2022 Security Watch - What is this year going to have in store for us?
There is a lot going on in the information security space. 2022 looks to be an interesting year in these regards. Below are some things to watch for in 2022
For businesses, 2021 will be remembered for the persistent pandemic, the proliferation of ransomware and other cyberthreats, and an increasingly distributed or remote workforce. These trends are expected to continue into 2022, but there are a few new developments that cybersecurity professionals will need to monitor, assess, and respond to.
Data Breach And Ransomware
In 2021, ransomware took center stage with high-profile and damaging attacks all over the world. The Colonial Pipeline attack, which disrupted a large portion of the United States' East Coast fuel supply; the incident at JBS meat processing plants, which impacted the food supply chain; and the Kaseya attack, which compromised the operations of several hundred small- to medium-sized businesses, were among the most notable.
As with other types of cyberattacks, the hackers behind ransomware follow the money — ransom demands have recently soared into the millions of dollars in some attacks. While ransomware incidents frequently target specific industries such as finance and healthcare, recent attacks have demonstrated that any organization, regardless of size or revenue, can be a target.
Data breaches are another of the top threats that businesses will face in 2022. While data breaches are frequently the result of a ransomware attack, they can also be the result of focused attacks by individuals or teams with the goal of stealing financial information, intellectual property, or other sensitive data. Data breaches, like ransomware, can be extremely damaging to an organization in terms of reputational damage, remediation costs, lost business, and other expenses.
Furthermore, national and regional privacy and data protection laws and regulations are becoming more common. Any data breach, whether caused by ransomware or a direct attack, can result in steep fines and other penalties for the organization.
Defending Yourself: Security Detection And Response
Given the prevalence of ransomware, attempted data breaches, and other attacks, it is a sad truism that one cannot avoid being hacked. However, security professionals can try to mitigate the impact of any security breach. The key is to develop resilience and the ability to respond and restore business operations quickly.
The most important first steps a security team can take toward achieving resiliency and responsiveness are to build both their security platform and their incident response process. Risk management audits, for example, performed in-house or by a third party, can aid in identifying areas for improvement.
While periodic or scheduled security audits can assist in identifying holes in the security infrastructure, a relatively new class of products known as extended detection and response (XDR) should also be considered. XDR promises to continuously bring together real-time, enterprise-wide security data streams for greater visibility and faster detection and response to potential threats. XDR collects traffic and other data from a variety of security devices, including next-generation firewalls, endpoints, servers, and services, and then correlates and analyzes it using artificial intelligence or machine learning to detect anomalous behaviors or signs of malware.
Although XDR is envisioned as a way to reduce security analysts' workload and deliver faster, more comprehensive security responses, it is a nascent technology that may face implementation challenges. Internal stakeholders, for example, may be resistant to change, making buy-in difficult to achieve. The ability of XDR to aggregate and correlate security information into a single data lake is its strength, but some devices may be unable to send their metadata to the XDR. Furthermore, even after implementation, an XDR solution requires time to collect information and for its machine learning models to assess normal behaviors and refine detection capabilities.
New Distributed Workforce Technologies
The remote workforce, which was initially required by the pandemic, is here to stay. Most businesses will have to navigate the hybrid model of working, as well as the security implications. While a patchwork of existing technologies initially sufficed to support the distributed workforce, the remote work trend has sparked interest in SD-WAN, zero-trust network access (ZTNA), and the secure access service edge (SASE).
Vendors are scrambling to fill the gap, and the maturity of these products will only grow as deployments and experience grow. However, realistically, the technologies in this space require more time to mature. As a result, enterprises and other organizations will have to deal with the coexistence of existing security deployments and new security architectures for the foreseeable future.
Increased Spending on Cloud Security
While cloud adoption is now widespread, the security technology required to protect cloud resources is still in its early stages. With threats such as ransomware and data leakage on the rise, more investment in cloud data security is clearly required.
Because of the lack of control over many aspects of a cloud deployment, such as the location of a VM or container and its environment information, visibility is critical in cloud security. These factors make fine-grained monitoring for security purposes difficult, but it is an essential component of overall cloud security.
Furthermore, the dynamic nature of cloud workloads necessitates the use of artificial intelligence. Workloads can migrate, scale up or down, and spin up or down at breakneck speed. Accurately detecting anomalies and threats in a rapidly changing cloud environment necessitates an equally agile security solution based on machine learning or artificial intelligence.
Tim Liu, Forbes Councils Member