Our Team of Cybersecurity Experts Predictions for 2022
We sat down with our team of industry experts to make our 2022 cybersecurity predictions. These are the trends that they foresee for 2022.
Log4Shell software vulnerability discovery will extend well into 2022
The number of potential ways to get this exploit string to be parsed is simply staggering. This means that organizations will continue to discover edge case exploitation vectors in systems they probably weren’t aware used Log4j. It will be particularly important to communicate to stakeholders that Log4j is a marathon and not a sprint. You’ll likely sound the “all clear” multiple times before the situation really is “all clear.”
Organizations will take a greater focus on asset visibility
Organizations can use outsourced detection and response for 24×7 operations, but it’s important to match the control to the threat. If the goal is stopping ransomware threat actors, visibility matters more than hours of coverage. By the time ransomware is being detonated, you’re fighting the wrong battle. Most ransomware operators take a few days to a couple of weeks performing lateral movement, privilege escalation and exfiltrating valuable data. That’s where organizations need to focus on stopping ransomware. However, with good monitoring to detect lateral movement in the environment, ransomware risks are diminished substantially. Most organizations considering ransomware response are hyper-focused on protecting backups and are not doing enough work on the earlier stages of the attack (lateral movement and privilege escalation). As security teams are doing year-end analysis, we expect that asset visibility will be near the top of the list so they are able to identify and stop attacks earlier.
Remote access exploits will be at the top of cybercriminals’ to-do lists
Threat actors will continue to rapidly operationalize any exploit that provides them with remote access to an environment (ex: Pulse Secure). Organizations need to pay special attention to any vulnerability in VPN appliances. Security professionals should take note today of which vendors are providing patches for those systems regardless of their current maintenance support contract and consider migrating to those. VPN vulnerabilities in particular have long patching lead times in many organizations, but threat actors aren’t offering the luxury of time.
Reorganization of security infrastructure
There’s little question that the vulnerability landscape has shifted since the start of the pandemic. As the majority of knowledge workers moved from on-premises to remote work, network architecture fundamentally shifted. We view security as the intersection of confidentiality, integrity, and availability. The shift to remote work happened so quickly that most organizations only worked on availability without worrying about the other aspects of security. Vulnerabilities caused by the rapid transition to remote work will certainly continue to be discovered. Cloud services are great for centralizing security when properly implemented, and are generally more secure than on-prem counterparts as security issues can be remediated in bulk – unlike on-prem systems that must be individually patched. We expect that as more organizations switch their mindsets to remote work being the usual, instead of a stop-gap, we will see security tighten up until normal in-office work returns.
Additional federal laws and requirements are incoming
The DHS Software Supply Chain Risk Management Act set the stage for Software Bill of Materials (SBOM) implementation across not only the Federal Government but the entire IT industry. While the bill itself is only specific to software used by the federal government, once software bills of material are built, there’s very little chance that other organizations won’t demand this data as well. That legislation, paired with the U.S. Department of the Treasury advisory which stated that facilitating ransomware payments to hackers is potentially violating OFAC regulations, is likely the tip of the iceberg in terms of incoming laws and advisories in 2022. While this is definitely a step in the right direction for cybersecurity, companies have to be careful to not use these as the minimum standards to meet.
“With 2021 being a record-setting year for cyber attacks, there are a multitude of themes and learnings security professionals should take into 2022,” said Shaun Gordon, CEO, BreachQuest. “That said, the biggest takeaway has to be the need for preparedness. If we have learned one thing, it’s that cybercriminals are continually becoming more organized and dangerous with the passage of time and organizations must be prepared to meet these threats.”