Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Zero Trust Truths, Ransomware Risks, IoT Threats & Reality Recognition
By Tim Eades, CEO, vArmour
2021
was the year when ransomware went mainstream, and so did the realization that
much of our digital life counts as essential infrastructure for work, play and
survival. For organizations dealing with cyber vulnerabilities, accelerated
digital transformation and migration to complex cloud environments, the
consequences of increased vulnerabilities became more stark. After a record
year for both cyberattacks and enterprises transforming their IT
infrastructures, don't expect to see this change any time soon.
In
2022, we can expect to see four main challenges created by organizations' lack
of cyber preparedness and visibility into their IT environments.
First, Zero Trust will continue to be
a high-level concept that means something different to everyone. Zero Trust is best achieved
through a phased approach. But it starts with the ability to "observe reality"
as it is happening now. And it turns on
its head the idea that a "trust but verify" approach can still be operated in a
world with zero perimeters - or that a single, dominant
security modality is all you need. More immediately, Zero Trust is a key
component of President Biden's recent executive order, so expect to see the
market awash in products and solutions claiming to offer Zero Trust capabilities,
and CISOs and IT decision-makers under increasing pressure to invest in all
manner of things promising Zero Trust. Cybersecurity experts will need to
explain that Zero Trust security is not a ready-to-buy product, but rather a
way of thinking and, ultimately, a systematic approach to establishing a Zero
Trust architecture.
Organizations
that use 2022 to begin their Zero Trust journey will do so by learning what
Zero Trust is and isn't, and investing in the technology that provides the
foundations for that strategy. It's unclear whether Zero Trust will become
commonly adopted by the end of 2022, but we can be fairly certain that a sudden
increase in Zero Trust tools will require some myth busting at the C-suite
level.
Next, C-suites will continue to be threatened
by the specter of ransomware attacks. Such attacks show no sign of abating,
especially as many enterprises deal with dramatically expanded attack surfaces
brought about by the accelerated shift to remote work and the reality that most
businesses operate 24/7. We have witnessed the impact of these attacks on
critical sectors of our national infrastructure including energy, food
production, transportation and healthcare. For perspective, in 2020, ransomware
payments exceeded $400 million, more than four times their level in 2019.
The
U.S. government has taken new measures to combat this menace, including
creating a ransomware task force to recommend preventative measures such as
mandatory attack disclosures, and cracking down on financial institutions that
facilitate cryptocurrency payments to ransomware attackers. Only time will tell
if these efforts are sufficient. As companies continue to buy cyber insurance
and cyber insurers continue to pay out, the threat of ransomware is not going
to go away anytime soon. Ransomware represents an existential threat to
organizations of every kind and should be considered and addressed as such.
Another trend that will continue to
accelerate is the merging of the physical realm, e.g., the Internet of Things
(IoT), and the realm of cybersecurity. In the past, cyber- and physical
security have often been separate and sometimes at odds, but our increasing
reliance on automation and interconnected tools, machines, devices and
instrumentation mean that IoT and cyber-physical security strategies are a
requirement here and now.
From
internet-connected thermostats, to the components responsible for autonomous
driving, the physical world is increasingly digital and prone to the real-life
consequences of cyberattacks. We can expect to see an uptick in cyber-physical
security attacks setting the stage for a reckoning over how to secure
enterprises amid increasingly complex connectivity.
Finally, 2022 is shaping up to be the
year when observability emerges as a
primary element to provide comprehensive security and increased resilience to
the enterprise. This manifests as the capability to observe
in real time the ever-changing relationships and interactions between
applications, devices, infrastructure, data and, importantly, people. As
enterprises increasingly adopt more dynamic and adaptive IT infrastructures,
the security paradigms built for more static, boundary-defined perimeters
become less effective, less relevant. Organizations thus need to fundamentally
rethink their approach to cybersecurity, resilience and risk management,
adopting both a mindset and posture that recognizes that attack surfaces have
increased exponentially. With that in mind, there are new requirements and
imperatives organizations must take on to control and govern the modern digital
enterprise.
2022
presents the opportunity to retire old ways of working and tired technologies
that no longer serve. The new year represents a great opportunity to be bold.
##
ABOUT THE AUTHOR
Tim Eades, Chief Executive Officer
With over 20 years of leadership experience in sales, marketing, and executive management
at the CEO level, Tim has deep expertise in driving high growth for computing,
security, and enterprise software companies. Tim joined vArmour as CEO in
October 2013. Prior to that, he was the CEO at Silver Tail Systems from March
2010 until the company was acquired by RSA, the security division of EMC in
late 2012. Prior to leading Silver Tail Systems, Tim was CEO of Everyone.net,
an SMB focused SaaS company that was acquired by Proofpoint. Tim has also held
sales and marketing executive leadership positions at BEA Systems, Sana
Security, Phoenix Technologies and IBM. Tim holds advanced degrees in business,
international marketing, and financial analysis, primarily from Solent
University in England.