If the opinion of every UK business leader was surveyed back in February 2020, it's very likely cybersecurity wasn't at the top of their priority list. Fast forward to December 2021, and the reality is very different. Steep rises in data breaches, ransomware attacks and phishing scams in recent months, means many organisations are frantically trying to bolster their security operations, in a bid to keep pace with the evolving and progressively more complex cyber threat landscape they are now facing heading into 2022.
Taking stock, I am hoping we will look back on 2021 as a defining year and turning point for enterprise cybersecurity, not only in terms of what has been learnt, but also the level of research that is now taking place across the industry. After all, 2021 has been the year the world came to terms with a new and progressive hybrid way of working, so it's never been more important for businesses to analyse the latest insights and data in order to improve their cybersecurity knowledge. While there is no silver bullet to guaranteed protection, here are four key learnings that can be taken from this year's research.
1. Approaching cybersecurity operations holistically can mitigate risk
One of the biggest misconceptions is that only older types of devices or software are susceptible to cyber attacks. While there is some substance to this argument, the reality now is that every type of stack, device or software is a susceptible entry point because of the evolving threat landscape. The National Cyber Security Centre (NCSC) recently said it has tackled a record number of cyber incidents in the UK over the last year, as a result of the different types of attacks businesses are now being faced with. The variety of threats means just one point in their infrastructure needs to be vulnerable in order for their entire operations to be wiped out. Therefore those businesses that are already assessing their cybersecurity operations holistically and proactively pinpointing their areas of weakness to make positive changes will definitely be better equipped to combat any threats coming their way in the future.
2. TCP/IP stack and RTOS defence continues to be key
If there is one learning organisations can take from this year, then it is prioritising the protection of the software components on embedded devices, such as TCP/IP stacks and RTOSes, being used across their networks. During 2021, these entry points have been the most prominent targets for research and could soon become the most prominent for cyber crime as bad actors continue to analyse weak links within a supply chain. Over the last 18 months, our research study Project Memoria has identified 97 TCP / IP stack vulnerabilities alone across several critical industries, unearthing 422 impacted vendors and three billion susceptible devices. TCP / IP stacks process every single network packet reaching a device, and a bad actor only needs access to one of these in order to cause disruption. That's why it's important for organisations to be actively mitigating risks for these areas on their network, by patching devices running the vulnerable versions of the IP stacks and using network segmentation to limit the network exposure of critical vulnerable devices.
3. OT device patching essential for critical infrastructure sectors
Whether it's the Colonial Pipeline shutdown or the Oldsmar water system hack, the last twelve months has seen a significant increase in the number of cyber attacks targeting the operations of critical infrastructure sectors, including manufacturing, oil and gas, electricity and water. While establishing the exact vulnerable points for these types of attacks can be challenging, our research identified the NicheStack TCP/IP stack as a vulnerable entry point, which is present in millions of operational technology devices currently being used by these sectors. NicheStack, which was first introduced two decades ago, continues to be central to the operations of many important enterprise computer systems, making it highly susceptible to multiple types of cybersecurity attacks. Consequently, it's essential businesses operating in these areas heed the warnings from what's been seen this year and take protective measures, by limiting the network exposure of critical vulnerable devices via network segmentation and patching devices.
4. Healthcare industry must address Nucleus Net vulnerabilities
Given the challenges everyone has faced these last two years, there is no doubt the importance of keeping healthcare systems afloat has been essential to ensuring patients receive critical care during the pandemic. At a time when the industry is already feeling the strain, the recent cyber attack on the Irish healthcare service was just a prime example of what potentially can happen when networks are infiltrated.
One established area of vulnerability our research identified for the healthcare sector was the Nucleus TCP / IP stack, which is still widely used in critical safety devices operated by hospitals and the healthcare industry. If this stack is exploited, bad actors can take control and potentially shut down several critical hospital systems, causing widespread disruption to their operations and their patient care. To avoid disaster in the future, healthcare organisations must ensure they have taken learnings from the threats identified this year, and addressed the cybersecurity weak spots in their networks. Mitigations can include using network segmentation to limit the network exposure of critical vulnerable devices, patching devices as vendors release their patches and blocking or disabling support for unused protocols, such as FTP.
Daniel dos Santos holds a PhD in Computer Science from the University of Trento, Italy, and is a Senior Research Manager at Forescout Technologies, leading a vulnerability and threat research team.