Evolution of cybersecurity: The rise of XDR in the 2020s

evolution of cybersecurity

As part of our 5-part series on the evolution of cybersecurity, the fifth and final entry highlights the need for manageability and visibility as the frequency of cyberattacks increased sharply, coupled with a shortage of cybersecurity professionals, and the growth of cloud and SaaS apps. 

The second decade of the 21st century has been marked by various global events that led to a steep increase in the number of cyberattacks seen globally, a shortage of cybersecurity professionals (with over 3.5 million unfilled jobs in cybersecurity), and the growth of cloud and SaaS apps, all of which pushed the industry toward more integrated, manageable tools that could provide more comprehensive visibility when it comes to security. 

But the most significant event in this era of IT development (and the world at large) was the COVID-19 pandemic that began in early 2020 and has continued to reverberate throughout the cybersecurity segment and the global economy right up to today. 

The pandemic was like a slow-rolling natural disaster that gradually expanded its effects on IT and business over several months. While many companies were launching digital transformation projects, and many had adopted cloud and SaaS storage and applications, the sudden shift into remote work and collaboration was like pouring gasoline on a fire. Everyone had to quickly ramp up remote access for almost everything in just a few weeks to stay operational in the wake of shelter-in-place requirements. Global travel ground to a halt. Nearly every employee, from the CEO to the newest associate, was logging into corporate assets from their home networks, which were often not sufficiently secured. 

The number of cyberattacks ballooned during the pandemic, fueled partly by pandemic-related phishing scams and the vulnerability of isolated employees on unsecured networks and endpoints. The cost of ransomware attacks increased as the number of attacks rapidly rose. 

High-profile cyberattacks as the pandemic unfolded

The Log4j or Log4Shell vulnerability came to light, described by some as the single biggest vulnerability ever disclosed. Taking advantage of weaknesses in Java, attackers could use this exploit for anything from cryptocurrency mining to ransomware attacks. The majority of cloud enterprise environments were determined to be vulnerable. Fixes for the vulnerability were disclosed late in 2021, just before the exploit was publicized. 

In July 2021, more than 1,000  MSPs and their clients fell victim to the Kaseya VSA ransomware attack, taking down networks and locking up application access. A vulnerability in the Kaseya VSA software was responsible, and the episode highlighted how MSPs could have their remote client access turned against them. 

That same year, SolarWinds was the victim of a massive cyberattack that allowed hackers based in Russia to spy on the company’s clients, including U.S. government agencies. 

The birth of new technologies

To protect themselves and their clients, MSPs needed solutions that would provide comprehensive protection, regardless of device or network, and better visibility into what had become a web of point security solutions. 

As a result, two key technologies have increased in prominence over this period. The first is zero trust, which is more of a philosophy than a single technology. The idea is that every attempt to access an application or network is a potential attack and should require high levels of authentication and encryption. Roles-based access can limit vulnerability, and user-centric multi-factor authentication can reduce the damage caused by credential theft and other attacks. 

The second is Extended Detection and Response (XDR) solutions. XDR integrates several key cybersecurity tools such as security information and event management (SIEM) and security orchestration, automation, and response (SOAR), as well as integrating with business tools to provide an overview of a business’s digital estate. It collects telemetry data, correlates alerts and data from multiple security solutions and automates response to threat alerts. It also incorporate threat intelligence, advanced analytics, and machine learning to ensure accuracy and precision to detect and respond to cyberthreats.  

Managed XDR, where security operations center (SOC)-as-a-Service is added to XDR to provide 24×7 monitoring, provides a way for MSPs to offer a centralized managed security service offerings for clients who requires breadth and depth cybersecurity in a holistic fashion. 

It allows MSPs and their clients to shift from reactive, post-attack restoration to a more proactive approach that can shorten the response time of an attack and reduce the damage it can cause. This is especially critical as ransomware attacks skyrocketed. 

Another key trend during this period was the need for cyber insurance to help protect companies when they were almost inevitably the victims of cybercrimes. The costs of these policies and cyber hygiene requirements to achieve compliance can be daunting. By using XDR and other technologies, MSPs can help companies stay compliant, reduce cyber risk, and keep premiums low through well-documented security measures and reports. 

A look into 2024 and beyond

As we enter the later part of the 2020s, key trends to watch for that are already impacting cybersecurity are artificial intelligence (AI) and regulatory compliance. AI-based systems like ChatGPT have garnered a lot of press coverage, and companies are beginning to leverage AI for everything from help desk support to generating original art or text (often accompanied by a tremendous amount of controversy).  

Both bad actors and cybersecurity companies are taking advantage of AI. While cybercriminals are using it to create sophisticated attacks, deepfake videos, images, audio files, and many more to effectively fool victims, cybersecurity companies are leveraging AI and machine learning to improve threat detection and predictive analytics, automate analysis and response, and accelerate mitigation strategies. 

From a regulatory standpoint, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity measures that require public companies to follow incident reporting and governance disclosure requirements. While the regulation impacts public companies, it’s an insight into what is coming for the private sector in the near future. It is important to adopt a strong cybersecurity framework early on, with technologies such as XDR that can help support complex regulatory requirements.  

As the tug-of-war between cybersecurity and business efficiencies continues, MSPs must assist their clients in navigating the challenges of striking a balance. Whether it is implementing and/or integrating cybersecurity solutions, or fulfilling regulatory requirements, it is important to ensure the technologies used promote resilience against the evolving business needs.  

Photo: CC7 / Shutterstock

This post originally appeared on Smarter MSP.