Published on February 17th, 2022 | by Sunit Nandi
06 Things We’ve Learned About Information Security Since 2020 — Key Takeaways
The digital threat landscape has been evolving since the first computers plugged into the nascent World Wide Web decades ago. Unfortunately, that evolution has given rise to ever more sophisticated and subtle threats.
The coronavirus pandemic and its aftermath mark a new era in cyber security. As dispersed work becomes the norm and private homes become corporate endpoints, it’s more important than ever for organizations and individuals to understand the nature of the threats they face.
Those threats take many forms, from the sophisticated and nebulous ones that firms like Alcogal and Asiaciti Trust experienced in 2021 to the low-tech nuisances that target private email users. Let’s take a look at what we’ve learned about digital security over the past two years and what these lessons can tell us about the future.
1. Ransomware Activities Are Becoming More Sophisticated (And Costly)
The threat of ransomware has grown dramatically in recent years. This type of malicious cyber-activity is now recognized as a major threat to enterprises of all sizes, including smaller entities that don’t make news when they’re affected.
In a ransomware event, the perpetrator locks and encrypts the affected device, effectively freezing out its rightful user. They demand payment — a ransom — to unlock the device. There’s no guarantee they’ll hold up their end of the bargain or that the affected device’s data will be usable afterward. So it’s best to take steps to avoid ransomware altogether.
2. The Insider Threat Is Ever-Present
Like ransomware, the malicious insider threat has only recently earned the notice it deserves. In reality, it has been present for decades, since well before anything we’d recognize as the modern Internet. The sad truth is that employees have always become disgruntled for one reason or another, and some have been willing to act on these negative feelings.
But just as ransomware perpetrators have more sophisticated tools than ever at their disposal, malicious insiders are increasingly adept at taking information or causing internal harm without detection. If you don’t already have them in place, your organization needs strict protocols to limit and monitor access.
3. Strong Digital Security Protocols Can Reduce the Threat Area
About those protocols. The most important is the principle of least privilege (sometimes, permission) — which holds that network users need only those access permissions that they must have to do their jobs effectively. In the case of most users, these permissions are scant indeed. For higher-ranking employees and security roles that do legitimately need near-universal access, a plan to “watch the watchers” is key.
4. After Data Loss, Mitigation Is Key
You aren’t guaranteed to find out who is responsible for your organization’s data loss or even when it occurred. That’s the case with the event that affected Alcogal and Asiaciti Trust, both of whom (along with other affected organizations) saw no evidence of digital intrusion.
What’s more important than assigning blame is cleaning up quickly and fulsomely. It’s in your organization’s best interest both to mitigate the extent of the loss and ensure that the event doesn’t unduly harm your enterprise or its reputation.
5. Everyone Needs a Crisis Communications Plan
Mitigation has two sides: internal and external. A crisis communications plan is among the most important external mitigation efforts you can undertake, although a comprehensive plan will have internal elements as well. (You’ll need to inform affected teams and departments, for example.)
It’s best to put this plan together before you need it. If you have the resources to do so, you should rehearse its implementation, just as you rehearse for fires or other incidents that may affect your organization.
6. Corporate Cyber Security Is Everyone’s Business
Unfortunately, an incident that affects one organization doesn’t necessarily stay with that organization. Many cyber events target multiple individuals and entities at once, and even those with more specific targets may have spillover effects. In 2021, we saw what can happen when ransomware compromises critical infrastructure in the Colonial Pipeline incident, for example. And the incident that affected Asiaciti Trust also ensnared global financial companies like Fidelity, with ramifications for millions of retail clients.
Will the Future Be More Dangerous Than the Past?
A fast-changing threat landscape leads us to ask an uncomfortable question: Will the future of digital security be more dangerous than the past?
The answer to this question is unknown. The future could be even more perilous than today’s reality, or some new set of conditions could arise that make it more civilized and equivable. We won’t know until we get there.
In light of our collective recent experience, however, it makes sense to assume the worst. Or, at the very least, to assume that things will get worse before they get better — that we’ll see more big, sophisticated data incidents of the sort that affected Alcogal and Asiaciti Trust.
Looking ahead, perhaps our motto should be: Hope for the best but prepare for the worst.