Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
After a Turbulent 2021 for Cybersecurity, Five Predictions for 2022
By Moshe Zioni, Apiiro
Cyber attackers sure had a banner year.
The world will remember 2021 for a
dramatic rise in ransomware and supply chain attacks. After several years of
stagnation in attack volume, during the first six months of the year alone,
ransomware attackers collected $590 million from their victims as this type of
cybercrime skyrocketed, according
to the U.S. Treasury Department.
In May, a ransomware attack on the
Colonial Pipeline by a Russia-linked hacker syndicate
shut down the pipeline for days and caused long gas lines, panic buying, and
price spikes on the East Coast. It is believed to be the largest-ever breach of
an American energy system. Less than a month later, an assault
on JBS, the world's largest meat processor, forced nine beef plants
to halt operations.
Meanwhile, the federal government continued to deal with
fallout from the mother of all supply chain attacks: the 2020 SolarWinds
hack. In this campaign likely orchestrated by Russia, bad actors slipped
malicious code into a U.S. tech company's software update and used it to
compromise the systems of a number of government agencies.
All of this prompted President Joe Biden to declare recently
that "Our Nation is under a constant and ever-increasing threat from malicious
cyber actors."
In 2022, it's natural to ponder what lies ahead on the
cybersecurity front.
Here are five things likely to happen in the new year.
1.
Supply chain attacks will peak.
Supply chains - the dozens if not hundreds of third-party vendors and
partners with which a typical organization shares data, much of it sensitive -
have become sitting ducks for cybercriminals in recent years. It's an
especially harmful attack vector because a breach of one supplier can impact
the entire network, affecting huge numbers of organizations with a single hack.
The SolarWinds episode was such an incident.
Supply chains will remain a popular target in 2022, but the attacks may
level off. On one hand, cybercriminals will continue
to find huge appeal in the maximum-impact-with-minimal-effort nature of supply
chain incursions. On the other hand, from the defender's side, more and more
enterprises can be expected to improve their detection mechanisms and practices
for securing different parts of the supply chain, leading to better chances of
thwarting attacks.
2.
Threats to Low-Code and No-Code
systems will grow.
No-Code application
development is a method of building applications without having to write code
but rather through platforms that allow people to drag and drop pre-configured
modules to create enterprise applications. Low-code
platforms still require coding skills but are designed to speed software
development via pre-written code blocks.
Both techniques are growing in popularity as organizations look to
accelerate software production while also grappling with a global skills
shortage. Gartner forecasts that the worldwide low-code
development technologies market will reach $13.8 billion by the end of 2021, a
22.6 percent increase from 2020.
We've learned all too well through the years that whenever
new technologies are implemented quickly - look at Internet of Things (IoT) security
issues, for example -security hygiene is more susceptible to being
overlooked. The No-Code and Low-Code movements probably have hackers
salivating, so companies using these methods will need to focus on protecting
themselves.
3.
Remote and hybrid work will accelerate
the adoption of "Zero Trust" security
The pandemic appears to have changed the nature of work forever: Many of
the companies that shifted to remote and hybrid models will keep those in place
permanently. That means organizations will need to continue placing a high
priority on what it means for security when increasing numbers of employees
work from anywhere, often via the cloud. They'll need to make sure they're
defending against the threats and attack vectors they know about now and any
new ones that emerge.
In the medium to long term, that might be even a blessing, but for now,
many are still scattering to realize the new security perimeter standard.
4.
Development organizations will accelerate "shift left" buy-in
"Shift left" has become a significant industry trend. It refers to the agile software
development methodology in which security testing is moved earlier in the
application lifecycle to detect vulnerabilities as soon as possible, rather
than waiting until immediately before release into production.
As cloud-native and Software-as-a-Service increasingly
become the rule in enterprises, more companies will recognize the need for shift-left
as they develop and deploy applications for which the old security rules of
on-prem environments no longer are relevant. Developers will see the benefits
of the shift-left approach and incorporate it as a key principle.
5.
The "everything-is-code" mantra will
become louder.
A new trend is likely to take hold where even
hardware goes towards a everything-is-code transition. For years,
virtualization technologies have been progressing toward this notion, but now,
in light of the global chip manufacturers shortage, giants like Intel and
Nvidia have started to introduce code-solutions to harness a hardware-like
experience. This in turn will require ops and IT teams to adapt, with a stronger focus on code visibility for better
security.
Let's hope the cybersecurity landscape is less tumultuous in 2022 than
2021 was. But we can't count on it. It will be interesting to see how these
five trends play out.
##
ABOUT THE AUTHOR
Moshe
Zioni is Vice President of Security Research at code
risk platform provider Apiiro and former Director of Threat
Research at Akamai.