Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
The Shape of Cyberthreats to Come - And How to Understand the Evolving Dynamic
By Adam Stern, founder and CEO of Infinitely Virtual
Here's
a safe, perhaps even unassailable, prediction for the year ahead in
cybersecurity: the threats will keep on coming.
Everything
morphs, of course, but while the specifics and scope of attacks will change in
2022, nothing is likely to stop the relentless tendency of bad actors to (seek
to) wreak havoc on organizations, businesses and governments.
So,
post Solar Winds and Colonial Pipeline, what have we learned and how might IT
and others put those lessons to use in the next 12 months?
Here's
a top-line of those learnings: (a) this is no time to put extreme vigilance on
the back burner; (b) there are no magic bullets to get hackers to disperse; and
(c) don't hold your breath for a tech-driven bulldozer to level the playing
field. Feeling as though you're scrambling or perpetually on the
defensive? For many, that indeed has become the status quo, and although
dodging and ducking doesn't seem like much of a strategy, the year ahead may
offer promise, if you squint a bit.
Savvy
organizations can thread their way through in 2022 as they've done for some
time now - with a mindset that treats security as a process -- but language
matters more than ever. While bad actors are calling the shots and we
can't "level the playing field" as such, businesses can access more
tools than many realize.
In
a perfect world, we'd strive to be a step ahead but that's typically a fool's
errand; it's the attacker's job to game the system. The obvious reason
why that playing field can't be leveled: by definition, what bad actors do is
illegal. They don't play by the rules, but we must.
Effective
cybersecurity strategies for 2022 will require collective effort across the
board. Solutions are not limited to SMBs or the enterprise or industry-specific
sectors or, certainly, individual users. The way forward includes any and
all - or, more accurately, every and all. Next year is all about
building an ad hoc community of users who follow these threats, come up with
solutions and share information. That's the best, if not the only, way to
fight and protect against a dispersed army of bad actors.
Ad
hoc may or may not mean actively coordinating. It does mean relying
increasingly on forums and similar venues to share and advance best
practices. In this, we're all potentially empowered. Every hacked
business, whatever the size, takes steps in response - steps that may entail
calling on a staff member, an IT expert, a cybersecurity firm or some other
knowledgeable third party. Taking action becomes a learning experience,
because few tackle this alone.
Indeed,
as we move into 2022, responsible cybersecurity increasingly will draw on
crowdsourcing. Although small businesses typically lack the resources to
retain cybersecurity specialists to do deep-dive investigations like their
large-enterprise counterparts, SMB contributions still matter.
Insights/intelligence from attacks of all sizes effectively "trickle up" and
down, over time making their way into commercial antivirus and anti-malware
software.
Even
bad actors are getting into the act, albeit unintentionally. Not long
ago, a band of hackers offered "ransomware as a service," boasting some of the
trappings of a startup. The "firm" was irate when the authorities hacked
their servers, pulling encryption keys and preventing their "customers" from
collecting the ransomware score. The moral: the playing field really is
difficult to level.
While
ransomware-as-a-service isn't likely to be a thing, might 2022 be the year
artificial intelligence at long last rides to the rescue? AI does
continue to advance, especially the state of the art in threat detection, but
I'm not that bullish - at least not on a purely tech-driven solution.
Breakthroughs as such take years.
I
see the necessary jump-start taking a different form - genuine will, backed by
new energy and fresh resources, especially from governments. With more
and more high-value targets at risk, the needle may in fact move. When a
fintech company or a pipeline is at risk, high-profile threats tend to open
wallets and minds. Nothing like a few prison terms to get the point
across.
While
it may not exactly be leveling the playing field, playing hardball might just
be a game-changer.
##
ABOUT THE AUTHOR
Adam Stern is founder and CEO of Infinitely Virtual (www.infinitelyvirtual.com -- @IV_CloudHosting) in Los Angeles. Stern is an entrepreneur
who saw the value of virtualization and cloud computing more than a decade ago.
His company helps businesses move from obsolete hardware investments to an IaaS
[Infrastructure as a Service] cloud platform, providing them the flexibility
and scalability to transition select data operations from in-house to the cloud.