Skip to main content

Five cybersecurity lessons learned in 2021

(Image credit: Image Credit: Geralt / Pixabay)

The pandemic’s effect on life, work, and business operations has been profound. As organizations were forced to adapt in 2020, resilience and flexibility became key markers of success, making businesses better positioned to respond to a crisis. In 2021, reactionary efforts gave way to refinement: organizations were no longer trying to survive the waves of changes and restrictions; they aimed to thrive in the new normal.  

As 2022 draws near, we have an opportunity to analyze the challenges of 2021 and glean insights into how we can make our businesses even more resilient and more secure. Here are five critical cybersecurity lessons learned in 2021. 

1. Having visibility and control over remote endpoints is vital.  

In 2020, forecasts had us believe a return to normal was imminent. However, 2021 had other plans. The Delta variant made suppression more difficult. Lockdowns returned, restrictions were reintroduced, and employees newly back in the office went back home.  

Now, we see that remote work is unlikely to disappear in 2022. On the contrary, Gartner predicts that the hybrid work model will shift from a force majeure measure to a trend. In fact, analysts expect that by 2023, 75 percent of organizations that choose this model will stay ahead of competitors. However, delivering a frictionless, robust, and secure experience for a remote or hybrid workforce will require CIOs to make major technical and service changes. 

In particular, controlling devices and keeping them up to date is more challenging when employees are remote, since sysadmins cannot access them with traditional IT management tools. Critical tasks include timely patching of employees’ devices, managing software, and providing remote workers with high-quality IT support. Lack of such capabilities can lead to attackers exploiting vulnerable devices, the rise of the shadow IT, downtime, and other costly consequences.  

2. Adopting a Zero Trust model is essential. 

Poor access controls have been the scourge of 2021, with many large-scale attacks made possible by weak passwords. Microsoft recently warned about an increase in password spray attacks targeting privileged cloud accounts and high-profile users such as C-level executives.   

To defend themselves, organizations should implement advanced access controls such as multi-factor authentication (MFA) — ideally, as part of a broader Zero Trust strategy. Zero Trust improves security with techniques like checking the identity and integrity of devices regardless of location and combining the results of those checks with user authentication to make decisions about access to applications and services.  

3. Manual approaches to patching are no longer acceptable. 

Applying patches issued by software vendors as soon as possible is essential to mitigating vulnerabilities and keeping devices protected from hackers. Unfortunately, recent cases like the Microsoft Exchange Server hack have demonstrated that too many organizations lack the robust patch management required for strong security. Attacks on Microsoft Exchange Server were first noticed in January 2021, and when Microsoft deployed a fix on March 2, the number of attacks quickly escalated to thousands each day. Yet, months later, many servers remained unpatched, and in June, Sophos discovered new ransomware leveraging the unpatched Exchange weaknesses. Even recently, experts have warned about 30,000 Internet-facing Exchange Servers that remained unpatched. 

Why do some organizations fail to deploy patches promptly? It is not that they fail to understand the importance of patching; rather, it’s that lack of automated patch management makes the patching process difficult, time-consuming and error-prone. According to a recent Action1 survey, 59 percent of organizations automate only OS patches and update their other software manually, and 14 percent manage all patches manually.  

In 2022, organizations must make automated patching across remote and office-based endpoints a priority. It is crucial to ensure IT teams can easily and accurately identify missing patches and deploy them to all machines efficiently. 

While plenty of experts flagged the importance of cybersecurity awareness training early in the pandemic, recent statistics remain worrying: 85 percent of data breaches involve human error. One particularly successful strategy for cybercriminals in 2021 was exploiting Covid-19-related concerns — for example, using phishing emails to deploy ransomware.  

Ensuring security in the coming year will require a better approach to cybersecurity training. organizations must clearly communicate how cyber-safety practices benefit both the company and the individual — employees must know that their personal information and their livelihood are on the line. Training needs to be tailored to employees’ specific roles and include everyone, from front-line workers to executives. Training should be mandatory and frequent.  

It’s also critical to establish the workflows that meet employees’ real on-the-job needs, so they are less tempted to bypass cybersecurity guidance for speed and convenience.

5. Ransomware is on a rampage, and organizations should be ready to respond.  

Ransomware attacks soared by 148 percent in 2021, and spread to targets in just about every vertical, from local governments to healthcare to energy to technology. Moreover, as hackers employed more aggressive tactics, the average payment climbed 82 percent to $570,000 and the average total cost of recovery more than doubled in 2021, reaching $1.85 million. The total cost of ransomware is expected to reach a staggering $265 billion by 2031.  

While employee training and strong technical controls are vital to reducing the risk of ransomware infection, security teams must have an effective response plan in case those defenses fail. The plan should document which security tools have ransomware prevention, protection, or recovery functionality, and identify the incident response team and their roles. In addition, the plan should cover:

  • Determining whether an incident is a ransomware attack 
  • Analyzing the scope of the infection 
  • Containing the threat by disconnecting the infected systems from the network 
  • Assessing what type of ransomware it is 
  • Eradicating the infection 
  • Recovering from the incident 
  • Reporting on what happened 
  • Learning from the attack  

It’s critical to test the plan on an annual, quarterly, and even monthly basis to ensure that systems infected by ransomware can be restored from backup in a timely way. 

Plan now for a safer 2022.  

2021 is on track to be a record year for breaches. Hackers are becoming more targeted and systematic in their approach, and consequences are becoming more costly and severe. This new level of cyber threat comes at a time when the world is more dependent on IT. As we move into the new year, learning from the past can help us become more resilient. 

Alex Vovk, CEO and Co-Founder, Action1