Top Cybersecurity Lessons from 2022 for Security Teams – Part 1

Written by

In 2022, the cybersecurity industry has continued to battle against the expanded threat landscape brought about by continued digital transformation and the new reality of hybrid working.

Attackers are constantly adapting their techniques, while the cybersecurity industry is becoming increasingly adept at mitigating these threats. In this game of cat and mouse, Infosecurity has observed a number of lessons that security teams can take from 2022 into next year and beyond – here is part one of our list:

Reducing Reliance on Passwords is Crucial

According to Verizon’s 2022 Data Breach Investigations Report, more than half of cyber-attacks in 2021 resulted from stolen credentials. This demonstrates that organizations should not be solely relying on passwords to protect their networks.

Often, employee credentials are not difficult for threat actors to crack or even simply access. Darren James, head of IT, Specops Software, said: “We have seen a substantial increase in the number of breached leaked passwords – our complete database of unique passwords has nearly doubled in size 2.7 billion to 4 billion in 2022. Stolen credentials are still a valued commodity on the black market and when used alongside poor 2FA or MFA choices, still prove to be a major vulnerability.”

The most obvious mitigation is to implement multi-factor authentication (MFA) for staff, which can significantly reduce the number of account compromises taking place.

Brad Crompton, director of intelligence for Intel 471’s Shared Services, noted: “Several businesses this year have fallen victim to compromises and having data stolen and sold or encrypted by ransomware, many from the use of an active compromised credential and no MFA in place. Having MFA in place can often thwart attacks in their early stages, saving businesses thousands, if not millions, of dollars, preventing sensitive data being leaked and preventing reputational damage.”

This year has also seen encouraging developments in the availability of passwordless methods of authentication, including biometrics, secure single sign-on and passkeys. This is making it easier for organizations to start implementing alternative methods of authentication across their networks.

For example, in May 2022, tech giants Apple, Microsoft and Google announced plans to support the FIDO Alliance and World Wide Web Consortium (W3C) standard, making it easier for websites and apps to deliver end-to-end passwordless authentication via fingerprint/face scan or device PIN.

Zane Bond, director of product management at Keeper Security, commented: “In order for there to be practical and widespread implementation, platform vendors must standardize what it even means to go passwordless.”

Supply Chain Monitoring is as Important as Internal Cybersecurity Measures

The enormous threat of supply chain attacks was highlighted with the SUNBURST attack, which was discovered at the end of 2020. The ability to compromise a large number of organizations via a single compromise has become a growing problem since then, with incidents like Kaseya pushing this issue to the fore in cybersecurity.

In October 2022, research by BlackBerry found that 80% of organizations have been notified of a vulnerability or attack in their supply chain software in the past 12 months.

Addressing the cybersecurity of third parties across often highly complex and digitized supply chains is a major challenge for organizations going forward.

Jamie Akhtar, CEO and co-founder of CyberSmart, noted: “Cyber-criminals worked out some time ago that the best way to attack big companies is through the weaker links in their supply chain. However, the business community has, on the whole, been slow to address the problem.”

The situation has become so serious it has led to government interventions. Earlier in 2022, the UK’s National Cyber Security Centre (NCSC) published guidance for businesses on how to better assess cybersecurity across their supply chains, such as recommending that cybersecurity expectations are written into the terms of supply chain contracts.

Similarly, in the US, the Cybersecurity and Infrastructure Security Agency (CISA) published a three-section series on securing the software supply chain.

With increasing awareness of supply chain threats and how to mitigate them, organizations must take action to monitor and ensure third parties are adhering to strong cybersecurity protocols.

Intel471’s Crompton argues that monitoring for third-party compromise is a huge cybersecurity lesson that can be learnt from 2022.

“While your organization may have advanced cybersecurity procedures in place, not all do. Many of these businesses are third parties who provide a service to an organization are compromised by threat actors with different end goals. However, the more advanced threat actors can and will move laterally through third-party organizations with an end goal of compromising a much larger business,” he explained.

Patch Management Remains an Ongoing Challenge

The endless cycle of monitoring and patching software vulnerabilities shows no sign of abating, despite a growing recognition of the need to implement security by design principles into computer hardware and software. Some vulnerabilities, such as Log4j, can be particularly damaging and continue to be exploited over the long-term.

Microsoft’s monthly ‘Patch Tuesday,’ is testament to the ongoing battle to fix vulnerabilities before they are exploited by threat actors.

As reliance on digital technologies grows, the patch management process is becoming increasingly challenging, something cyber-criminals are very aware of. “With an average of over 50 new vulnerabilities released daily, it is becoming extremely hard for enterprises and small businesses alike to keep up with the patching cycle,” observed Etay Maor, senior director of security strategy at Cato Networks.

In this environment, security teams must increase their technical and human capabilities to quickly detect and respond to security vulnerabilities.

Crompton said: “It’s paramount that organizations take stock of their tech stack and patch any vulnerabilities as soon as possible. Threat actors will take advantage of these vulnerabilities, which if left unpatched can have a crippling impact on businesses. Where patches are not available organizations should follow mitigation advice to ensure that they are as safe as they can be whilst waiting for a patch.”

What’s hot on Infosecurity Magazine?