As 2021 draws to a close, no one in their right mind thinks that cybersecurity risk is just someone else’s problem anymore; major cybersecurity incidents like the SolarWinds breach and the Colonial Pipeline ransomware attack have raised cybersecurity awareness among public opinions and decision-makers.
The White House issued an Executive Order on cybersecurity in May to send a clear message about the administration’s priorities: create a nationwide commitment to enforcing cybersecurity best practices.
Cybercrime is becoming more professionalized, organized, systematic, and diversified, making better cybersecurity crucial for nations and companies.
Here are my security predictions for 2022:
Supply chains will continue to keep you up at night
2021 saw one of the biggest cybersecurity incidents in recent years when IT service provider SolarWinds made headlines after falling victim to a supply chain attack. The company acknowledged that malicious code was injected into one of its products used by tens of thousands of victims, including high-profile targets such as military and public government sectors. Supply chain attackers can take various paths to slip malicious code or components into a trusted piece of software or hardware.
Later this year, another compromise affected Codecov, a code coverage tool very popular among the open-source community. Open-source components are more and more often used as a vector for malicious actors since they’ve seen huge penetration in enterprise environments in recent years, while still lacking a lot in terms of security standards.
When compromising a tool like Codecov, attackers can capture sensitive data from hundreds or thousands of downstream users. This simple fact radically changed the economics of these types of attacks. Code repositories have become high-value targets for attackers because they often contain secrets that are very easy to leverage to gain access to valuable systems.
2021 was arguably the year of the supply chain attack and this trend will continue: we might even see lower-scale, less obvious supply chain attacks using the developer environment as a gateway, especially as the former become increasingly complex and interdependent.
SMBs will be ransomware’s next target
The ramp-up in ransomware-related activities throughout 2021 concerned essentially big players like government, manufacturing, and banking sectors. Attackers were looking for high potential payouts, and this strategy has proved profitable: the US Treasury said that it has tied $5.2 billion in Bitcoin transactions to ransomware payments.
Yet as smaller businesses transition online and ransomware become refined as a cybercrime commodity, the economic landscape is evolving. Odds are that SMBs will become an economically viable target for cybergangs looking for vulnerable systems. These “lower-profile” attacks should be on top of the concerns for MSPs because they could soon become the preferred way to affect these businesses.
Ransomware training will become mainstream
To fight this new normal, we’ve seen many public and private initiatives on ransomware training take foothold this year. Because when an attack occurs, it is mainly the level of preparation for crisis management that makes a difference, so training employees for emergency response makes a lot of sense.
Application security will (still) be one of the top priorities for enterprises
We can say with confidence that, again, in 2022 enterprises will concentrate their efforts on AppSec. Why? For three reasons: as mentioned above, as supply chains get more complex, the DevOps pipeline attack surface expands. Risk management becomes essentially making sure these pipelines are safe. Then, developers and their privileged access will still be the perfect target for hackers, who will always try to exploit human errors.
Finally, while security will be a top priority for sure, nobody wants to slow down the development cycle because of it. Security tools need to focus on developer productivity, and so finding the perfect balance between these two objectives will be at the heart of AppSec policies.
Zero-trust architecture maturity will gain momentum
Zero trust has gone mainstream, and for good reason. The combined rise in advanced attacks, cloud adoption, and remote work had companies realize that they urgently needed to revamp their digital security postures, starting with implementing zero-trust policies. In 2022 we should see continuous progress made in this direction across sectors, especially regarding authentication of humans and machines, although it does come with its fair share of challenges.
Security-as-a-Service will democratize best-of-breed tools
From cloud security posture management to incident management, through software composition analysis or secrets detection… A number of specialized tools have appeared recently and it can quickly become very difficult, even for big companies, to install and maintain so many distinct tools and products. Fortunately, it is becoming easier to integrate these tools into existing workflows, with friendly dashboards, role-based access controls, and APIs to provide flexibility.
Real-time data observability will be cybersecurity’s holy grail
In 2022, any cybersecurity strategy will focus on real-time data visibility and observability. Getting a full IT asset inventory of all the hardware and software a company is using or a list of all their third-party suppliers is already a huge challenge, never mind a complete overview of the possible cyber threats associated with them. But as we move towards better detection and remediation capabilities, threats will need to be better monitored.
The cybersecurity sector is faced with huge challenges in the coming years, as cybercrime and especially state-sponsored threats are increasingly targeting the most vulnerable part of both the public and private sectors. Unfortunately, even some of the best-defended infrastructures have suffered breaches this year, showing clearly that there is still a long way to go in all things related to cyber defense.
There is no reason why the threats should “soften” next year – on the contrary, they will expand both in complexity and in breadth.
The good news is that the stakes have undoubtedly pushed public opinions and governments in the right direction, and most entities will benefit from accelerated programs to implement, enforce, or review security best practices next year. Businesses are also eager to adopt tailored cybersecurity solutions, provided that they will be able to better manage the complexities of tomorrow’s cyber supply chains.