As we near the halfway point of 2022, cybersecurity remains a major issue. That, of course, is not new, nor is it surprising. The thing about security threats, though, is that even old news is still news — and “old” doesn’t diminish the impact of security threats.
Russia’s war on Ukraine has created an increased need for awareness, even if the threat from Russia itself is nothing new (in its 2021 Digital Defense Report, Microsoft observed 58% of all cyberattacks from nation-states came from Russia, and the top three countries targeted were the U.S., the UK, and Ukraine). Following the Russian invasion, the White House issued a statement on the need to “improve domestic cybersecurity and bolster our national resilience” — which, let’s face it, is also nothing new. President Biden’s statement implored the private sector to “harden your cyber defenses immediately. … You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely.” And while a large-scale cyberattack has yet to materialize as part of the conflict, the warning remains applicable in day-to-day life.
War or no war, the threat landscape keeps on growing and changing. It’s now been just over two years since the world shifted to working from home, and just under two years since we began talking about the return to the office. But while the C-suite and Gen Z fight the “remote or nothing” battle and tech firms use booze and Lizzo to try and convince workers the office is a fun place to be, the security ship has already sailed outside the office walls. Gartner has named “attack surface expansion” its top cybersecurity trend in 2022, noting that the increase in remote work combined with “changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems have exposed new and challenging attack ‘surfaces.’” And those new surfaces must be protected — from threats both new and old.
We hosted a webinar with WatchGuard in April that provided a look at the threat landscape. You can view the whole recording here, but here’s one takeaway: Spear-phishing, which has been around since the 1990s, remains a top threat — 90% to 95% of breaches start with a spear-phishing attack. Yes, despite all our awareness and education efforts, people still click phishing emails, which leads to compromised credentials, which leads to security breaches — and old security tactics won’t save you. “No single defense will protect you completely,” warns WatchGuard’s Marc Laliberte. Layered defenses — a combination of network and endpoint security — are essential. He emphasizes how easy it is for an attacker to take any compromised account and elevate its level of access to the entire network. And of course, when it comes to MSPs, which hold the keys to multiple client kingdoms, the threat is further exacerbated.
I recently spoke to Raffael Marty, ConnectWise’s general manager, cybersecurity, about their new Incident Response Service, a service offering for MSPs and their clients to respond to attacks and recover from security incidents. He reiterated the importance of a multilayered defense. He also emphasized the importance of software updates, as old, unpatched systems remain the biggest threat — despite lessons ostensibly learned from the 2017 WannaCry attack. “If you have a car parked on the street that’s unlocked and there’s a bag in there, they will open the door. If you start locking it, they have to smash the window and they’re [less likely] to do that. Deploy patches. Make sure your software is up to date,” he stresses.
Lest we feel too bad about our continued vulnerability to ransomware, however, Marty points out that we’re fighting a huge industry. “You’ve got ransomware as a service, and they literally have support that you can call … they’re really professionally set up.” And, he notes, there is a pyramid of solutions available — from premium products down to cheaper, recycled threats. In this way, the ransomware market is not unlike eBay — you’ll pay big bucks for new, still-in-the-box products, but there is also a market for older, recycled ransomware that may or may not work. It sells for less, but still earns the sellers a profit.
Don’t kid yourself into thinking that all old ransomware is less of a threat, though. Laliberte noted the bulk of zero-day malware, which tends to get past signature-based anti-malware programs, is months or even years old because it is easier to mask. Just like retail, there is often unseen value in vintage items.
So as we head toward the second half of the year, the lesson seems to be that everything and nothing is new, that we can and can’t predict what’s next, and that we should expect the unexpected while continuing to prepare for what’s predicted. So excuse me while I update the antivirus protection on my Mac, add MFA to my Facebook account, and check the news for the latest on Russia while listening to Cold War-era Spotify playlists. There may be nothing new under the sun, but for better or worse, there’s still a lot of mileage in old things.