It noted the following:
• Ransomware attacks up 62%
• 109.9 million cases detected of Ryuk ransomware, which locks essential files and demands large ransom fees.
• 268,362 ‘never-before-seen’ malware variants
• 56.9 million IoT malware attempts (66% up on 2019)
One key reason for the rise in activity is the sophistication of the methods available to cybercriminals. Automated tools reduce the attackers’ problem of scale. Today’s hackers are trying to hit as many targets as they can, while at the same time reducing risks to themselves. Automated systems can do this far more efficiently than humans.
Regrettably, the price of these sophisticated tools is tumbling—putting this powerful technology within the reach of more and more criminal gangs. Attackers can buy off-the-shelf, cloud-based products on the dark web.
They don’t even need to be IT-proficient to use them. According to McAfee, cybercrime has become so professional that some hackers even provide 24/7 technical support for customers who do not have a strong computing background. Their customer-friendly services even extend to business models. Criminals can access payment options including revenue share and pay-as-you-go, bringing more and more participants into cybercrime.
To make things worse, criminals are now developing new artificially intelligent tools. These will increase the number of attacks, while also making them stealthier. AI-based malware can enter a system without detection and then subtly change it from the inside. And all it takes is a known vulnerability and they pop up almost daily.
Digging Deeper: A LogJam on the Information Highway
Critical infrastructure is a natural target for ransomware and other attacks. According to Lookout, an endpoint-to-cloud security firm, recent events such as the Colonial Pipeline breach demonstrate that the energy industry is particularly vulnerable to cyberattacks. Hackers exploit vulnerabilities in mobile endpoints to circumvent legacy security systems to gain access to corporate infrastructure, steal sensitive data, and extort money.
Securing mobile endpoints that employees use to do their jobs is imperative to protect enterprise data as iOS, Android, and ChromeOS devices are increasingly essential to digital transformation initiatives. Protecting against mobile phishing and app threats enables energy organizations to prevent cyber-attackers who want to steal credentials and data, or halt operations with ransomware. The numbers are impressive:
- 20% of energy employees were exposed to a mobile phishing attack in the first half of 2021, a 161% increase from the second half of 2020.
- 17.2% of all cyberattacks originating on mobile endpoints targeted energy organizations, making the industry the biggest target of cybercriminals and nation-state sponsored attackers.
- The average mobile-app threat exposure rate was 7.6%—nearly double the average of all other industries combined.
- 56% of Android users were exposed to nearly three hundred exploitable vulnerabilities by continuing to run out-of-date versions of Android OS.
- Riskware and vulnerabilities were the cause of 95% of mobile app threats.
- Regional mobile phishing exposure rates: North America (11.2%), APAC (13.2%), and EMEA (15.8%).
As a growing number of companies rush to explore blockchain applications, the blockchain ecosystem becomes more diverse and dynamic and better supports sustainable growth and innovation. As Microsoft points out, one of blockchain’s benefits is its inherent resiliency to cyber-attack. While not immune to all forms of cyber risk, blockchain’s unique structure provides cybersecurity capabilities not found in traditional ledgers and other legacy technologies.
Blockchains have distinct capabilities in mitigating cybersecurity risk to an IT system. According to Microsoft:
The distributed architecture of a blockchain increases the resiliency of the overall network from being exposed to compromise from a single access point or point of failure.
Consensus mechanisms—a key feature of blockchains—improve the overall robustness and integrity of shared ledgers because consensus among network participants is a prerequisite to validating new blocks of data, mitigating the possibility that a hacker or one or more compromised network participants can corrupt or manipulate the ledger.
Blockchains also provide participants with enhanced transparency, making it much more difficult to corrupt blockchains through malware or manipulative actions. And blockchains may contain multiple layers of security—both at the network level and installed at the level of each individual participant.
Finally, blockchains hosted on a cloud platform, such as Microsoft Azure, feature even greater cybersecurity protections due to the platform’s access controls and many other protections.
Although the focus has been on cybersecurity for internet-connected devices, there is a growing need to address “the other communications network,” the cellular network. As the cybersecurity experts at Thales Group point out, for all the excitement around 5G, security experts know it has the potential to usher in a wave of entirely new threats. Why? Standalone 5G is an entirely new type of network, built on a virtual infrastructure. The 5G Core turns (mostly) physical network components into software.
In previous cellular generations, the physical infrastructure was built on proprietary hardware and software. This provided a level of protection. Indeed, mobile networks largely avoided the data theft that has impacted the traditional computer industry. The move to a virtual 5G core could change that as it uses more standardized systems. This could make it much easier for malicious users to break in.
Indeed, in a recent survey conducted by Telecoms.com when respondents were asked what their main concern was about 5G security, more than 40% said the use of unsecured network technologies concerned them most.
The vast capacity of 5G gives MNOs (mobile network operators) the ability to create smaller virtual networks at the edge of the 5G core. This is called “network slicing.” MNOs can allocate slices to enterprises—so that these organizations can run their own mini-networks customized to their needs.
Yet many of these enterprises will lack the security expertise needed to combat the attacks that come with running a network. As hackers and attackers proliferate, so must those who defend the security of the critical infrastructure and businesses of all types. There is the next area of concern: whether the network in danger is 5G (or 3G or 4G) or IoT/OT, the threats are real, and the defenses are coming online but companies need skilled workers to protect their data. Where will they come from? Microsoft hopes to have an answer.
The company documented, in its recent Microsoft Digital Defense Report, that we’ve entered a new international era that falls short of war but with constant foreign cybersecurity attacks that threaten not only our businesses, but our students, healthcare, and daily lives. Microsoft recognized that no one has a higher responsibility to address cybersecurity threats than leading tech companies, so it increased cybersecurity investments and broadened its efforts, working closely with government and business leaders across the country.
In 2021, it committed $20 billion during five years to advance its own security solutions and protect its customers, as well as $150 million to help U.S. government agencies upgrade protections. In addition, it will be expanding its cybersecurity training partnerships, recognizing the country’s cybersecurity challenges in part reflect a serious workforce shortage.
Microsoft launched a national campaign with U.S. community colleges to help skill and recruit 250,000 people into the cybersecurity workforce by 2025, representing half of the country’s workforce shortage. While some of these individuals will work at Microsoft, the vast majority will work for tens of thousands of other employers across the country.
Currently there are 464,200 open jobs in the United States that require cybersecurity skills, accounting for 6% of all open jobs in the country. And these jobs pay an average of $105,800 per year. Some are full-time cybersecurity jobs, like a chief information security officer, or CISO, while others involve a combination of cybersecurity and other IT functions.
One step up the ladder is an apprenticeship. The NICE (National Initiative for Cybersecurity Education) Community Coordinating Council has a map of cybersecurity apprenticeships in the United States. Programs listed in the NICE Cybersecurity Apprenticeship Program Finder may be registered with the U.S. Dept. of Labor’s Office of Apprenticeship, State-level registrations, or may not yet be registered. Some programs may include youth apprenticeships and pre-apprenticeship training programs. All programs include cybersecurity work role training and development.
Technology and those that develop it are working to remove exploits and protect devices; the next step is to implement these defenses and that requires onsite skills. Plan, prepare, implement is the path for 2022 cybersecurity. Where is your company on that journey?
Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure