Despite continued success with proven methods like ransomware, cybercriminals are constantly looking for new ways to breach security. As institutions continue navigating the risks and challenges, it is imperative to stay informed of existing and emerging cybersecurity trends.
Before we explore the cybersecurity landscape for 2022, let’s look back at cybersecurity events from 2021 and review lessons learned.
A Look Back at Cyberattacks in 2021
While the full scope of cyber events in 2021 is too vast to cover, here are a few of the major cyberattacks that occurred—and it should be a warning to all organizations that ransomware makes several appearances.
In May 2021, a ransomware attack targeted one of the nation’s largest pipeline companies, resulting in a nearly $5 million ransom payment, disruption of fuel supply and even panic at gas pumps in certain regions of the country. JBS—one of the largest meat processing companies in the world—was also hit with a ransomware attack, paying $11 million to keep its data safe.
In early July 2021, Kaseya—an IT solutions developer for managed services providers (MSPs) and enterprise clients—announced it was the victim of a cyberattack. Hackers carried out a supply chain ransomware attack by exploiting a vulnerability in Kaseya’s software against multiple MSPs and their customers. It’s estimated that up to 1,500 businesses were affected by the attack and experienced ransomware compromise, including financial institutions.
These cyber events reinforced that your institution should remain vigilant and embrace strategies to strengthen your cybersecurity posture, including prioritizing regular data backups, employee cybersecurity education and real-time incident response.
Download our brochure to find out how CSI Managed IT and Cybersecurity solutions maximize your investments in technology and strengthen your defenses.
A Look at the Future Cybersecurity Landscape
We’ve reviewed the major cyber events of 2021, but what does the cybersecurity landscape in 2022 have in store? Here are a few cyber threats that are likely to plague the financial services industry in the coming months and ways your institution can combat each risk:
The Ransomware Battle Continues
The method of choice for many cybercriminals, ransomware encrypts files to hold for ransom and locks out the authorized user after its installation. Since ransomware attacks pose little risk to the hacker, provide a speedy pay out for criminals and are perpetuated with relative ease and anonymity, institutions should remain on high alert to identify and combat these attacks.
Ransomware can be crippling for institutions, especially if regular data backups are not maintained. The ransomware global attack volume skyrocketed by more than 150% for the first of half of 2021 compared to the previous year—and this trend is showing no sign of slowing.
If a threat such as ransomware makes it past prevention tools, threat monitoring and management become paramount. A Security Information and Event Management (SIEM) solution delivers insight and control of cybersecurity, providing incident response to any network threats or vulnerabilities in real time. A SIEM collects and holistically reviews event logs of devices throughout a technology environment, detecting and remediating any security events.
Many institutions opt for a SIEM-as-a-Service (SIEMaaS) model to handle the burden of monitoring and reduce costs, both upfront and ongoing. With SIEMaaS, a third party—such as a managed security service provider (MSSP)—collects all event logs and sends them to an outsourced SIEM. Alerts produced will go directly to the internal IT team or an outsourced security operations center for investigation and review.
Increased Surface Area for Attacks
It’s no secret that hybrid workforces and cloud-based applications have become more common, and this reality has greatly increased an institution’s surface area for vulnerabilities.
This surface area extends to endpoint devices, or any device that can be used to access an institution’s network. Endpoint devices represent another area of interest for hackers, especially since many organizations made changes to the location of various endpoints when shifting to remote work. Since many institutions have varying levels of attention and protection for different types of endpoints and many users fail to maintain up-to-date patches or protective software, effective endpoint detection and response is critical for institutions.
Endpoint detection and response (EDR) monitors specific endpoints, identifying anomalies and blocking malware using advanced threat intelligence. EDR stops the spread of malware in an infected system through detection, isolation and remediation. Additionally, EDR solutions are also an effective strategy to protect against zero-day exploits, which are vulnerabilities with no available patches.
Configuring to Avoid Cloud-Based Attacks
Many organizations are migrating more of their infrastructure to the cloud, prompting cybercriminals to shift more of their efforts to cloud-based attacks. Institutions must ensure their cloud infrastructure is securely configured to prevent harmful breaches. Cloud technology offers a variety of security advantages, but when a breach does occur, it is typically the result of a bad configuration. Institutions should also ensure they are quickly implementing security patches when available to avoid vulnerabilities being exploited.
Partnering with a cloud services provider or MSSP that understands the cybersecurity and regulatory requirements of financial institutions will help enhance the integrity of IT systems. Institutions should leverage their expertise and understand the controls they have in place to mitigate risks during and after a cloud migration. In addition, institutions should properly vet cloud service providers as part of vendor due diligence efforts.
Even with the most sophisticated cybersecurity monitoring tools, employees remain the first line of defense against cyber threats. Unfortunately, the “people factor” can also be an institution’s weakest link and represent the greatest risk. Continuing to educate employees on cybersecurity best practices is critical to strengthening your front line of defense against attacks.
Cybercriminals recognize that employees represent a significant risk, which is why they target them with phishing and other schemes in efforts to gain access to systems and networks. To keep employees on guard and up to date against prevalent social engineering schemes, your institution should prioritize continuous cybersecurity training and awareness campaigns in the coming year that provide information on the latest threats.
Growing Threat of Supply Chain Attacks
This type of attack is an increasingly popular method to distribute malware and will likely continue plaguing organizations, as cybercriminals use them to target providers, customers and others in the supply chain. A supply chain attack occurs when a bad actor targets a software vendor to deliver malicious code through seemingly legitimate products or updates. Supply chain attacks allow a fraudster to compromise distribution systems to potentially create an entryway into the networks of the supplier’s customers.
According to the National Institute of Standards and Technology, not only can bad actors use the compromised software vendor to gain privileged access to a victim’s network through hijacking updates or changing code, but also they can bypass perimeter security measures and often re-enter a network using the compromised vendor.
The Importance of Cybersecurity Compliance
As cyberattacks continue to make headlines, regulators are continuing to place greater emphasis on cybersecurity compliance. And a key strategy for enhancing your institution’s security infrastructure and compliance posture is understanding where weaknesses or vulnerabilities exist through vulnerability scans and penetration tests.
A trusted partner familiar with the complex regulatory requirements of the financial industry will help keep your institution up to date with the latest regulations while mitigating risk. An MSSP will also work with you to prepare for examinations and audits, further strengthening preparedness for cyber threats while meeting regulator expectations.
Embracing a Layered Approach to Cybersecurity in 2022
Organizations should take a layered security approach to maximize protection efforts, especially as the cyber threat landscape evolves.
As your organization looks to strengthen your cybersecurity posture in the new year, download our brochure for a firsthand look at how CSI Managed IT and Cybersecurity solutions maximize your technology investments and enhance security.
Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.