The number of cyberattacks have rapidly grown through the pandemic and are showing no signs of slowing down. Around a third (31%) of UK businesses experience cyber-attacks or breaches at least once a week, according to new figures published in the government’s Cyber Security Breaches Survey 2022 report.
In an age of rapid digital acceleration, UK businesses need to bolster their cyber hygiene if they want to stand any chance against an evolving threat landscape. If they don’t, they’ll continue to suffer with the likes of Yodel, a delivery business with major service disruptions after a cyber incident, or even Gloucester Council, whose IT services are still not back to normal six months after a cyber attack.
For organisations to improve their security posture, they need a better understanding of the threats. And currently, there are three threats that UK businesses must watch out for; ongoing geopolitical hacking, vulnerable software builds and distribution environments, and lastly, machine identity-related outages. Each of these pose unique problems to business leaders that, if left unattended, can have damaging consequences.
Threat of geopolitical hacking
State-sponsored cyberattacks have increased over the last year as a form of state espionage amid global tensions and conflicts. The UK is likely to become an ongoing target of foreign hackers, with the Chancellor of the Duchy of Lancaster, Steve Barclay, reporting Britain is now the third most targeted country in the world in cyberspace from hostile states.
One of the ways that state sponsors gain access to a business is by compromising their supply chain software. Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi says it is one of the favoured methods by hackers, especially with the rise of enterprises, in both the private and public sector, creating their own solutions through third-party software.
“Software supply chain attacks are so effective as they enable threat actors to efficiently target a large and diverse pool of companies that use the commercial software to gain access to victims from a single point of weakness. This was true of SolarWinds, which affected thousands of companies as well as many other software providers,” he says.
Another method is more of a blind spot; it is the use of stolen code-signing machine identities, which Bocek says are used by North Korean threat actors alongside other cybercrime groups. He explains that code signing certificates are essentially used to verify the software is properly authenticated and not compromised by a third party. But threat actors can now hijack these identities and pass off malicious software as legitimate.
Lastly, Bocek notes that, “Chinese hacking groups, such as APT41 [are] using secondary malware to infect only those targets that are of interest and once compromised, spreading laterally across victim networks using stolen machine identities in combination with a variety of reconnaissance tools.”
Defending against state-sponsored attacks is no easy feat, especially when they operate in a highly sophisticated manner and are well funded. The first step is for businesses to close their blind spots and gain visibility into who is using their software and machines, make sure they have trusted users in their systems and networks. Bocek believes the automation of machine identity management can bolster security defences and close this visibility gap.
Security risks in software build and distribution environments
In an era of digitisation and in a race to innovate quickly, organisations, or more specifically developers, have embraced open source solutions for faster application delivery. But this pressure to meet tight deadlines often comes at the cost of security, with developers bypassing the traditional protocols and checks set out by security teams. Research reveals that 87% of CIOs believe that software engineers and developers compromise on security policies and controls in order to get new products and services to market faster, which consequently makes systems vulnerable to exploitation and cyberattacks.
Nothing proves the susceptibility of developer environments more than high-profile attacks such as SolarWinds and the exposed vulnerability of Log4J. If nothing else, the success of these attacks has only encouraged other hackers. It’s clear businesses have to be better at making security an overall concern between developer and security teams.
“This is where concepts such as fastsecure come into play. Fastsecure is a developer mindset that embraces both speed and enables greater levels of secure digital transformation, the same way a Formula 1 team has to push the limits of speed without crashing. The goal is to ensure that security and speed aren’t mutually exclusive, and to make security easy and consistent for developers,” Bocek says.
Complex cloud-native environments and machine identities
Digital transformation initiatives and the shift to the cloud have meant explosive growth in machine identities. Like manging regular human identities on corporate networks, machine identities are the unique credentials needed to access to virtual devices, containers, software, and applications. Every machine identity certificate has its own expiration date and if companies can’t renew or reissue it in time, the result is an outage on the system.
Research currently estimates that organisations expect their machine identity inventory to more than double to at least 500,000 by 2024. This immense growth in machine identities means organisations need step up their security. In the last 12 months alone, 83% of organisations have suffered a machine identity related outage. Even the likes of Spotify and Microsoft have suffered certification-related outages that brought down their services.
And with IT ecosystems becoming more complex, organisations need to update their processes when it comes to managing identities. Bocek suggests automation, as it gives developers both speed and security. “Keeping track of machine identities, rotating them, and replacing them manually is impossible at the current scale. So, companies must automate management in order to prevent breaches and outages as digital transformation in the cloud marches on relentlessly.”
These days UK businesses need to be wary of an ever-growing list of cyber threats and it is difficult for know where to start. To strengthen the country’s cyber hygiene, the National Cyber Security Centre (NCSC) published a 10-step guide on how businesses can better protect themselves in the cyberspace. Some of approaches include getting organisations to think about how they are managing their assets, data, identities, and supply chain.
Strong cyber defence comes from staying up to date with the threat landscape and paying attention to the methods and tools being used by attackers. And it’s time that UK businesses prepare themselves for accelerating cyber threats.
