Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Cybersecurity in 2022: Cyberwarfare, Zero Trust and Hacking E-Sports
By Joseph
Carson, Chief Security Scientist and Advisory CISO at ThycoticCentrify
This year, cyberattacks once again increased in frequency
and vitality, causing mass disruption to citizens and organizations across the
globe. Attacks on supply chains had a massive ripple effect, leaving fuel pumps
and shelves at grocery stores empty. Ransomware also continued to be one of the
most prominent threats as cybercriminals searched for more lucrative ways to
monumentally gain. Ransom demands also skyrocket and we even witnessed a growth
in Ransomware-as-a-Service (RaaS) offerings with many cybercriminals
selling their tools and expertise.
In addition, many organizations continued to struggle with
finding a balance between productivity and security in hybrid and remote work
environments. Employees were often forced to make the choice between staying
productive and taking security risks. As organizations move back to more
strategic decision making and re-evaluating the risks incurred from the
difficult and unexpected accelerated transition during the pandemic, the risk
of cyberthreats has increased and organizations are exposed more than ever.
So, what can we expect in the cybersecurity industry in
2022? Here are some of my top predictions for the next 12 months.
1.
The Verge
of a Cyberwarfare as Governments Strike Back
In 2021, many global government
agencies began to take a greater stance against cybercrime and cybercriminals.
The US government in particular launched several initiatives throughout the
year, including the publication of President Biden's Executive Order which
outlined clear actions aimed at improving the nation's cybersecurity posture,
as well as announcing the creation of a multi-agency
ransomware task force. The UK government also invested in a new National Cyber Force
(NCF) aimed at protecting the country from cyber-attacks. As government
agencies join the fight to protect their citizens, supply chains and organizations
against cyberattacks, I believe that we may very well be on the brink of a
cyberwar. The reality is that as governments strike back, so too will cybercriminals
who may even join forces with one another to collaborate and respond - with a
stronger ability to cause havoc. As a result of this, in 2022, we may see the
introduction of a cross-cultural cyber treaty, with countries uniting to fight
back against cybercrime. A treaty that limits the amount of ‘safe havens' that
cybercriminals have to operate within. A true global effort where all countries
have the same penalties, sanctions and zero tolerance for cybercrime.
2.
Zero Trust:
The New Baseline for Future-Proofing Security Risks
Zero Trust is the new buzzword of
cybersecurity, a trend that has topped security priorities over the last
several years. Zero Trust has become not only an important framework for reducing
the known security risks of the past but is also helping to reduce the security
risks of the future. It is important that organizations understand that Zero
Trust is not a single solution that you can purchased or installed and then
checked off your to-do list. It is rather a journey and a mindset on how you
wish to operate your business in a secure way. You don't become Zero Trust -
you practice a Zero Trust mindset.
In 2022, a Zero Trust approach can
help organizations establish a baseline for security controls that need to be continually
repeated - an approach that forces cybercriminals into taking more risks. As a
result, cybercriminals will make more noise and lose the ability to be
discreet, giving cyber defenders and security teams more opportunities to
detect attackers earlier.
3.
Identity
is the New Perimeter
Many organizations continue to
struggle defining what the ‘new perimeter' is, specifically with accelerate
remote and hybrid working environments. Factors such as cloud computing, home
office networks, endpoints, mobile apps, and legacy on premise systems further
complicate this challenge. Some organizations have attempted to enforce
multiple edge perimeter points. However, this can become tedious and challenging
to manage and secure.
For most organizations, their new security
perimeter is identity, an artifact that organizations can control. This means that
access has become the new security control for an organization's perimeter. In
2022, organizations will work to gain back control of their perimeter by making
identity and access security a top priority.
4.
Hacking
Becomes a Glorified Sport
Gamers and streamers are a massive
global trend across social media platforms, capturing the attention of millions
who want to know their secret techniques on how they get to the next level.
Hacking is now also becoming a glorified streamed event with the world's top
hackers streaming their hacking skills online, showing off new techniques and
methods on how to bypass security and get the initial foothold. Hacking
gamification platforms are also on the rise as hacking teams compete for L33T
status on being on the top of the leaderboard. This is a new trend that will
continue to grow and manifest in 2022, and we will see hacking become an EL3T3
Sport where viewers pay to watch hacker's hack.
5.
Increased Cryptocurrency
Regulation
This year, cryptocurrencies
continued to disrupt the financial industry, but as we move into the new year, they
must evolve into a stable method for transactions and accelerate adoption. Some
countries view cryptocurrencies as a way of differentiating their economies so
they can become more competitive in the tech industry and persuade investment.
In 2022, more countries will embrace the use of cryptocurrencies while also working
to implement increased regulation and create more stabilization - which will
ultimately accelerate adoption.
##
ABOUT THE AUTHOR
Joseph Carson is a cybersecurity professional with
more than 25 years' experience in enterprise security and infrastructure.
Currently, Carson is the Chief Security Scientist & Advisory CISO
at ThycoticCentrify. He is an active
member of the cybersecurity community and a Certified Information Systems
Security Professional (CISSP). Carson is a cybersecurity adviser to several
governments, critical infrastructure organizations, and financial and transportation
industries, and speaks at conferences globally.