Active Directory ( AD ) protection , a top CISO-level concern
AD is an essential element of an enterprise ’ s network infrastructure , but it is intrinsically insecure and notoriously difficult to protect . Attackers are aware of its weaknesses and diligently target AD to increase their privileges , escalate their attacks and mass-encrypt data for ransom . Mandiant , a leader in incident response services , named Active Directory exposures the top reason ransomware attacks continue to be successful . Business leaders and IT decisionmakers cannot afford to let visibility and organisational divides leave exposures unaddressed and open for attack .
Insurance companies will raise rates and technology requirements
Cybersecurity Ventures estimates that ransomware costs will reach US $ 265 billion by 2031 , with an expected 30 % year-over-year growth in damage costs over the next 10 years . To help minimise their risk , insurance companies will increase their premiums and institute stringent security technology requirements as a prerequisite to extending coverage or making payouts . With Active Directory being a primary factor in almost every ransomware attack , insurance companies will look favourably at systems that detect in-network lateral movement and credential misuse , seek privilege escalation and protect identity management systems , such as AD .
Supply chain issue to increase complexity and risk
Supply chain issues force enterprises to order supplies months in advance , in larger quantities and from new providers . The lack of supply will add complexity to new vendor management and qualifications as organisations adjust their purchases , and potentially standards , to support business operations . This change will introduce new supply chain security risks that could arise from software , hardware and logistics security exposures .
Skills gap to impact attraction and retention policies
Women and single parents were disproportionately impacted by the pandemic when it came to their careers . With many employees stepping away from their jobs in 2021 , combined with the skilled IT shortage and the anticipated Great Resignation of 2022 , organisations will continue to compete to attract and retain highly-skilled cybersecurity talent . Companies that offer robust benefits and perks , remote working , flexible hours and subsidised childcare will come out on top in the battle for talent .
As we head into 2022 , one thing for certain is that it is not a matter of whether attackers will breach Middle East organisations , but when .
With the over-emphasis of sophisticated attackers to compromise identities , CISOs should look beyond ensuring basic Active Directory hygiene and look for key capabilities when selecting technology to prevent and detect AD vulnerabilities , threats and attacks .
These capabilities include highvisibility for AD vulnerabilities and exposures , detecting live attacks and discovering misconfigurations . u
As we head into 2022 , one thing for certain is that it is not a matter of whether attackers will breach Middle East organisations , but when . www . intelligentciso . com