Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Cyberattacks Are Becoming More Sophisticated
By Yoram Salinger,
CEO of Perception Point
Statistics tell us that as time
progresses, there are more cybersecurity attacks, and the severity of those
attacks have evolved as well, causing irreversible amounts of damage. Overall,
I think organizations have become better at preventing cybersecurity attacks as
the world becomes better at sharing information-when you have multiple
organizations sharing information on potential cyber threats that we know of.
The problem are cyber threats that we do
not of and that's
what it makes it so tough to prevent against cyberattacks. Even if you are
doing 100% of what you need to be doing and following all the best practices
and deploying new technologies, there is still the chance that an attacker will
bypass all the defense mechanisms put in place. And as breaches become more
sophisticated, their consequences become more complex and costly to remediate.
Enterprises need to continuously evaluate their cybersecurity tools to ensure
that they are best protected from these constantly evolving attacks.
The Most Common Attack Vector
One the one hand, the perimeter layer
probably receives the brunt of attacks. On the other hand, email continues to
be the main attack vector for attackers to penetrate the organization. New
cloud collaboration platforms are also a growing vector for content-borne
attacks. But the initial breach, , is just the first phase of the attack which
can be used to laterally attack the entire organization. If an attacker can reach the endpoint, then
we can assume that they were able to get through all the layers between the
perimeter and the endpoint. It's always an interesting debate at what layer should be
most protected.
What Organizations Overlook in their
Cybersecurity Infrastructure
Building your organization's cyber defense infrastructure is a
continued process that evolves just as the attack landscape evolves. The
problem is that organizations do not take the time to evaluate all the tools
that keep getting added to their cybersecurity stack. As more systems become
deployed, they get harder to manage and no one is auditing the efficacy of
those systems, be it legacy or next-generation technologies. This puts a strain
on security teams, and inherently limits their ability to focus on preventing
attacks. Organizations should do a yearly audit of their toolkit and determine
what can stay and what needs to go.
Cybersecurity Continually Impacted by
Human Intervention
Cybersecurity is impacted by human
intervention from different angles, which we can pretty much see across the
life cycle of an attack. The most obvious angle being the attackers themselves.
However, the other angle are the recipients of the attack. It can be on the individual
level, or as an employee part of a larger organization.
Despite the number of tools and services
that are used to detect and prevent cyberattacks, the reason they still succeed
is due to human error. Attackers continually take exploit the human need for
communication and collaboration, and as the cyberattacks themselves become more
sophisticated, it becomes more challenging to set off those internal warning
bells that something is not what it claims to be.
The third angle is the Security and SOC teams
who are responsible for intervention and remediation. Looking to the future,
the question is how many attacks these teams will be able to stop as
cyberattacks become more elaborate.
#1 Rule for CISOs in 2022
There is obviously more than one rule, but
if I were limited to only one rule, I would say that CISOs need to have their
fingers on the pulse on new types of attacks, methodologies and techniques and
what the next threat vectors will be. As cybersecurity has evolved over time,
so have the types of attacks. CISOs need to be continually asking themselves
where the attackers are headed, what new tricks do they have their sleeve and
if their organization is ready to stop those types of attacks. In summary,
CISOs need to think strategically and investigate the future as best as
possible as they lay the groundwork for their cybersecurity infrastructure.
Looking to the Future: Content-Based
Attacks vs. Context Based Attacks and Security for SMBs
The big question is what trends we are
going to see in 2022.
A trend that remains the same year over
year is that attackers are becoming more sophisticated. In general, we should
be better at:
- Preventing
malware since old viruses seem continue to wreak havoc on different industries
across the board including healthcare and critical infrastructure.
- Business Email Compromise (BEC) and how
attackers are using new techniques in phishing and Account Takeover (ATO) to
create more damaging BEC attacks.
- Ensure that cloud collaborations
channels are efficiently protected.
Additionally, I think that we will see
more attacks on small to medium sized business (SMBs) in order to infiltrate
larger organizations. Typically, SMBs do not have the security budgets, nor the
SOC teams that enterprises have, which makes them a prime target for attackers.
It is critical for cybersecurity companies to develop technologies that SMBs
can deploy to protect themselves that do not require the budgets and/or human
capital.
Lastly, organizations will need to shift
from pure content-based detection and incorporate context-based protection into
their cybersecurity stack. Both types of detection complement each other to a
create "universe" of protection. Content-based protection is
more deterministic in nature, e.g., figuring out whether an URL or file is
malicious or not. Whereas context-based protection analyzes behavior, to see if
there are any anomalies in order to suggest whether something is malicious or
not. As cyber threats evolve, organizations will need to shift from pure
reactive endpoint protection solutions to a more holistic approach that
analyzes all network points for enhanced cyber awareness.
##
ABOUT THE AUTHOR
Yoram Salinger
has more than 20 years of experience in leading global high-tech companies.
Yoram is currently the CEO of Perception Point. He leads the company's vision,
strategy, growth, and technology innovation. Prior to joining Perception Point,
Yoram led Redbend Software, a global leader in Mobile Software Management to a
successful exit - acquired by Harman for $240M. Earlier in his career, Yoram
co-founded and managed Epitera, a company that developed an ecosystem for Linux
to be used as a viable option for desktops.