2022 Cybersecurity Predictions: Even More Reasonware, But Reason for Optimism
Human error will remain a top cause of breaches.
![Cybersecurity in 2022 Cybersecurity in 2022](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltd762b2c47f88bcee/65243a347f5f8b1bf5f37856/Cybersecurity-in-2022.jpg?width=700&auto=webp&quality=80&disable=upscale)
Internet cybersecurity concept with lock and keyboard in 2022 yearShutterstock
Tim Wade is technical director of Vectra‘s CTO team.
“While managed security services will continue to grow in volume, a non-trivial subset of organizations will meet talent shortfalls with automation, orchestration and analyst-augmenting artificial intelligence (AI),” he said. “They’ll recognize that outsourcing business context to an external entity can be exceptionally difficult, and a few well-equipped and supported internal resources can be more effective than an army of external resources.”
John Bambenek is Netenrich‘s principal threat hunter.
“Organizations will continue to face resource challenges as they look to fill existing and new IT positions,” he said. “Ultimately, they will have to hire more people, rely on vendors for services, or invest in automation. The end state will likely be some form of all three. The work needs doing regardless of headcount, so allowing automation to handle the basic problems enables IT experts to focus and resolve the more critical issues. Companies can also focus on their IT workers’ well-being with balanced workloads to retain valued staff.”
Tyler Shields is JupiterOne‘s CMO.
“While ransomware will continue to be a major issue for enterprises in 2022, I believe there will be a significant increase in misconfigurations, and shadow or unknown asset attacks,” he said. “We saw this problem growing throughout 2021, and with the pace of cloud transformation and application development growth, I would be surprised if the impact of these issues doesn’t continue to grow in 2022.”
Bud Broomhead is Viakoo‘s CEO. He said with the growth of vulnerabilities targeting IoT/OT systems, ransomware threats will continue to worsen by means of ransomware as a service (RaaS).
“This method helps bad actors execute even quicker by using proven techniques to stage an attack, while efficiently outsourcing the backend commodity infrastructure to save time,” he said. “Organizations should pay more attention to not only critical services and systems supporting employees and customers, but also secondary systems that are less obvious prey. These systems may not contain sensitive data, but can inadvertently provide access to the more desirable targets.”
Casey Ellis is Bugcrowd‘s founder and CTO.
“The rapid and globally synchronized shift to work-from-home was hugely impactful from a security attack surface standpoint, but we were collectively focused on the same goals,” he said. “As the dust begins to settle on the pandemic, a new threat emerges: technological disruption as a result of a transition to hybrid work, where the goals are widely varied and generally less defined. As a result, the home is now viewed as part of the attack surface. And this introduces such a vast number of new variables that it’s safe to say that we don’t really know how that works yet. This is a disturbing development because it is so easy to determine the home address of a potential target these days, bringing the employee’s house into scope as a newly vulnerable attack surface.”
In the past, the home as an attack vector was rarely interesting to sophisticated nation-state attackers or cybercriminal gangs, “but we should expect to see more activity in this area over the coming year,” Ellis said.
Sundaram Lakshmanan is Lookout‘s CTO of secure access service edge (SASE) products.
“One of the major advantages of SaaS apps is the ease by which we can collaborate with colleagues, customers and business partners,” he said. “Using apps like Workday, Salesforce, Slack, Google Workspace or Microsoft 365, we can share content and collaborate with others with very little friction. But this interconnectivity also significantly amplifies the impact of any user errors or attacks. Whether an employee accidentally shares a document with the wrong person or a compromised account extracts information, data now moves at lightning speed. As we head into 2022, with hybrid and remote work cemented as the new norm, I expect this to become an even bigger issue.”
Archie Agarwal is ThreatModeler‘s founder and CEO.
“The pressure of the business imperative to adopt cloud at rapid speed during the pandemic will begin to unravel as it becomes apparent security slipped through the cracks during the rushed migration,” he said. “As a result, we will witness the rise of huge breaches due to simple cloud security misconfigurations and permissions errors. This will fuel the mushrooming of startups based on automation of cloud configuration, permission analysis and remediation platforms.”
Joseph Carson is ThycoticCentrify‘s chief security scientist and advisory CISO.
“Zero trust has been a trend that has topped cybersecurity priorities for the past few years,” he said. “It’s becoming a more important framework to not only reduce the known security risks of the past, but also to reducing the security risks of the future. As companies start looking into what zero trust really is, it becomes very clear that it is not a single solution you purchase or install, or a task you check as complete. Zero trust is a journey and a mindset on how you wish to operate your business in a secure way. You don’t become zero trust, you practice a zero trust mindset.”
In 2022, zero trust can help organizations establish a baseline for security controls that need to be repeated and force cybercriminals into taking more risks, Carson said. That results in cybercriminals making more noise that ultimately gives cyber defenders a chance to detect attackers early and prevent catastrophic cyber attacks.
Kevin Dunne is Pathlock‘s president.
“In 2022, zero trust will shift from a nice-to-have to a need-to-have item on every CISO’s agenda,” he said. “The federal government has already mandated that all agencies employ a zero trust approach, and agencies are moving quickly to put these safeguards in place. However, today’s approach to zero trust is mostly an application of least privileged access, and a rudimentary one at that. Organizations are providing what they believe to be the least amount of privileges required, but they are not monitoring after the fact to see what is actually used and removing what is not used. Monitoring of entitlement usage at the transaction level will be a critical capability to ensuring that least privileged access is a reality and not simply an assumption.”
John Hellickson is Coalfire‘s cyber executive advisor.
“As part of the executive order to improve the nation’s cybersecurity previously mentioned, one area of focus is the need to enhance software supply chain security,” he said. “There are many aspects included that most would consider industry best practice of a robust DevSecOps program. But one area that will see increased scrutiny is providing the purchaser, the government in this example, a software bill of materials. This would be a complete list of all software components leveraged within the software solution along with where it comes from. The expectation is that everything that is used within or can affect your software, such as open source, is understood, versions tracked, scrutinized for security issues and risks, assessed for vulnerabilities, and monitored, just as you do with any in-house developed code.”
This will have an impact on organizations that both consume and those who deliver software services, Hellickson said.
“Considering this can be very manual and time consuming, we could expect that third-party risk management teams will likely play a key role in developing programs to track and assess software supply chain security, especially considering they are usually the front line team who also receives inbound security questionnaires from their business partners,” he said.
Sharon Chand is Deloitte’s cyber secure supply chain leader.
“Security concerns will climb among supply chain risk management efforts,” she said. “The global supply chain is at the forefront of everyone’s mind today – including cyber attackers. While organizations focus on supply chain challenges like unloading container ships and managing workforce shortages while containing cost, cyberattackers are busy leveraging a hyper-connected digital supply networks to invent new attack vectors. Now is the time to move beyond just monitoring security risk in supply chains – and to start taking action to mitigate it.”
Patty Nagle is TeamViewer‘s president for the Americas
“The lack of strategic purchasing during the transition to hybrid work has left many enterprise IT infrastructures in disarray,” sjhe said. “Individuals within companies took it upon themselves to download the tools and software they needed to get by. A priority for 2022 will be reining in these out-of-network services to ensure the security and stability of companies’ IT infrastructures. 2021 was a year of expansion and testing. 2022 will be a year of consolidation and forward planning.”
Trend Micro researchers predict vulnerabilities will be weaponized in record time and chained with privilege escalation bugs to drive successful campaigns.
“It’s been a tough couple of years for cybersecurity teams, disrupted by work-from-home mandates and challenged as corporate attack surfaces have exploded in size,” said Jon Clay, Trend Micro’s vice president of threat intelligence. “However, as hybrid work emerges and more certainty returns day-to-day, security leaders will be able to plot a robust strategy to plug gaps and make the bad guys work much harder.”
IoT systems, global supply chains, cloud environments and DevOps functions will be in the crosshairs. More sophisticated commodity malware strains will be aimed at SMBs.
However, Trend Micro predicts many organizations will be ready for the challenge as they build out and implement a strategy to proactively mitigate these emerging risks.
Mary Galligan is Deloitte’s U.S. cyber and strategic risk crisis management leader and board educator.
“Security training will get smarter and more frequent as the Great Resignation continues,” she said. “Various internal and external groups look at organizational cybersecurity through different lenses, ranging from educating boards of directors about new threat types and scenarios, to training new employees to help mitigate risks and security gaps created by high workforce turnover. Tailoring training to specific audiences and updating them frequently will remain a top priority for many organizations in the new year.”
John McClurg is BlackBerry‘s senior vice president and CISO.
“5G will transform critical infrastructure in every industry, including the growth of cloud computing, industrial automation and augmented reality,” he said. “As 5G redefines network architecture, the cybersecurity community’s approach in securing it must change in tandem. This accelerated transformation away from hardware-based routing and towards a digitally defined world – a key component of the 5G network – will leave millions more vulnerable to cyberattacks than ever before.”
Those living in smart cities powered by 5G, including London, Singapore, Dubai and more, could very likely suffer a major cyberattack in the coming year, McClurg said.
“5G is essential for smart cities looking to offer publicly available Wi-Fi and self-driving vehicles, but should be cause for security concerns,” he said. “As critical infrastructure becomes increasingly connected in smart cities, governments and security professionals should work together to mitigate risks and ensure security is implemented throughout every planning stage.”
The dissipating barrier between digital and physical, as well as the growing number of connected devices relying on this new technology, will open new doors for threat actors to strike, McClurg said. Strategies to secure this distributed network must be embedded into product design and built around 5G capabilities, not the other way around. Going forward, the cyber community must recognize and quickly address the looming responsibilities that await as 5G is implemented throughout every facet of life.
George Gerchow is Sumo Logic‘s CSO. He said having IT teams report into security departments is a model that will definitely start gaining traction in the industry.
“By 2030, 50% of the industry will be operating this way,” he said. “With the tech sector leading the way, this will affect companies everywhere – from FinTech to health care. With all organizations trying to become software companies, it’s time for them to behave like one. My hope is that by 2040 security departments don’t even exist anymore. What this means is that organizations will have security programmed into their entire systems so that everyone follows the best security practices and behaves in a secure fashion. With more and more hygiene in security, this concept is going to grow and eventually happen.”
George Gerchow is Sumo Logic‘s CSO. He said health and wealth will always be top targets of attacks.
“Not just FinTech or health care companies specifically, but since health and wealth are what matters most to humans, cybercriminals will hit us where it hurts,” he said. “One example of health is the personally identifiable information (PII) data that is being collected as employees enter company campuses. How is that data being retained and secured? What does the privacy around that data look like? Lastly, what about the security of the actual devices themselves? There’s going to be more uncertainty as campuses open up and cybercriminals will continue to attack all of that. In terms of wealth, this means attacking us where our money resides. I wouldn’t be surprised if the stock market is a top target in the coming years.”
Jadee Hanson is Code42‘s CIO and CISO. She said threat actors will target internal employees to exfiltrate data.
“In 2021, we saw attackers take a new approach to data exfiltration,” she said. “They targeted internal support teams, such as customer or IT support, to access and ultimately exfiltrate sensitive and proprietary data. We saw multiple instances of this, some successful and some not. However, we will likely see more of these incidents in 2022 as attackers continue to adapt their techniques.”
With attackers directly targeting employees to plant ransomware or extract sensitive data, security awareness training will be more important than ever before, Hanson said. Organizations will need to take a more proactive approach to empower a more risk-aware workforce and ultimately protect against insider risk events.
Jadee Hanson is Code42‘s CIO and CISO. She said threat actors will target internal employees to exfiltrate data.
“In 2021, we saw attackers take a new approach to data exfiltration,” she said. “They targeted internal support teams, such as customer or IT support, to access and ultimately exfiltrate sensitive and proprietary data. We saw multiple instances of this, some successful and some not. However, we will likely see more of these incidents in 2022 as attackers continue to adapt their techniques.”
With attackers directly targeting employees to plant ransomware or extract sensitive data, security awareness training will be more important than ever before, Hanson said. Organizations will need to take a more proactive approach to empower a more risk-aware workforce and ultimately protect against insider risk events.
Cybersecurity experts cite even more ransomware, weaponized vulnerabilities, and new hybrid work and 5G threats among their cybersecurity predictions for 2022.
The experts peered into their crystal ball and saw even more cybercriminals gearing up to pounce in the new year.
NCA’s Lisa Plaggemier
Lisa Plaggemier is interim executive director of the National Cybersecurity Alliance (NCA).
“Ransomware was definitely one of the biggest headline grabbers in cybersecurity this year,” she said. “And given how potentially lucrative it is, there’s no reason to suspect that it will be going anywhere anytime soon. One of the most concerning trends in terms of ransomware for 2022 is how ransomware impacts what may be considered to be soft targets, such as schools and health care organizations.”
Institutions in both of these areas hold troves of valuable data, Plaggemier said. Therefore it’s imperative that both of these spaces focus squarely on cybersecurity as the calendar flips to 2022.
With the ongoing newscycle and fear-mongering surrounding the newest cybersecurity threats, it can be easy to be bogged down and pessimistic about what the future holds for the cybersecurity industry, she said.
“However, there are huge reasons for us to be optimistic about 2022,” Plaggemier said. “There is no way around the fact that 2021 laid bare a lot of issues and holes that currently exist in global cybersecurity. However, with investments from both the public and private sector continuing to pour into both human and tools focused on cybersecurity, and growing public consciousness about the steps they can take to take control of their own cybersecurity, the future is arguably brighter than it has ever been.”
Human Error Remains Major Contributor to Breaches
For all the talk about ransomware and other emerging threats, the fact remains 95% of breaches have human error as a major contributing cause, Plaggemier said.
Therefore, organizations should invest in new training and awareness tactics that focus on engagement. That’s more effective than pressuring employees to get up to speed about best practices.
Training and awareness have proven to help boost confidence and know-how when it comes to cyber threats, Plaggemier said.
“For example, 82% of trained individuals reported a phish within an hour of receiving it,” she said. “This type of active engagement among workforces can immediately boost a company’s cybersecurity. Training and awareness that can drive positive action among employees should be a priority in 2022 for businesses.”
Scroll through our slideshow above for the experts’ 2022 cybersecurity predictions.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like