More people than ever have joined the digital economy this year: the number of workers choosing to work remotely in 2022 increased 24% since 2021. And those choosing hybrid work went up 16%. Interest for in-office work, however, dropped by 24%.
Previously existing phenomenons like BYOD have also been reinforced, and will continue to be so, with most employees now hopefully aware of the dangers of threats like email phishing. Hackers are leveraging machine learning to create even more convincing messages, in the hopes that this will allow them to steal user logins and gain access to private databases. We expect this trend to accelerate in 2023.
In the office, workers may also encounter a new landscape of post-pandemic IoT devices: hands-free, voice-enabled conference rooms, powered by systems like Amazon Alexa For Business. Regardless of what you call them, or what industry they are most prevalent, (the Enterprise of Things, IoT, IIoT or IoMT), these devices can’t be secured by legacy solutions. By the end of this year, you can expect up to 90% of all devices across an organization will be unmanaged. For all the benefits the devices that deliver these new and important experiences provide, they are inherently vulnerable. Cybercriminals attack the low-hanging fruit, meaning that they will go looking for easy targets, then work their way deeper inside your network.
The future is agentless
As diversification happens and the scale grows, the devices themselves won’t matter as much as how they interact with the broader environment. This is not necessarily true for OT-type assets in Industrial environments and healthcare devices (we’ll talk about both of those in a bit), but it is true in most office environments.
The benefit of that future is clear: organizations can share devices and not bear the capex burden. In fact, increasingly the “devices” will not be owned at all by the organizations they serve. This will be an extension of much of the already adopted Cloud paradigm: you can get rid of logic that runs on site and everything runs in a “cloud” – even if it’s a cloud of devices in the office..
Besides the cost savings, this leads to resilience – and you can apply a number of IT “cloud tricks” to scale.
The actual endpoint will more and more serve merely as a data access element, the more an agentless approach is both necessary and makes sense – especially if they are owned and maintained by service providers.
Ultimately: devices won’t matter. Their access matters. And that is exactly one of the many reasons why Armis was built agentless to begin with.
A new Industrial Era
It’s not just people that got connected to the digital world: manufacturing environments that previously required a crew to be on-site to, are now kept running using at least partial remote operations – even though these systems were typically not designed to handle cyber threats from the outside world. Without effective cyberdefense plans, OT and ICS systems are prone to cyberattacks that could result in financial loss or reputation damage – or, as we wrote back in June 2021: “Beer, Cheese, Fuel, and now meat. What’s next?”. As companies are building stronger defense lines against ransomware breaches, we might even see an increased focus on “profitable” ransomware victims, like high-net-worth individuals.
Even our safety and national security are at risk; it’s no coincidence that this year also marked the introduction of a 100-day plan from the Biden Administration that focuses exclusively on securing our critical infrastructures. Nation-state actors continue to evolve and become bolder, with critical infrastructures becoming their main target in military escalations. The ongoing threat of hacks targeting electrical grids, transportation systems or water facilities represents a major vulnerability going forward.
At the core of this new industrial era is the convergence between information technology (IT) and operational technology (OT), which paves the way for the Industrial Internet of Things (IIoT).
Traditional OT and IoT devices were not designed with strong built-in safeguards, don’t produce logs, and cannot support the installation of security agents. In other words, they are unmanaged. If you remember URGENT/11, where 11 day-zero vulnerabilities were discovered in VxWorks (used by over 2 billion devices including critical industrial, medical and enterprise devices), you might also remember that one year later a staggering 97% of the OT devices impacted by URGENT/11 still had not been patched.
We expect to see more focused ransomware and malware attacks, as well as more IT/OT convergence. Enhanced exploitation tactics and techniques will be used to target supply chains and then make their way down to the OT and edge devices, hitting multiple attack surfaces at once. That is why we deliver solutions to identify, monitor, and protect digital assets now and beyond the Industry 4.0 era. Our agentless solution is able to track and manage both managed and unmanaged devices. When Armis detects suspicious behavior, it can proactively establish network segmentation to isolate the threat.
Help! My MRI Scanner has a Facebook account
The medical profession fully realizes the benefits of smart medical devices and online patient records. Unfortunately, concerns around privacy and safety have grown at the same rate, because sensitive information is a prime target for hackers. Cybersecurity attacks that exploit these delicate clinical workflows have had significant impacts on operations, revenue, and safety, regardless of the size and location of a healthcare organization. Securing Internet of Medical Things (IoMT) will require threat modeling data drawn from asset inventories, application payloads, and custom protocols. We are here to help bridge the gap in securing both new smart healthcare systems and legacy platforms for biomedical devices.
Choose your battles, pick the right tools
All of the above is fueled by a severe shortage of cybersecurity professionals, that we predict will get worse. This will keep requiring organizations to spend their time and resources wisely and efficiently. Combining the traditional IT architectural review and OT control review groups with a global view on risk management in both IT and OT is where platforms like Armis provide the most value with solutions such as:
- Cybersecurity Asset Management
- Vulnerability and Risk Management
- Threat Detection & Response
Now is the time to move to a comprehensive, automated solution that identifies every device — even temporary and virtual devices—and checks them against our collective asset intelligence engine. For more information and to see a full demonstration of Armis, please visit www.armis.com/demo.