16 cybersecurity solutions for protecting sensitive data in the cloud

On December 8, 2021, NetSPI Chief Technology Officer Travis Hoyt was featured in an article written by the Forbes Technology Council. Read the full article below or online here.

+ + +

A move to the cloud comes with multiple cost and productivity benefits for companies, including outsourcing hardware maintenance, the ability to quickly expand and easy access to the latest software. But while the cloud offers convenience, it can also add to a company’s cybersecurity risks. A significant cyberattack on a cloud provider can trickle down and affect all of that provider’s clients. 

It’s important that both cloud providers and the companies who purchase their services stay up to date on the latest and most effective cybersecurity solutions for protecting essential assets in the cloud. Below, 16 industry experts from Forbes Technology Council share new and trending cybersecurity paradigms that companies must consider to best protect their sensitive data in the cloud.

1. Quantum Computing

Ransomware extortion impacts every industry. There are a lot of solutions being used to thwart cybersecurity threats, but one of the most promising solutions is quantum computing. There are still questions about quantum’s viability—particularly around its deployment and high costs—but in the long term, it may prove to be the most effective way to combat cyberattacks and protect user data. – Jason Jantz, ReadyMode

2. A Focus On Access Management And Segmented Environments

Consider automated posture management and strong remediation requirements with a heavy focus on identity access management, including application programming interface keys. Segment your environments at the account/subscription level instead of just at the virtual private cloud level to create hard barriers between your assets, and use focused VPC-to-VPC connections to reduce the potential blast radius. – Travis Hoyt, NetSPI

3. Cloud-Based File Sharing

The debate about cloud security frequently overlooks a common surface of unauthorized data exposure: email. Emailing data, especially to a person outside of your organization, is typically less secure than using a cloud-based file-sharing app. Yet when cloud apps are blocked, an unintended consequence is that users default to email to share sensitive data, thereby creating greater security risks. – Edmund Zagorin, Bid Ops

4. Least-Privilege Policies

Identities are the foundation of cloud security, since the only perimeter between applications and data is a user login. Therefore, companies need to proactively manage identities, including permissions and entitlements. Enforcing least privilege, in which human and machine identities only have access to the resources they need to perform their business functions, is a must in the cloud. – Shai Morag, Ermetic

5. Reviews Of Vendor Cybersecurity Risk Management Protocols

Given the prevalence of supply chain hacks that impact multiple clients, companies implementing cloud services need to request and review their key communications providers’ and internet service providers’ cybersecurity risk management protocols to ensure potential vulnerabilities don’t turn into exposures. – Michael Gurau, Altman Solon

6. Added-Value Email Security Layers

If not done correctly, cloud migration can impart major risks to organizations. With over 90% of malware transmitted over the cloud via email, businesses need to start focusing more on dynamic and added-value email security layers. Only through building a comprehensive blend of new and old systems can you ensure some level of protection. – Oren Eytan, odix

7. Insurance To Cover Ransomware Costs

I was recently part of a meeting regarding a cloud storage company that was hacked. The company could not afford the ransom cost, and all its clients were impacted. The cloud company did not have enough insurance, so leadership determined it was best to just shut the doors. The company had six data centers and 42,000 users. Review your insurance policies to be ready for the worst-case scenario! – Nick Damoulakis, Orases

8. Identity Orchestration

With multiple clouds, data and account passwords have become distributed across many users, who access numerous apps that run across different clouds. This creates a massive attack surface. Passwords are the weak link in the security chain. The ideal solution is to authenticate users without the dependency on passwords. Use identity orchestration to roll out multifactor authentication for your apps without rewriting them. – Eric Olden, Strata Identity

9. Encrypted And Tokenized Data

First, protect data natively rather than relying on old-school (on-premises) perimeter/environment security paradigms, which are haphazardly adapted for the cloud. For sensitive or personal data, encrypt at rest and tokenize when the payload doesn’t need to be known for the process to work. The old behavioral issue of using copies of real data for systems testing must be replaced by the use of synthetic data. – Simone Steel, Nationwide Building Society

10. Multilayered User-Activity Monitoring

Most security risks associated with the cloud have to do with data and access breaches. A lot of cloud service providers have adequate security measures in place. However, it is ultimately up to client companies to install a multilayered method for monitoring user activity. This may include multifactor authentication, data-at-rest encryption and/or a perimeter firewall. – Ondrej Krehel, LIFARS LLC

11. Transformation Of Data To Ciphertext

In a word, the answer is “encryption.” Strong encryption transforms your data into ciphertext, ensuring that any lost data remains unreadable and meaningless to others. This protects you from unauthorized access, data breaches, data exposures, government legislative access provisions and, potentially, even the requirement to provide notifications under various privacy breach regulations such as GDPR. Only you hold the key. – Leonard Kleinman, Palo Alto Networks

12. A Focus On Internal Security

Experts position infrastructure as a service and platform as a service as more secure than any self-managed, organization-owned data center could be, but they fail to mention the shared security model that is inherent in these services. The provider owns some responsibility for security, but not all. You must consider how your internal security team will own and enforce security across applications, workloads and containers in the cloud. – Ian McShane, Arctic Wolf

13. Enhanced Identity Access Management

In eDiscovery, there is no new security paradigm; there are only best practices and proven tools. The approach to risk management changes in the cloud. The single-sign-on portal is the gateway to the data and resources bad actors want. This makes identity access management a top priority. Control your identities, and you can reduce your cybersecurity risks. – Jordan McQuown, George Jon

14. Behavior Monitoring Through Machine Learning

In some organizations, cloud credentials might be outside the scope of internal network security policies and controls. Using machine learning, security teams can distinguish between normal and abnormal behavior. They can easily and immediately discover who is using cloud resources to upload sensitive corporate information or illicitly access cloud applications and revoke their credentials. – Stephen Moore, Exabeam

15. Privacy-Enhancing Technologies

Tech companies should consider privacy-enhancing technologies, which deliver advanced cyber resilience and allow the sharing of data while protecting security and privacy. Given the increased shift to cloud storage, the relevance of PETs will grow in the future since they satisfy legal and regulatory mandates and prevent malicious attacks on sensitive data. – Roman Taranov, Ruby Labs

16. Zero Trust

Migrating to a cloud-based infrastructure means adopting a zero-trust cybersecurity policy. It requires more frequent testing, clearer segmentation and better transparency in a company’s infrastructure. The importance of ID authentication and authorized access to detailed data also increases, especially among company employees, and zero trust also considers the need to limit access to third parties. – Robert Strzelecki, TenderHut


NetSPI Adds IoT Penetration Testing to its Suite of Offensive Security Services

Led by IoT security expert Larry Trowell, the IoT pentesting services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.

Minneapolis, Minnesota  –  NetSPI, the leader in enterprise penetration testing and attack surface management, today announced the launch of its IoT penetration testing services, which will be added to its existing suite of penetration, adversary simulation, and attack surface management capabilities. With the stark growth of IoT adoption over the past few years, pentesting is now a critical asset for companies to understand and assess the overall strength and accountability of their internet-connected systems against sophisticated and targeted cyber attacks. 

NetSPI’s new IoT testing services encompass the following capabilities:  

  • ATM Penetration TestingIdentify the security issues and common vulnerabilities on relevant ATM systems and provide actionable recommendations for improving the overall security posture. Learn more about ATM pentesting.
  • Automotive Penetration TestingIdentify security issues on relevant vehicles and provide recommendations to improve the current systems – at any stage of automotive development. Learn more about automotive pentesting.
  • Medical Device Penetration TestingThrough a combination of threat modeling and penetration testing, determine possible medical device security risks and identify whether devices meet or exceed the current standards and recommendations by the FDA Premarket Cybersecurity Guidelines. Learn more about medical device pentesting.
  • Operational Technology (OT) Architecture and Security ReviewIdentify industrial control system (ICS) vulnerabilities with a focus on the OT processes in a Defense in Depth strategy. NetSPI will investigate the configuration and architecture of the systems and help address issues with asset inventory, network configuration, and segmentation. Learn more about OT architecture and security review.
  • Embedded Penetration TestingIdentify embedded system vulnerabilities in a multitiered penetration test across multiple disciplines. Look for security gaps at all stages of embedded development that may affect each layer of the device. Learn more about embedded pentesting. 

“IoT has become part of our daily lives, but these devices and systems are often overlooked from a security perspective. Tapping into our innovation-driven culture and our best-in-class technologies, NetSPI’s IoT pentesting team is uniquely qualified to find and help fix the most critical security gaps in these systems,” said Aaron Shilts, President and CEO at NetSPI. “Our team is currently gearing up for game changing IoT pentesting projects in 2022. We were selected to test smart city technologies and ATM networks for some of the most transformative organizations in the world. NetSPI is thrilled to be a prominent player in future-proofing IoT security worldwide.” 

To keep up with the growth of IoT and assist with the complexity in this space, NetSPI has brought on one of the foremost IoT security experts, Larry Trowell, as Principal Consultant to provide additional leadership, guidance, and accountability within the IoT security practice.  

“IoT pentesting has become an important part of security strategy and business processes – especially given the increased connectedness in both personal and professional lives,” said Trowell. “There is currently a gap in the market to effectively monitor and assess the risks of these devices. NetSPI’s new offering allows our team to devote its resources and ensure the security of all embedded devices for our customers.” 

To learn more about NetSPI’s IoT security capabilities, visit the NetSPI website.  

About NetSPI

NetSPI is the leader in enterprise security testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world’s five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. NetSPI offers Penetration Testing as a Service (PTaaS) through its Resolve™ penetration testing and vulnerability management platform. Its experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces, historically testing over 1 million assets to find 4 million unique vulnerabilities. NetSPI is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures. Follow us on FacebookTwitter, and LinkedIn.

Media Contacts:
Tori Norris, NetSPI 
(630) 258-0277 

Amanda Echavarri, Inkhouse for NetSPI 
(978) 201-2510


ITSP Magazine: The OWASP Top 10 2021 Edition: What Changed And What Must You Change In Application Development Given The Updated Top List Of Broken (AKA Weak Or Vulnerable) Things?

On December 7, 2021, NetSPI Managing Director Nabil Hannan was a featured guest on ITSPmagazine’s Redefining Security Podcast, where they discuss the new OWASP Top 10 2021. Listen below or view online here.

Episode Summary

Every few years, a group of individuals work together to deliver what has become a staple in application security practices: The Open Web Application Security Project (OWASP) Top 10. In the 2021 edition, the team took a fresh look at the data and what it means. Everything changed while staying the same.

Episode Notes

Every few years, a group of individuals work together to deliver what has become a staple in application security practices: The Open Web Application Security Project (OWASP) Top 10. In the 2021 edition, the team took a fresh look at the data and what it means. Everything changed while somehow stayed the same.

The real changes are in how organizations should look at this information and how to use it to make a difference in their application development and information security programs. While data analytics played a huge role in changing the game for the OWASP Top 10 for 2021, it’s the humans that will see the outcomes come to fruition. Or, at least we hope.



Diana Kelley
On ITSPmagazine

Andrew van der Stock
On LinkedIn |
On Twitter |

Nabil Hannan
On LinkedIn |
On Twitter |


@Hack: Cybersecurity Transformation in Saudi Arabia

Shortly after Thanksgiving, we packed our bags and ventured off to Riyadh, Saudi Arabia for the inaugural @Hack cybersecurity event. We were invited to exhibit at the SecureLink booth, who we recently partnered with to expand NetSPI’s services to the Middle East and Africa (MEA).

Over the past two years, the Kingdom of Saudi Arabia has gone through accelerated digital transformation, driven heavily by its Vision 2030 reform plan. And with this digital transformation, comes expanded attack surfaces and more exposure to cyber threats. This was a key theme and concern during the event – and a large part of why the event was organized in the first place.

It was exciting to see the energy and enthusiasm around technology and cybersecurity (almost as exciting as when we realized that @Hack was synonymous with “attack”). @Hack organizers estimated that more than 14,000 people from 70 countries were in attendance, many of which we spoke to at the NetSPI stand about the state of security in Saudi Arabia, penetration testing, cybersecurity education, cybersecurity jobs, and more.

As we packed up to head to our next destinations, we took time to reflect on our conversations, the people we met, and the key themes we observed on the show floor.

Cybersecurity Maturity in the Kingdom of Saudi Arabia

The Kingdom of Saudi Arabia has only recently focused on transforming their technological infrastructure and has invested in becoming a technological powerhouse in the region. At the conference itself, we saw the use of QR codes, mobile payments, digital sharing of contact information, and more. Although their technology adoption is very high, there is an opportunity for the region to mature its understanding of and focus on cybersecurity challenges.

One of the younger attendees came from Egypt and participated in the “bug bounty” challenge. He came in 2nd place and mentioned how the challenge to him was simple compared to what he was used to in his home country. To us, this indicates that security is not necessarily at the forefront of Saudi Arabia’s considerations when acquiring or deploying technology, and there is some catching up it needs to do to ensure security keeps pace with its technological developments.

We also recognized that most of the cybersecurity work performed is based on what is mandated by the Kingdom of Saudi Arabia government. Penetration testing services are not a large part of that discussion today, but we anticipate security testing activities – pentesting, secure code review, threat modeling, red team, design reviews – will be part of the requirements very soon.

The State of Penetration Testing

At the event, we were surprised to hear that the concept of penetration testing is new to most people and organizations in the region. In many of our conversations, we heard that they were interested in purchasing products and software solutions that could take care of all security concerns. But, as we know, even the largest technology companies can make security mistakes (see: Microsoft Azure CVE-2021-4306).

There were a number of misconceptions about penetration testing that we helped to address at the show. Notably, the difference between penetration testing and simply running an automated scanner tool or a monitoring solution.

The explosion in technology adoption over the last few years has caused many companies to rapidly seek new and innovative security solutions, however, the adoption of pentesting services in the Middle East will be largely driven by regulation.

Youth and Women in Cybersecurity

@Hack brought a diverse group of people together. Students as young as 11 stopped by our booth and were eager to learn from us. It was incredible to see the younger generation’s interest in cybersecurity careers and education. Questions we were asked include, “how can we learn more?”, “where can I find more resources?”, “what resources should I look at to become a pentester?”, and “can you hire me and train me?”

A large portion of those coming into the industry are students who have learned from global online communities, including bug bounties, capture the flag, and online forums. For continued reading, this Arab News article highlights some of the young attendees involved at the event.

Across the globe, there are initiatives to get women more involved in cybersecurity. Cybersecurity Ventures and WiCys predict that women will hold 25 percent of cybersecurity jobs globally by the end of 2021, up from 20 percent in 2019. This was evident @Hack.

Women were equally, if not more, involved at the conference than their male counterparts in terms of communication, interest, types of questions they were asking, etc. The transition to more progressive ideologies in the region has clearly resulted in a large influx of highly educated and motivated women wanting to break into the space.

Overall, the event was a great opportunity to connect and share information with security peers across the globe and we hope they will put on @Hack next year. With our new SecureLink partnership, we’re excited to continue educating the region on the benefits of penetration testing and the value it brings when done well. Want to connect with us at the next big cybersecurity event? We’re heading to RSA Conference in San Francisco, February 7-10, 2022. Schedule a meeting with us!

Explore our penetration testing, adversary simulation, and attack surface management services.
Back 15 Experts Share 2022 Security Predictions

On December 2, 2021, NetSPI Managing Director Florindo Gallicchio was featured in an article written by David Marshall for Read the full article below or online here.

Wondering where cybersecurity is headed as we enter 2022?  Read these predictions from 15 security industry experts as they weigh in and offer up their thoughts on the coming year.


Kevin Breen, Director of Cyber Threat Research, Immersive Labs

“We’ve seen an unfortunate increase in ransomware attacks, data leaks, and the sophistication of overall attack methods in the past year. While government-issued mandates have driven a positive increase in information sharing and disclosing rich technical details shortly after vulnerabilities are identified, we are still lacking critical workforce-wide cyber education. 

In 2022 there’s a lot more we can do to educate the entire workforce on how they can best identify and be prepared for cyber risks – and empower them to be defensive assets to their organizations. This now lies beyond security teams; it’s everyone’s responsibility and remit, from legal to sales to technical teams. Organizations need to ensure there is a fundamental understanding of security and cyber crisis preparedness workforce-wide, and I expect we’ll see businesses make more deliberate efforts and investments to address this gap.

Unfortunately, ransomware is likely not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities. The attack surface will likely reduce as larger groups dissolve, and in turn we’ll see affiliates move between RaaS operators as they rise and fall like REvil and BlackMatter. The attackers will always have the first-move advantage, but that’s why it’s crucial that we exercise the wider organization’s cyber crisis response to ensure everyone is prepared when the worst case scenario strikes.”


James Christiansen, VP and CSO Cloud Strategy, Netskope

“In 2021 we’ve seen a rise of the “Great Resignation” and the utilization of gig workers. Specifically, with gig workers, the rapid churn of short-term projects and the widespread set of skills in demand means that background checks may be overlooked and the security of their own computers isn’t up to corporate standards. At the same time, in 2021 Netskope Threat Labs found that departing employees upload 3X more data to personal apps in their final month of employment. Taken together, both of these developments point to a need for corporations to rethink their insider threat strategy.”

Ray Canzanese, Director, Netskope Threat Labs

“By the end of 2022 malicious Office documents will account for more than 50% of all malware downloads as attackers continue to find new ways to abuse the file format and evade detection.  At the beginning of 2020, Office documents accounted for only 20% of all malware downloads and have increased to 40% in 2021. This trend will continue due to the pervasive nature of Office documents in the enterprise and the many different ways they can be abused, making them an ideal malware delivery vector.”


Theresa Lanowitz, Head of Cybersecurity Evangelism, AT&T Business

Further acceleration to 5G networks 

“While 5G adoption accelerated in 2021, in 2022, we will see 5G go from a new technology to a business enabler. While the impact of 5G on new ecosystems, devices, applications, and use cases ranging from automatic mobile device charging to streaming, 5G will also benefit from the adoption of edge computing due to the convenience it brings. We’re moving away from the traditional infosecurity approach to securing edge computing. With this shift to the edge, we will see more data from more devices, which will lead to the need for stronger data security.  

Ransomware will be the most feared adversary 

The year 2021 was the year the adversary refined their business model. With the shift to hybrid work, we have witnessed an increase in security vulnerabilities leading to unique attacks on networks and applications. In 2022, ransomware will continue to be a significant threat. Ransomware attacks are more understood and more real as a result of the attacks executed in 2021. Ransomware gangs have refined their business models through the use of Ransomware-as-a-Service and are more aggressive in negotiations by doubling down with DDoS attacks. The further convergence of IT and OT may cause more security issues and lead to a rise in ransomware attacks if proper cybersecurity hygiene isn’t followed.

While many employees are bringing their cyber skills and learnings from the workplace into their home environment, in 2022, we will see more cyber hygiene education. This awareness and education will help instill good habits and generate further awareness of what people should and shouldn’t click on, download, or explore.” 

Bindu Sundareason, Director at AT&T Cybersecurity

Zero Trust will be the security model of choice

“Traditional cybersecurity practices focus on a ‘castle and moat’ model, where security protocols concentrate on keeping threats out. This approach assumes that any user with the right credentials to access a network has done so legitimately and can be trusted to move freely through the system. However, as more organizations move their data and operations to the cloud more rapidly, the concept of a security perimeter as we know it is becoming obsolete. As a result, organizations will continue to focus on adopting a Zero Trust security model which restricts network access to only those individuals who need it.

Securing data with third-party vendors in mind will be critical 

Attacks via third parties are increasing every year as reliance on third-party vendors continues to grow. Organizations must prioritize the assessment of top-tier vendors, evaluating their network access, security procedures, and interactions with the business. Unfortunately, there are many operational obstacles that will make this assessment difficult, including a lack of resources, increased organizational costs, and insufficient processes. The lack of up-to-date risk visibility on current third-party ecosystems will lead to loss of productivity, monetary damages, and damage to brand reputation.”


Jason Rebholz, CISO, Corvus Insurance

Ransomware + Impacts on Cyber Insurance

Ransomware is the defining force in cyber risk in 2021 and will likely continue to be in 2022. While ransomware has gained traction over the years, it jumped to the forefront of the news this year with high profile attacks that had impacts on the day to day lives of millions of people. The increased visibility brought a positive shift in the security posture of businesses looking to avoid being the next news headline. We’re starting to see the proactive efforts of shoring up IT resilience and security defenses pay off, and my hope is that this positive trend will continue. When comparing Q3 2020 to Q3 2021, the ratio of ransoms demanded to ransoms paid is steadily declining, as payments shrank from 44% to 12% respectively, due to improved backup processes and greater preparedness. Decreasing the need to pay a ransom to restore data is the first step in disrupting the cash machine that is ransomware.

Although we cannot say for certain, in 2022 we can likely expect to see threat actors pivot their ransomware strategies. Attackers are nimble – and although they’ve had a “playbook” over the past couple years, thanks to widespread crackdowns on their current strategies, we expect things to shift. We have already seen the opening moves from threat actors. In a shift from a single group managing the full attack life cycle, specialized groups have formed to gain access into companies who then sell that access to ransomware operators. As threat actors specialize on access into environments, it opens the opportunity for other extortion based attacks such as data theft or account lockouts – all of which don’t require the encryption of data. The potential for these shifts will call for a great need in heavier investments in emerging tactics and trends to remove that volatility.”


Brian Murphy, CEO and Founder, ReliaQuest

Tackling the skills transfer issue to finally make progress in addressing the gap

“If this past year taught us anything, it’s that cyber attacks are only increasing, so it’s paramount that organizations have the best talent to prevent and address these breaches when they occur. In 2022, the industry will need to make substantial progress in addressing the cybersecurity skills gap as efforts thus far haven’t shown the progress we need to properly address increasing threats. (ISC)2’s recent report made it clear – there aren’t yet enough cyber pros to build secure tech, implement protections or respond to breaches.

While it’s great to see the efforts of the private sector prioritize training in cyber skills, and making cyber awareness training accessible to everyone, I hope, and expect, the industry will direct more of its efforts into tackling the broader skills transfer issue. There are plenty of people ready to raise their hand and help with this ongoing problem, but we need to better equip them with the right skills. I hope to see more companies in the new year investing in meaningful skills initiatives, like Microsoft’s work with community colleges and ReliaQuest’s work with 3DE high schoolers. These education-based efforts aim to encourage the next generation of the workforce to take interest and gain critical skills to shape the future cyber workforce.”

Marcus Carey, Enterprise Architect, ReliaQuest

“2022 will be the year cryptocurrencies go mainstream. Already, big players are making moves into this space and NFTs are becoming increasingly popular among celebrities. We’ve unfortunately seen businesses use cryptocurrencies to make ransomware payments, but in 2022, they will become a more widely utilized method for companies to do things like compensate employees and take payments from customers. This will open up a whole new paradigm for security teams and CISOs, as there will be an increased emphasis on the security aspects of these new technologies.

CISOs and security teams will need to have an understanding of all of the facets of cryptocurrencies, including different blockchains like Ethereum and Solana, smart contracts, and hot and cold storage. Just as cybersecurity teams audit code now, they will have to audit smart contracts – which are automated agreements written in code and incorporated into the blockchain. Cybersecurity teams and IT teams will need to manage hot wallets, which are used for transactions, and cold wallets, which are used for long term storage. There are various aspects and implications that CISOs and their teams will need to understand in order to keep money secure. Cryptocurrency is the “Wild West” of the digital world today. Companies need to prepare now for the impact it will have in the year ahead.” 


Tobi Knaup, CEO, D2iQ

Putting forth a DevSecOps approach from the start

“The pandemic pushed us further into the cloud, which has made us more reliant on microservices and containers. However, the rapid proliferation of microservices has outpaced the cyber security capabilities of most organizations. In an effort to improve cloud native cyber security practices, organizations will begin to embed security from the very beginning of the development process, ensuring microservice remain secure wherever they are deployed. As organizations become more agile, putting forth a DevSecOps approach from the start ensures microservices are adequately secured.”


James Condon, Director of Research, Lacework

“Linux and cloud infrastructure are emerging targets of malware and ransomware attacks: Threat actors are looking for the path of least resistance – the easiest way to break through with the greatest return. The traditional methods of enterprise network intrusions to obtain data (or other valuable company information) is still resulting in success. However, cloud infrastructure is heavily Linux-based (80+ percent) and with cloud adoption increasing, especially as a result of the pandemic, threat actors are turning their focus to cloud-based targets. The Lacework team found that PYSA Ransomware Gang added Linux Support, which indicates that ransomware gangs and other attackers may be pivoting to cloud strategies. Furthermore, continued identification of new linux malware families are growing increasingly complex, adding to the mounting concerns.”

Chris Hall, Cloud Security Researcher, Lacework

“Crimeware actors will continue leveraging initial access brokerage and crypto jacker techniques: Currently, we are seeing a lot of cloud environments being compromised by crypto jacker techniques. These aren’t generating a ton of noise within the larger cyber community currently; however this is an area that attackers will continue to leverage and start to carry out on a larger scale in the coming year.”


Eric O’Neill, National Security Strategist, VMware

If 2021 was the year of the Zero Day, 2022 will be the year of Zero Trust: 

In 2021, defenders caught the highest number of Zero Days ever recorded. We saw a massive proliferation of hacking tools, vulnerabilities, and attack capabilities on the Dark Web. As a response, 2022 will be the year of Zero Trust where organizations  “verify everything” vs. trusting it’s safe. We’ve seen the Biden administration mandate a Zero Trust approach for federal agencies, and this will influence other industries to adopt a similar mindset with the assumption that they will eventually be breached. A Zero Trust approach will be a key element to fending off attacks in 2022.”

Karen Worstell, Senior Cybersecurity Strategist, VMware

Accelerated delivery of the benefits of 5G infrastructure will highlight IoT security needs.

“The pandemic made it abundantly clear how important 5G infrastructure is for rural areas in the U.S. The rollout of 5G will enable better access to healthcare, educational innovations, and public services. The Biden administration’s infrastructure bill, which includes  provisions for broadband delivery and access, provides the industry with another nudge in the right direction to roll it out. As 5G service delivery expands, there will be a growing demand for IoT security and engineering to ensure that network complexity does not become yet another security liability. We must also focus on securing the far edge much like we handle the data center edge today — this will put new demands on incident detection and response. Future-ready capabilities like EDR (endpoint detection and response) will need to evolve  in order to keep an expanding service level and constituency safe.”


Florindo Gallicchio, Managing Director, Head of Strategic Solutions, NetSPI

Cybersecurity budgets will rebound significantly from lower spend levels during the pandemic

“As we look to 2022, cybersecurity budgets will rebound significantly after a stark decrease in spending spurred by the pandemic. Ironically, while COVID-19 drove budget cuts initially, it also accelerated digital transformation efforts across industries – including automation and work-from-home infrastructure, which have both opened companies up to new security risks, leading to higher cybersecurity budget allocation in the new year. Decisions are being made in Fortune 500+ companies with CFOs on the ground, as these risk-focused enterprises understand the need for larger budgets, as well as thorough budgeted risk and compliance strategies. Smaller corporations that do not currently operate under this mindset should follow the lead of larger industry leaders to stay ahead of potential threats that emerge throughout the year.”


Stephen Cavey, Co-founder of Ground Labs

Awareness and gamification will lead the future of data security plans

“As employees went remote the amount of potential data exposure greatly increased. This increased risk highlighted the strongest security weakness that criminals were actively targeting the organization’s people.

Traditional forms of mitigation of this risk in the form of physical training through classroom delivery have not been as effective as required to reduce the instances of data breaches caused by employees. In the coming year, CISOs and IT leaders will incorporate all parts of an organization into creating a well-rounded cybersecurity strategy that places employees at the center in order to mitigate risk.  We’re going to see more next-generation job roles such as “head of remote.” These new roles will be tasked with improving the remote experience which can open up a strong opportunity to weave a culture of data security and good data hygiene and awareness practices that are driven through educating on the unique risks of working remotely in isolation for prolonged periods. Adding elements of gamification is also an excellent way to remind, engage and motivate employees to practice better cybersecurity habits.”

Discover why security operations teams choose NetSPI.