2022 Cybersecurity Predictions
2022 cybersecurity predictions by category:
External exposure and unauthorized IT sprawl
Ransomware becomes the new normal
Cloud security misconfigurations persist
Threat intelligence goes mainstream
Unified vulnerability and threat management
External exposure (unauthorized IT)
As organizations adopt more digital technologies to enhance business operations and customer experience, their external facing perimeter is expanding at an alarming rate. It’s a fine balancing act but if left unchecked – unauthorized IT, outdated software and unprotected assets will continue to put your company at further risk of exploitation. We’ve seen clear examples of these attacks in 2021 and this will continue into 2022 and beyond unless security teams start to build attack surface management into their wider application security program. This was the case for one of the UK’s largest online retailers Tesco’s online services. In October hackers took down their online services impacting customers’ ability to place and amend food orders, causing significant downtime and impacting customer experience and sales. As a result of the growing and evolving perimeter and shadow IT from remote working the attack surface is growing to unmanageable levels.
It’s crucial in 2022 to get to grips and monitor all your external facing assets for vulnerabilities and exploits by implementing external attack surface management and threat intelligence to help pinpoint the weak areas to apply the right security controls at the right time. External Attack Surface Management (EASM) was identified by Gartner in 2021 as an emerging product set with the key benefits including:
- Comprehensive asset inventory of known and unknown assets
- Shadow IT and leaked credential detection
- Effective risk prioritization
- Threat intelligence to locate real world threats
- Multi-layered risk reduction within vulnerability management process
- Hacker reconnaissance pathways for red teaming exercises
This outside-in approach enables organisations to get ahead of their security exposure against the most common entry points and highlights areas that require immediate attention for risk assessment.
M&A security due diligence
After a slow 2020, we saw some high-profile acquisitions and mergers in 2021 across every industry as companies looked to bounce back from the pandemic through market consolidation. To ensure maximum return on investment and to minimise risk, cybersecurity due diligence has started to play a bigger role in M&A. With added focus on the acquiring company to conduct the necessary risk assessments such as digital footprinting and vulnerability scanning to evaluate the security posture of the organization in question and get the best value out of the purchase, reducing compliance slip ups and avoiding unwanted attacks down the line. This cannot be an afterthought, as well-executed security due diligence should reveal any deal-breakers or deal-changes before closing or for renegotiation.
Once the deal is closed, the first thing is to prioritize and remediate critical security gaps found and ensure you’re not bringing any unwanted vulnerabilities into your environment as the companies integrate. This can be done by extending existing security testing regimes to include new applications, networks and clouds. In 2022, we predict an even stronger year for corporate mergers and acquisition activities and the importance of security due diligence checks.
Ransomware becomes the new digital pandemic
Unfortunately, the ransomware pandemic will continue to be a major threat to society in 2022 and how it’s become part of the cyber security big picture for many organizations large and small. We expect the level of severity for ransomware attacks to grow further in 2022 and could see the highest reported ransom paid by an organization. We saw the impact a ransomware attack had on a global scale when Colonial Pipelines was attacked using compromised passwords – the price of oil rose, there were fuel shortages, and this caused mass panic-buying. The impact was so great that President Biden signed an Executive Order to increase security standards. Whilst this is a positive step, it is a reactionary approach and if we are to see significant changes, more organizations must practice proactive security to minimize threats that target the most common entry points – stolen credentials, known vulnerability exploitations and phishing.
To make things worse, the rise of Ransomware-as-a-Service (RaaS) groups and trends like double extortion and Initial Access Brokers (IABs) will become the modus operandi to franchise cybercrime, with prominent groups such as Ragnarok, DoppelPaymer, Nefilim, Maze, REvil and Sodinokibi continue to target critical sectors like education, healthcare, central government, energy and utility and financial services. So the key will be for organizations to focus on stronger password policy, timely patching of high risk vulnerabilities and improving security awareness through user education.
Cloud security misconfiguration remains a problem area
Organizations have invested heavily in digital transformation and, for the most part, many have either ended up with hybrid or multi-cloud setups. Transitioning to cloud from traditional data centres and consolidating from front offices to private clouds to reduce risk of ransomware and other threats. Yet, we are still seeing many security gaps, especially cloud misconfigurations, when evaluating the implementation of security hygiene across cloud infrastructures. A lot of grey zones are still not covered by security teams or shadow IT.
These challenges have been rising, particularly those relating to the different set of tools and controls amongst cloud service providers, coupled with not defining clear security responsibilities across teams and across on-prem and cloud. The next step is about fully securing cloud native applications and homogenizing cloud security controls through automation. Security teams cannot continue to rely on any manual processes or thinking DevOps are handling security according to the organisations risk appetite as the hacker spotlight on cloud accelerates as cloud adoption becomes more widespread in the years to come.
Threat intelligence goes mainstream
For years threat intelligence has been seen as the dark art of cybersecurity reserved for elite organizations with the money and resources to have teams of analysts and specialists on tap to turn highly complex information into usable data. However over the past few years a new wave of solution providers has emerged to provide more actionable threat intelligence through vulnerability prioritization, digital risk protection and dark web monitoring, which can be applied to a range of practical security use cases from vulnerability management, detection and response to threat hunting for immediate results. We expect more organizations, even with smaller security teams and budget, will start embracing threat intelligence to better understand adversarial techniques and increase security efficiency. In 2022 we will see how threat intelligence and EASM will be key to providing an additional layer of real-world security identification for advanced security monitoring.
Growing demand for unified vulnerability and threat management
The vast array of tools security teams have to manage across technology layers, all with a different risk rating and reporting that don’t correlate is holding them back from effective remediation of the millions of flagged findings and vulnerabilities. In 2022, the demand for more integration and a single view of technical and vulnerability risk information will grow. This should include real-time discovery, deep assessments across technology layers and up to date threat intelligence data for better risk context to accelerate prioritization through actionable reporting. At a time where digital risk is a priority whilst security budgets are being strained and cybersecurity skills shortage deepens, having a unified view of the entire digital estate will be vital to address the key business risk for organizations in 2022 – moving away from siloed security risk management to an integrated and proactive approach.
Our 2022 cybersecurity predictions are from a panel of Outpost24 experts;
- Simon Roe, Product Manager Application Security;
- Martin Jartelius, CISO;
- Bob Egner, CMO and Head of Products;
- Sergio Loureiro, Product Manager Cloud Security;
- Vicente Martin, VP of Product at Blueliv