On December 2, 2021, NetSPI Managing Director Florindo Gallicchio was featured in an article written by David Marshall for VMBlog.com. Read the full article below or online here.
Wondering where cybersecurity is headed as we enter 2022? Read these predictions from 15 security industry experts as they weigh in and offer up their thoughts on the coming year.
Kevin Breen, Director of Cyber Threat Research, Immersive Labs
“We’ve seen an unfortunate increase in ransomware attacks, data leaks, and the sophistication of overall attack methods in the past year. While government-issued mandates have driven a positive increase in information sharing and disclosing rich technical details shortly after vulnerabilities are identified, we are still lacking critical workforce-wide cyber education.
In 2022 there’s a lot more we can do to educate the entire workforce on how they can best identify and be prepared for cyber risks – and empower them to be defensive assets to their organizations. This now lies beyond security teams; it’s everyone’s responsibility and remit, from legal to sales to technical teams. Organizations need to ensure there is a fundamental understanding of security and cyber crisis preparedness workforce-wide, and I expect we’ll see businesses make more deliberate efforts and investments to address this gap.
Unfortunately, ransomware is likely not going anywhere in 2022, but we will see attackers evolve their strategies in light of heavy crackdowns and supply chain insecurities. The attack surface will likely reduce as larger groups dissolve, and in turn we’ll see affiliates move between RaaS operators as they rise and fall like REvil and BlackMatter. The attackers will always have the first-move advantage, but that’s why it’s crucial that we exercise the wider organization’s cyber crisis response to ensure everyone is prepared when the worst case scenario strikes.”
James Christiansen, VP and CSO Cloud Strategy, Netskope
“In 2021 we’ve seen a rise of the “Great Resignation” and the utilization of gig workers. Specifically, with gig workers, the rapid churn of short-term projects and the widespread set of skills in demand means that background checks may be overlooked and the security of their own computers isn’t up to corporate standards. At the same time, in 2021 Netskope Threat Labs found that departing employees upload 3X more data to personal apps in their final month of employment. Taken together, both of these developments point to a need for corporations to rethink their insider threat strategy.”
Ray Canzanese, Director, Netskope Threat Labs
“By the end of 2022 malicious Office documents will account for more than 50% of all malware downloads as attackers continue to find new ways to abuse the file format and evade detection. At the beginning of 2020, Office documents accounted for only 20% of all malware downloads and have increased to 40% in 2021. This trend will continue due to the pervasive nature of Office documents in the enterprise and the many different ways they can be abused, making them an ideal malware delivery vector.”
Theresa Lanowitz, Head of Cybersecurity Evangelism, AT&T Business
Further acceleration to 5G networks
“While 5G adoption accelerated in 2021, in 2022, we will see 5G go from a new technology to a business enabler. While the impact of 5G on new ecosystems, devices, applications, and use cases ranging from automatic mobile device charging to streaming, 5G will also benefit from the adoption of edge computing due to the convenience it brings. We’re moving away from the traditional infosecurity approach to securing edge computing. With this shift to the edge, we will see more data from more devices, which will lead to the need for stronger data security.
Ransomware will be the most feared adversary
The year 2021 was the year the adversary refined their business model. With the shift to hybrid work, we have witnessed an increase in security vulnerabilities leading to unique attacks on networks and applications. In 2022, ransomware will continue to be a significant threat. Ransomware attacks are more understood and more real as a result of the attacks executed in 2021. Ransomware gangs have refined their business models through the use of Ransomware-as-a-Service and are more aggressive in negotiations by doubling down with DDoS attacks. The further convergence of IT and OT may cause more security issues and lead to a rise in ransomware attacks if proper cybersecurity hygiene isn’t followed.
While many employees are bringing their cyber skills and learnings from the workplace into their home environment, in 2022, we will see more cyber hygiene education. This awareness and education will help instill good habits and generate further awareness of what people should and shouldn’t click on, download, or explore.”
Bindu Sundareason, Director at AT&T Cybersecurity
Zero Trust will be the security model of choice
“Traditional cybersecurity practices focus on a ‘castle and moat’ model, where security protocols concentrate on keeping threats out. This approach assumes that any user with the right credentials to access a network has done so legitimately and can be trusted to move freely through the system. However, as more organizations move their data and operations to the cloud more rapidly, the concept of a security perimeter as we know it is becoming obsolete. As a result, organizations will continue to focus on adopting a Zero Trust security model which restricts network access to only those individuals who need it.
Securing data with third-party vendors in mind will be critical
Attacks via third parties are increasing every year as reliance on third-party vendors continues to grow. Organizations must prioritize the assessment of top-tier vendors, evaluating their network access, security procedures, and interactions with the business. Unfortunately, there are many operational obstacles that will make this assessment difficult, including a lack of resources, increased organizational costs, and insufficient processes. The lack of up-to-date risk visibility on current third-party ecosystems will lead to loss of productivity, monetary damages, and damage to brand reputation.”
Jason Rebholz, CISO, Corvus Insurance
Ransomware + Impacts on Cyber Insurance
“Ransomware is the defining force in cyber risk in 2021 and will likely continue to be in 2022. While ransomware has gained traction over the years, it jumped to the forefront of the news this year with high profile attacks that had impacts on the day to day lives of millions of people. The increased visibility brought a positive shift in the security posture of businesses looking to avoid being the next news headline. We’re starting to see the proactive efforts of shoring up IT resilience and security defenses pay off, and my hope is that this positive trend will continue. When comparing Q3 2020 to Q3 2021, the ratio of ransoms demanded to ransoms paid is steadily declining, as payments shrank from 44% to 12% respectively, due to improved backup processes and greater preparedness. Decreasing the need to pay a ransom to restore data is the first step in disrupting the cash machine that is ransomware.
Although we cannot say for certain, in 2022 we can likely expect to see threat actors pivot their ransomware strategies. Attackers are nimble – and although they’ve had a “playbook” over the past couple years, thanks to widespread crackdowns on their current strategies, we expect things to shift. We have already seen the opening moves from threat actors. In a shift from a single group managing the full attack life cycle, specialized groups have formed to gain access into companies who then sell that access to ransomware operators. As threat actors specialize on access into environments, it opens the opportunity for other extortion based attacks such as data theft or account lockouts – all of which don’t require the encryption of data. The potential for these shifts will call for a great need in heavier investments in emerging tactics and trends to remove that volatility.”
Brian Murphy, CEO and Founder, ReliaQuest
Tackling the skills transfer issue to finally make progress in addressing the gap
“If this past year taught us anything, it’s that cyber attacks are only increasing, so it’s paramount that organizations have the best talent to prevent and address these breaches when they occur. In 2022, the industry will need to make substantial progress in addressing the cybersecurity skills gap as efforts thus far haven’t shown the progress we need to properly address increasing threats. (ISC)2’s recent report made it clear – there aren’t yet enough cyber pros to build secure tech, implement protections or respond to breaches.
While it’s great to see the efforts of the private sector prioritize training in cyber skills, and making cyber awareness training accessible to everyone, I hope, and expect, the industry will direct more of its efforts into tackling the broader skills transfer issue. There are plenty of people ready to raise their hand and help with this ongoing problem, but we need to better equip them with the right skills. I hope to see more companies in the new year investing in meaningful skills initiatives, like Microsoft’s work with community colleges and ReliaQuest’s work with 3DE high schoolers. These education-based efforts aim to encourage the next generation of the workforce to take interest and gain critical skills to shape the future cyber workforce.”
Marcus Carey, Enterprise Architect, ReliaQuest
“2022 will be the year cryptocurrencies go mainstream. Already, big players are making moves into this space and NFTs are becoming increasingly popular among celebrities. We’ve unfortunately seen businesses use cryptocurrencies to make ransomware payments, but in 2022, they will become a more widely utilized method for companies to do things like compensate employees and take payments from customers. This will open up a whole new paradigm for security teams and CISOs, as there will be an increased emphasis on the security aspects of these new technologies.
CISOs and security teams will need to have an understanding of all of the facets of cryptocurrencies, including different blockchains like Ethereum and Solana, smart contracts, and hot and cold storage. Just as cybersecurity teams audit code now, they will have to audit smart contracts – which are automated agreements written in code and incorporated into the blockchain. Cybersecurity teams and IT teams will need to manage hot wallets, which are used for transactions, and cold wallets, which are used for long term storage. There are various aspects and implications that CISOs and their teams will need to understand in order to keep money secure. Cryptocurrency is the “Wild West” of the digital world today. Companies need to prepare now for the impact it will have in the year ahead.”
Tobi Knaup, CEO, D2iQ
Putting forth a DevSecOps approach from the start
“The pandemic pushed us further into the cloud, which has made us more reliant on microservices and containers. However, the rapid proliferation of microservices has outpaced the cyber security capabilities of most organizations. In an effort to improve cloud native cyber security practices, organizations will begin to embed security from the very beginning of the development process, ensuring microservice remain secure wherever they are deployed. As organizations become more agile, putting forth a DevSecOps approach from the start ensures microservices are adequately secured.”
James Condon, Director of Research, Lacework
“Linux and cloud infrastructure are emerging targets of malware and ransomware attacks: Threat actors are looking for the path of least resistance – the easiest way to break through with the greatest return. The traditional methods of enterprise network intrusions to obtain data (or other valuable company information) is still resulting in success. However, cloud infrastructure is heavily Linux-based (80+ percent) and with cloud adoption increasing, especially as a result of the pandemic, threat actors are turning their focus to cloud-based targets. The Lacework team found that PYSA Ransomware Gang added Linux Support, which indicates that ransomware gangs and other attackers may be pivoting to cloud strategies. Furthermore, continued identification of new linux malware families are growing increasingly complex, adding to the mounting concerns.”
Chris Hall, Cloud Security Researcher, Lacework
“Crimeware actors will continue leveraging initial access brokerage and crypto jacker techniques: Currently, we are seeing a lot of cloud environments being compromised by crypto jacker techniques. These aren’t generating a ton of noise within the larger cyber community currently; however this is an area that attackers will continue to leverage and start to carry out on a larger scale in the coming year.”
Eric O’Neill, National Security Strategist, VMware
If 2021 was the year of the Zero Day, 2022 will be the year of Zero Trust:
“In 2021, defenders caught the highest number of Zero Days ever recorded. We saw a massive proliferation of hacking tools, vulnerabilities, and attack capabilities on the Dark Web. As a response, 2022 will be the year of Zero Trust where organizations “verify everything” vs. trusting it’s safe. We’ve seen the Biden administration mandate a Zero Trust approach for federal agencies, and this will influence other industries to adopt a similar mindset with the assumption that they will eventually be breached. A Zero Trust approach will be a key element to fending off attacks in 2022.”
Karen Worstell, Senior Cybersecurity Strategist, VMware
Accelerated delivery of the benefits of 5G infrastructure will highlight IoT security needs.
“The pandemic made it abundantly clear how important 5G infrastructure is for rural areas in the U.S. The rollout of 5G will enable better access to healthcare, educational innovations, and public services. The Biden administration’s infrastructure bill, which includes provisions for broadband delivery and access, provides the industry with another nudge in the right direction to roll it out. As 5G service delivery expands, there will be a growing demand for IoT security and engineering to ensure that network complexity does not become yet another security liability. We must also focus on securing the far edge much like we handle the data center edge today — this will put new demands on incident detection and response. Future-ready capabilities like EDR (endpoint detection and response) will need to evolve in order to keep an expanding service level and constituency safe.”
Florindo Gallicchio, Managing Director, Head of Strategic Solutions, NetSPI
Cybersecurity budgets will rebound significantly from lower spend levels during the pandemic
“As we look to 2022, cybersecurity budgets will rebound significantly after a stark decrease in spending spurred by the pandemic. Ironically, while COVID-19 drove budget cuts initially, it also accelerated digital transformation efforts across industries – including automation and work-from-home infrastructure, which have both opened companies up to new security risks, leading to higher cybersecurity budget allocation in the new year. Decisions are being made in Fortune 500+ companies with CFOs on the ground, as these risk-focused enterprises understand the need for larger budgets, as well as thorough budgeted risk and compliance strategies. Smaller corporations that do not currently operate under this mindset should follow the lead of larger industry leaders to stay ahead of potential threats that emerge throughout the year.”
Stephen Cavey, Co-founder of Ground Labs
Awareness and gamification will lead the future of data security plans
“As employees went remote the amount of potential data exposure greatly increased. This increased risk highlighted the strongest security weakness that criminals were actively targeting the organization’s people.
Traditional forms of mitigation of this risk in the form of physical training through classroom delivery have not been as effective as required to reduce the instances of data breaches caused by employees. In the coming year, CISOs and IT leaders will incorporate all parts of an organization into creating a well-rounded cybersecurity strategy that places employees at the center in order to mitigate risk. We’re going to see more next-generation job roles such as “head of remote.” These new roles will be tasked with improving the remote experience which can open up a strong opportunity to weave a culture of data security and good data hygiene and awareness practices that are driven through educating on the unique risks of working remotely in isolation for prolonged periods. Adding elements of gamification is also an excellent way to remind, engage and motivate employees to practice better cybersecurity habits.”