Could we have survived or avoided the cyberattack that happened to SolarWinds? That’s probably a question many IT leaders and decision-makers were asking themselves when the unfortunate incident occurred.
The supply chain attack became the ‘talk of the town’ for several days as it compromised many large enterprises and government agencies. It didn’t come as a major surprise, only because cyberattacks are becoming increasingly frequent and sophisticated, especially since the pandemic hit.
With COVID-19 drastically changing the way businesses operate, companies were on a major digitisation spree as they adjusted their working styles to the new normal.
Working from home became a default, automating processes and operations, bringing customer experiences online and introducing digital products and services or solutions – these evolving business needs require robust network and IT infrastructure to support.
To cater to the growing network and bandwidth demands, more and more companies have opted for a hybrid infrastructure.
According to Splunk’s State of Security Report 2021, 75% of cloud infrastructure users are currently on multi-cloud, and two years from now, 87% expect to use multiple cloud service providers.
APAC companies surveyed in this study also anticipate 56% of business-critical workloads to be cloud-native 24 months from now.
Rapid cloud and IT infrastructure adoption, while it offers a plethora of benefits and new business opportunities, do add more vulnerable attack surfaces for bad actors to infiltrate. Organisations’ security posture is at risk if the right security measures are not put in place.
Editor’s choice: PodChats for FutureCIO: Fixing the top 3 security mistakes CIOs make
Security teams’ jobs are getting harder by the day
There’s no sleep for the wicked, and it aptly describes the bad actors who work relentlessly to infiltrate companies’ networks and IT systems.
According to the latest annual report by Cyber Security Agency of Singapore, ransomware cases were on the rise in 2020, with a total of 89 ransomware cases reported to the agency last year, a “sharp rise” of 154% from the 35 cases reported in 2019.
It mainly affected the small and medium-sized enterprises (SMEs) from sectors such as manufacturing, retail, and healthcare.
No doubt that IT and security teams have their work cut out for them. 49% of respondents of the Report say security is a harder job than it was two years ago, and the leading security challenges were: addressing the increasingly sophisticated threat landscape (48%), moving more workloads to the cloud, resulting in increased difficulty in monitoring attack surfaces (32%), as well as staffing the right workforce for the job (28%).
It is also worth noting that not many companies have the resources or capabilities to staff a dedicated IT and security team to run extensive cybersecurity operations, such as a 24/7 security operations centre (SOC).
There were about 1,100 cybersecurity-related job postings in Singapore in 2020, according to data analytics firm Burning Glass Technologies. This further echoes the lack of cybersecurity and data protection talent in the island republic.
With these hurdles ahead, it is no wonder that cloud security remains the top security challenge driving investment. 88% of organisations surveyed in the Report say they are increasing security spending, with 35% saying they are “increasing significantly.”
Taking strategic actions to keep up with intensifying security challenges
Security teams across sectors today need a cutting-edge command centre to defend an increasingly amorphous battleground against a diverse, ever-improving set of threats and adversaries.
To avoid a similar incident like the SolarWinds attack, security teams need the right tools and strategies to stay ahead of the game and mitigate risks or potential threats before they turn into a security nightmare.
They can look at the following technologies and techniques to modernise their company’s SOC:
- Zero trust approach: This approach minimises security risks as it is focused on users, assets and resources rather than a network perimeter. It also rigorously authenticates the end-user and is a necessary strategy shift for a more fragmented and distributed security environment.
- Security operations process automation: It helps identify and respond to attacks without human intervention, and is faster than a live actor could manage. Security orchestration, automation and response (SOAR) and user and entity behaviour analytics (UEBA) are often where automation makes its mark.
- Modern SIEM: SIEM (or security information and event management) systems offer full visibility into activity within companies’ networks, empowering them to respond to threats in real-time.
- Training and upskilling: Improve the effectiveness of companies’ analysts by upskilling with automation and analytics training in order to reduce the number of tools required to get the job done.
In a complex, multi-cloud, multi-service environment, it is essential to have visibility across all business applications data, not just traditional security data. This highest-level, end-to-end perspective is vital not only to security and compliance efforts but to successful business development and operations as well. A consolidated view of the data creates a single source of truth for security and IT teams.
Companies also need to improve their ability to see suspicious lateral movement within their networks. Whether bad actors sneak in through a vendor’s software patch or an employee’s stolen credentials, companies need to be able to spot them as they slither through networks in search of valuable data.
To sum this up, yes, companies will be able to prevent similar incidents from happening by ensuring they have a strong security posture. The SolarWinds attack has indeed become a great learning opportunity, if not, a reminder for companies to ensure cybersecurity is not an afterthought. Companies need to start taking strategic actions that’ll help them stay five steps ahead of bad actors, in order to prevent any potential cyberthreats from occurring.