2021 proved to be a tough year for cyber security. After a slew of ransomware attacks forced a number of companies to dole out millions of dollars, a major vulnerability has been discovered in “Log4j,” the software behind a number of popular software applications. Unlike previous attacks that primarily targeted organizations, the Log4j vulnerability poses a far greater threat, because it puts hundreds of millions of devices at risk, experts from the Cybersecurity and Infrastructure Agency (CISA) told ABC News.
Furthermore, the vulnerability could have a domino effect. Even if developers don’t use Log4j directly, they are still vulnerable if any of the open source libraries they use rely on Log4j, Chris Eng, chief research officer at cyber security company Veracode, told CNN Business.
According to Rep. Jim Langevin, a founding member of the Cyberspace Solarium Commission, the vulnerability could allow hackers to compromise an organization’s entire system and database.This includes customer records and data, and it could even be used to sabotage critical infrastructure, such as shutting down gas pipelines. Should such an attack occur in the colder months, a significant amount of people would not have access to natural gas to heat their homes, which could cause damage and even loss of life.
With cyber attacks surging, organizations need to prioritize cyber security rather than treat it as an afterthought. As The Enterprisers Project reports, there are four expert-recommended cyber security trends organizations should embrace in the new year:
Make sure you are following cyber security basics. Routinely check on items such as password hygiene, system patching, threat modeling, and SAST / DAST scanning. Be sure your colleagues agree on what these basics entail, so you can establish a collective standard to work towards.
Don’t prioritize too much. Consider doing a gap analysis to find where your organization is most vulnerable. Begin with an inventory check of your assets. From there, you can more easily see what assets you need to prioritize. Not only does this help you focus on your most critical security risks, it also helps you spot problematic patterns to rectify when creating processes to improve security across the entire organization.
Take software supply chain security seriously. Most of today’s software does not exist in a vacuum. It relies on other software, much of it downloaded from the internet. As a result, developers often use code they did not create themselves, which may contain bugs or malicious code. As such, traditional security methods, like vulnerability analysis, are no longer enough. IT leaders need to take software supply chain security into account. This includes software scanning and signing tools to reduce security problems in the supply chain.
Shield your data from the bottom up. With more data stored in the cloud than ever before, data breaches are a major concern. As such, organizations should consider new security strategies, including role-based access control, zero trust, and defense in depth. Some rules of thumb include assuming your cloud and business accounts have been or will be breached, regularly validating access, and paying greater attention to your “dark data” — which is data your organization generates but does not use.
There is little doubt that cyber crime will accelerate in 2022. By adopting these cyber security trends, your organization will be able to better handle the threats.
Improving Cyber Security in Your Organization
What are your cyber security resolutions for the coming year and beyond? Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.
Contact an IEEE Account Specialist today to get access to the course program for your organization.
Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.
Casey, Kevin. (16 December 2021). IT security: 4 issues to watch in 2022. The Enterprisers Project.
Egan, Matt. (16 December 2021). Exclusive: ‘Cyber is the most dangerous weapon in the world,’ JPMorgan council warns. CNN Business.
Barr, Luke. (14 December 2021). Cybersecurity official warns software vulnerability could affect ‘hundreds of millions of devices’. ABC News.