Virtualization Technology News and Information
Apiiro 2022 Predictions: After a Turbulent 2021 for Cybersecurity, Five Predictions for 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

After a Turbulent 2021 for Cybersecurity, Five Predictions for 2022

By Moshe Zioni, Apiiro

Cyber attackers sure had a banner year.

The world will remember 2021 for a dramatic rise in ransomware and supply chain attacks. After several years of stagnation in attack volume, during the first six months of the year alone, ransomware attackers collected $590 million from their victims as this type of cybercrime skyrocketed, according to the U.S. Treasury Department.

In May, a ransomware attack on the Colonial Pipeline by a Russia-linked hacker syndicate shut down the pipeline for days and caused long gas lines, panic buying, and price spikes on the East Coast. It is believed to be the largest-ever breach of an American energy system. Less than a month later, an assault on JBS, the world's largest meat processor, forced nine beef plants to halt operations.

Meanwhile, the federal government continued to deal with fallout from the mother of all supply chain attacks: the 2020 SolarWinds hack. In this campaign likely orchestrated by Russia, bad actors slipped malicious code into a U.S. tech company's software update and used it to compromise the systems of a number of government agencies.

All of this prompted President Joe Biden to declare recently that "Our Nation is under a constant and ever-increasing threat from malicious cyber actors."

In 2022, it's natural to ponder what lies ahead on the cybersecurity front.

Here are five things likely to happen in the new year.

1.    Supply chain attacks will peak.

Supply chains - the dozens if not hundreds of third-party vendors and partners with which a typical organization shares data, much of it sensitive - have become sitting ducks for cybercriminals in recent years. It's an especially harmful attack vector because a breach of one supplier can impact the entire network, affecting huge numbers of organizations with a single hack. The SolarWinds episode was such an incident.

Supply chains will remain a popular target in 2022, but the attacks may level off. On one hand, cybercriminals will continue to find huge appeal in the maximum-impact-with-minimal-effort nature of supply chain incursions. On the other hand, from the defender's side, more and more enterprises can be expected to improve their detection mechanisms and practices for securing different parts of the supply chain, leading to better chances of thwarting attacks. 

2.    Threats to Low-Code and No-Code systems will grow.

No-Code application development is a method of building applications without having to write code but rather through platforms that allow people to drag and drop pre-configured modules to create enterprise applications. Low-code platforms still require coding skills but are designed to speed software development via pre-written code blocks.

Both techniques are growing in popularity as organizations look to accelerate software production while also grappling with a global skills shortage. Gartner forecasts that the worldwide low-code development technologies market will reach $13.8 billion by the end of 2021, a 22.6 percent increase from 2020.

We've learned all too well through the years that whenever new technologies are implemented quickly - look at Internet of Things (IoT) security issues, for example -security hygiene is more susceptible to being overlooked. The No-Code and Low-Code movements probably have hackers salivating, so companies using these methods will need to focus on protecting themselves.

3.    Remote and hybrid work will accelerate the adoption of "Zero Trust" security

The pandemic appears to have changed the nature of work forever: Many of the companies that shifted to remote and hybrid models will keep those in place permanently. That means organizations will need to continue placing a high priority on what it means for security when increasing numbers of employees work from anywhere, often via the cloud. They'll need to make sure they're defending against the threats and attack vectors they know about now and any new ones that emerge.

In the medium to long term, that might be even a blessing, but for now, many are still scattering to realize the new security perimeter standard.

4.    Development organizations will accelerate "shift left" buy-in

"Shift left" has become a significant industry trend. It refers to the agile software development methodology in which security testing is moved earlier in the application lifecycle to detect vulnerabilities as soon as possible, rather than waiting until immediately before release into production.

As cloud-native and Software-as-a-Service increasingly become the rule in enterprises, more companies will recognize the need for shift-left as they develop and deploy applications for which the old security rules of on-prem environments no longer are relevant. Developers will see the benefits of the shift-left approach and incorporate it as a key principle.

5.    The "everything-is-code" mantra will become louder.

A new trend is likely to take hold where even hardware goes towards a everything-is-code transition. For years, virtualization technologies have been progressing toward this notion, but now, in light of the global chip manufacturers shortage, giants like Intel and Nvidia have started to introduce code-solutions to harness a hardware-like experience. This in turn will require ops and IT teams to adapt, with a stronger focus on code visibility for better security.

Let's hope the cybersecurity landscape is less tumultuous in 2022 than 2021 was. But we can't count on it. It will be interesting to see how these five trends play out.



Moshe Zioni 

Moshe Zioni is Vice President of Security Research at code risk platform provider Apiiro and former Director of Threat Research at Akamai.

Published Thursday, January 13, 2022 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>