Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Ransomware, Nation-States, and the Rise Of Segmentation
By Dave Klein, Senior Director of Cybersecurity,
Guardicore
2020 may have been the most difficult year for
cybersecurity yet. Ransomware devastated industries from financial services to
healthcare and others, while nation-states proved they're better at hiding than
ever before. As these threats are unfortunately sure to expand in 2021, it's
hard to overstate the critical role CISOs will play this year.
On the cyber threats that are looming large in 2020,
and set to expand in 2021....
- Ransomware will continue to be
very devastating. The attacks are now heavily targeted and
implemented by very sophisticated criminal organizations who do their
homework. Furthermore, most now have a data exfiltration and
blackmail component where they heist your intellectual property or PII
you may have on hand, and threaten to release if you don't pay. Even
worse, they are no longer looking for $100 to unlock your personal
laptop. These criminals are hijacking large corporations like Pemex
and Garmin and taking down their entire computing infrastructure.
The final thing is where they once were avoiding attacking healthcare
facilities, they now have chosen to specifically attack them and in one
case in Germany actually leading to a fatality.
- Nation state actors are
doubling their efforts in espionage and are now threatening real-world,
physical targets. We've seen them become more brazen going after
water treatment plants in Israel for example to attempt cause real world
harm and even deaths. In the US and the UK we've seen major
government warnings against power grid/critical infrastructure targets.
Finally, we've seen attacks by Nation state actors in China and
Russia against US, UK and Canadian COVID-19 vaccine research. These
two countries are not only trying to steal the work being accomplished
but are even trying to sabotage/hinder the research being done.
Even more egregious there are claims that these two countries are trying
to effect refrigeration in the distribution of these vaccines, all of
which need refrigeration to work.
On the strategies CISOs should follow in 2021....
- CISOs need to make the above
threats a board room discussion and seek funding for cyber
initiatives. Organizations that are successfully countering the
threat of cyber-attacks are typically pursuing at least seven
strategies. It's important to note however that no organization can
say that it's cyber defense strategies are complete. It's a rolling
process.
- CISOs can simplify and prioritize the work in a systematic fashion
by incorporating the Zero Trust framework. By simply starting, you improve
your chances of detecting attacks and you increase your chances of defending
against them. In cases where you are hit, you improve the chances of surviving
and recovering gracefully.
- CISOs must adopt micro-segmentation practices. As Zero Trust
discusses, the end of the enterprise edge is nigh. We need to move away from
the reliance on perimeter firewalls/edge security and instead shore up our
software-based segmentation throughout our enterprise workflow. With
software-based segmentation you replace the complexity of VLANs, firewalls and
cloud security groups with a platform agnostic, simplified, fast and granular
method to segment across your entire environment. Even when applied
sparingly you decrease an attacker's ability to land and even more to move laterally
across the environment. Add to this software-based segmentation to allow
for identity based segmentation which when working from home allows us to
better secure our critical applications and infrastructures as users work from
home.
- CISOs need to plan for this "new normal" to continue into 2021.
Even after the vaccine is distributed, we will find that since our workforce
was able to work remotely, some of this will continue on forever more,
permanently changing how we work and collaborate. Therefore, it is
important that CISOs look at their remote workforce and find better methods for
access. For example, looking at VDI platforms to better control the
user. Using identity based, zero-trust software-based segmentation, SDN
and other methods for access that transcend legacy VPN methods of connectivity
is required.
##
About the Author
Dave Klein is Senior Director Engineering &
Architecture at Guardicore. He has over 20 years of
experience working with large organizations in the design and implementation of
security solutions across very large scale data center and cloud environments.
At Guardicore, David leads the engineering team in North America, assisting
Guardicore customers in architecture and implementation of advanced data center
security solutions for micro-segmentation and for the detection, containment
and remediation of security breaches.