Wondering where cybersecurity is headed as we enter 2022? Read these predictions from 15 security industry experts as they weigh in and offer up their thoughts on the coming year.
++
Kevin Breen, Director of Cyber Threat Research, Immersive Labs
"We've seen an unfortunate increase in ransomware attacks, data
leaks, and the sophistication of overall attack methods in the past year. While
government-issued mandates have driven a positive increase in information
sharing and disclosing rich technical details shortly after vulnerabilities are
identified, we are still lacking critical workforce-wide cyber education.
In 2022 there's a lot more we can do to educate the entire workforce
on how they can best identify and be prepared for cyber risks - and empower
them to be defensive assets to their organizations. This now lies beyond
security teams; it's everyone's responsibility and remit, from legal to sales
to technical teams. Organizations need to ensure there is a fundamental
understanding of security and cyber crisis preparedness workforce-wide, and I
expect we'll see businesses make more deliberate efforts and investments to
address this gap.
Unfortunately, ransomware is likely not going anywhere in 2022,
but we will see attackers evolve their strategies in light of heavy crackdowns
and supply chain insecurities. The attack surface will likely reduce as larger
groups dissolve, and in turn we'll see affiliates move between RaaS operators
as they rise and fall like REvil and BlackMatter. The attackers will always
have the first-move advantage, but that's why it's crucial that we exercise the
wider organization's cyber crisis response to ensure everyone is prepared when
the worst case scenario strikes."
+++
James Christiansen, VP and CSO Cloud Strategy, Netskope
"In 2021 we've seen a rise of the "Great Resignation" and the
utilization of gig workers. Specifically, with gig workers, the rapid churn of
short-term projects and the widespread set of skills in demand means that
background checks may be overlooked and the security of their own computers
isn't up to corporate standards. At the same time, in 2021 Netskope Threat Labs
found that departing employees upload 3X more data to personal apps in their
final month of employment. Taken together, both of these developments point to
a need for corporations to rethink their insider threat strategy."
Ray Canzanese, Director, Netskope Threat Labs
"By the end of 2022 malicious Office documents will account for
more than 50% of all malware downloads as attackers continue to find new ways
to abuse the file format and evade detection. At the beginning of 2020,
Office documents accounted for only 20% of all malware downloads and have
increased to 40% in 2021. This trend will continue due to the pervasive nature
of Office documents in the enterprise and the many different ways they can be
abused, making them an ideal malware delivery vector."
+++
Theresa
Lanowitz, Head of Cybersecurity Evangelism, AT&T Business
Further acceleration to 5G networks
"While 5G adoption accelerated in 2021, in 2022, we will see 5G
go from a new technology to a business enabler. While the impact of 5G on new
ecosystems, devices, applications, and use cases ranging from automatic mobile
device charging to streaming, 5G will also benefit from the adoption of edge
computing due to the convenience it brings. We're moving away from the
traditional infosecurity approach to securing edge computing. With this shift
to the edge, we will see more data from more devices, which will lead to the
need for stronger data security.
Ransomware will be the most feared adversary
The year 2021 was the year the adversary refined their business
model. With the shift to hybrid work, we have witnessed an increase in security
vulnerabilities leading to unique attacks on networks and applications. In
2022, ransomware will continue to be a significant threat. Ransomware attacks
are more understood and more real as a result of the attacks executed in 2021.
Ransomware gangs have refined their business models through the use of
Ransomware-as-a-Service and are more aggressive in negotiations by doubling
down with DDoS attacks. The further convergence of IT and OT may cause more
security issues and lead to a rise in ransomware attacks if proper
cybersecurity hygiene isn't followed.
While many employees are bringing their cyber skills and
learnings from the workplace into their home environment, in 2022, we will see
more cyber hygiene education. This awareness and education will help instill
good habits and generate further awareness of what people should and shouldn't
click on, download, or explore."
Bindu
Sundareason, Director at AT&T Cybersecurity
Zero Trust will be the security model of choice
"Traditional cybersecurity practices focus on a ‘castle and
moat' model, where security protocols concentrate on keeping threats out. This
approach assumes that any user with the right credentials to access a network
has done so legitimately and can be trusted to move freely through the system.
However, as more organizations move their data and operations to the cloud more
rapidly, the concept of a security perimeter as we know it is becoming
obsolete. As a result, organizations will continue to focus on adopting a Zero
Trust security model which restricts network access to only those individuals
who need it.
Securing data with third-party vendors in mind will be
critical
Attacks via third parties are increasing every year as reliance
on third-party vendors continues to grow. Organizations must prioritize the
assessment of top-tier vendors, evaluating their network access, security
procedures, and interactions with the business. Unfortunately, there are many
operational obstacles that will make this assessment difficult, including a
lack of resources, increased organizational costs, and insufficient processes.
The lack of up-to-date risk visibility on current third-party ecosystems will
lead to loss of productivity, monetary damages, and damage to brand reputation."
+++
Jason Rebholz, CISO, Corvus Insurance
Ransomware + Impacts on Cyber Insurance
"Ransomware is the defining force in cyber risk in 2021 and will
likely continue to be in 2022. While ransomware has gained traction over the
years, it jumped to the forefront of the news this year with high profile
attacks that had impacts on the day to day lives of millions of people. The
increased visibility brought a positive shift in the security posture of
businesses looking to avoid being the next news headline. We're starting to see
the proactive efforts of shoring up IT resilience and security defenses pay
off, and my hope is that this positive trend will continue. When comparing Q3
2020 to Q3 2021, the ratio of ransoms demanded to ransoms paid is steadily
declining, as payments shrank from 44% to 12% respectively, due to
improved backup processes and greater preparedness. Decreasing the need to pay
a ransom to restore data is the first step in disrupting the cash machine that
is ransomware.
Although we cannot say for certain, in 2022 we can likely expect
to see threat actors pivot their ransomware strategies. Attackers are nimble -
and although they've had a "playbook" over the past couple years, thanks to
widespread crackdowns on their current strategies, we expect things to shift.
We have already seen the opening moves from threat actors. In a shift from a
single group managing the full attack life cycle, specialized groups have
formed to gain access into companies who then sell that access to ransomware
operators. As threat actors specialize on access into environments, it opens
the opportunity for other extortion based attacks such as data theft or account
lockouts - all of which don't require the encryption of data. The potential for
these shifts will call for a great need in heavier investments in emerging
tactics and trends to remove that volatility."
+++
Brian Murphy, CEO and Founder, ReliaQuest
Tackling the skills transfer issue to finally make progress in
addressing the gap
"If this past year taught us anything, it's that cyber attacks are
only increasing, so it's paramount that organizations have the best talent to
prevent and address these breaches when they occur. In 2022, the industry will
need to make substantial progress in addressing the cybersecurity skills gap as
efforts thus far haven't shown the progress we need to properly address
increasing threats. (ISC)2's recent report made it clear - there
aren't yet enough cyber pros to build secure tech, implement protections or
respond to breaches.
While it's great to see the efforts of the private sector
prioritize training in cyber skills, and making cyber awareness training
accessible to everyone, I hope, and expect, the industry will direct more of
its efforts into tackling the broader skills transfer issue. There are plenty
of people ready to raise their hand and help with this ongoing problem, but we
need to better equip them with the right skills. I hope to see more companies
in the new year investing in meaningful skills initiatives, like Microsoft's work with community
colleges and ReliaQuest's work with 3DE high
schoolers. These education-based efforts aim to encourage the next generation
of the workforce to take interest and gain critical skills to shape the future
cyber workforce."
Marcus Carey, Enterprise Architect, ReliaQuest
"2022 will be the year cryptocurrencies go mainstream. Already, big players are
making moves into this space and NFTs are becoming increasingly popular among
celebrities. We've unfortunately seen businesses use cryptocurrencies to make
ransomware payments, but in 2022, they will become a more widely utilized
method for companies to do things like compensate employees and take payments
from customers. This will open up a whole new paradigm for security teams and
CISOs, as there will be an increased emphasis on the security aspects of these
new technologies.
CISOs and security teams will need to have an understanding of all
of the facets of cryptocurrencies, including different blockchains like
Ethereum and Solana, smart contracts, and hot and cold storage. Just as
cybersecurity teams audit code now, they will have to audit smart contracts -
which are automated
agreements written in code and incorporated into the blockchain.
Cybersecurity teams and IT teams will need to manage hot wallets, which are
used for transactions, and cold wallets, which are used for long term storage.
There are various aspects and implications that CISOs and their teams will need
to understand in order to keep money secure. Cryptocurrency is the "Wild West"
of the digital world today. Companies need to prepare now for the impact it
will have in the year ahead."
+++
Tobi Knaup, CEO, D2iQ
Putting forth a DevSecOps approach from the start
"The pandemic pushed us further into the cloud, which has made us
more reliant on microservices and containers. However, the rapid proliferation
of microservices has outpaced the cyber security capabilities of most
organizations. In an effort to improve cloud native cyber security practices,
organizations will begin to embed security from the very beginning of the
development process, ensuring microservice remain secure wherever they are
deployed. As organizations become more agile, putting forth a DevSecOps
approach from the start ensures microservices are adequately secured."
+++
James Condon, Director of Research, Lacework
"Linux and cloud infrastructure are emerging targets of malware
and ransomware attacks: Threat actors are looking for the path of least resistance - the
easiest way to break through with the greatest return. The traditional methods
of enterprise network intrusions to obtain data (or other valuable company
information) is still resulting in success. However, cloud infrastructure is
heavily Linux-based (80+ percent) and with cloud adoption increasing,
especially as a result of the pandemic, threat actors are turning their focus
to cloud-based targets. The Lacework team found that PYSA Ransomware
Gang added Linux Support, which indicates that ransomware gangs and other attackers may be
pivoting to cloud strategies. Furthermore, continued identification
of new linux malware families are growing increasingly complex, adding to the mounting
concerns."
Chris Hall, Cloud Security Researcher, Lacework
"Crimeware actors will continue leveraging initial access
brokerage and crypto jacker techniques: Currently, we are seeing a
lot of cloud environments being compromised by crypto jacker techniques. These
aren't generating a ton of noise within the larger cyber community currently;
however this is an area that attackers will continue to leverage and start to
carry out on a larger scale in the coming year."
+++
Eric O'Neill, National Security
Strategist, VMware
If 2021 was the year of the Zero Day, 2022 will be the year of
Zero Trust:
"In 2021, defenders caught the highest number of Zero Days ever
recorded. We saw a massive proliferation of hacking tools, vulnerabilities, and
attack capabilities on the Dark Web. As a response, 2022 will be the year of
Zero Trust where organizations "verify everything" vs. trusting it's
safe. We've seen the Biden administration mandate a Zero Trust approach for
federal agencies, and this will influence other industries to adopt a similar
mindset with the assumption that they will eventually be breached. A Zero Trust
approach will be a key element to fending off attacks in 2022."
Karen Worstell, Senior Cybersecurity
Strategist, VMware
Accelerated delivery of the benefits of 5G infrastructure will
highlight IoT security needs. "The pandemic made it abundantly clear how important 5G
infrastructure is for rural areas in the U.S. The rollout of 5G will enable
better access to healthcare, educational innovations, and public services. The
Biden administration's infrastructure bill, which includes provisions for
broadband delivery and access, provides the industry with another nudge in the
right direction to roll it out. As 5G service delivery expands, there will be a
growing demand for IoT security and engineering to ensure that network
complexity does not become yet another security liability. We must also focus
on securing the far edge much like we handle the data center edge today -- this
will put new demands on incident detection and response. Future-ready capabilities
like EDR (endpoint detection and response) will need to evolve in order
to keep an expanding service level and constituency safe."
+++
Florindo Gallicchio, Managing Director, Head of Strategic
Solutions, NetSPI
Cybersecurity
budgets will rebound significantly from lower spend levels during the pandemic
"As we look to 2022, cybersecurity budgets will rebound
significantly after a stark decrease in spending spurred by the pandemic.
Ironically, while COVID-19 drove budget cuts initially, it also accelerated
digital transformation efforts across industries - including automation and
work-from-home infrastructure, which have both opened companies up to new
security risks, leading to higher cybersecurity budget allocation in the new
year. Decisions are being made in Fortune 500+ companies with CFOs on the ground,
as these risk-focused enterprises understand the need for larger budgets, as
well as thorough budgeted risk and compliance strategies. Smaller corporations
that do not currently operate under this mindset should follow the lead of
larger industry leaders to stay ahead of potential threats that emerge
throughout the year."
+++
Stephen Cavey, Co-founder of Ground Labs
Awareness and gamification will lead the future of data security
plans
"As employees went remote the amount of potential data exposure
greatly increased. This increased risk highlighted the strongest security
weakness that criminals were actively targeting the organization's people.
Traditional forms of mitigation of this risk in the form of
physical training through classroom delivery have not been as effective as
required to reduce the instances of data breaches caused by employees. In the
coming year, CISOs and IT leaders will incorporate all parts of an organization
into creating a well-rounded cybersecurity strategy that places employees at
the center in order to mitigate risk. We're going to see more
next-generation job roles such as "head of remote." These new roles will be
tasked with improving the remote experience which can open up a strong
opportunity to weave a culture of data security and good data hygiene and
awareness practices that are driven through educating on the unique risks of
working remotely in isolation for prolonged periods. Adding elements of
gamification is also an excellent way to remind, engage and motivate employees
to practice better cybersecurity habits."
##