Anyone involved in the cyber protection of businesses knows that worrying about future trends must
be balanced against
tackling what is already here.
When the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other global
agencies jointly
published a list of the most commonly exploited vulnerabilities last year, the striking feature was
how old these
weaknesses were; many dated back years. So improving defenses — getting the basics right — is still
a major project for
many organizations. And while they rush to do this against a backdrop of global skills shortages,
new problems are
constantly stacking up: the Log4j vulnerability publicized in the final weeks of 2021 will keep many
security teams busy
for weeks, if not months to come, as they assess whether they have been compromised. Perhaps more
critically, they also
must assess whether their extended supply chain is vulnerable and mitigate the risks their suppliers
might pose to them.
Despite the context of this continual complexity, as we enter the middle of 2022, we can be
confident of some trends to
watch. They will be driven by criminal attackers, nation states, the cybersecurity industry, and its
customers.
Cyber criminals will continue to pursue business models that work against sectors that are
productive. This means
that ransomware will continue to dominate, generating staggering dividends for attackers.
The best
hope is that efforts
to bear down on criminal groups, disrupt cryptocurrency payments, improve defenses against
ransomware delivery, and
wreck attackers' business models will have an impact, but this will take time. After
financial
services and government,
healthcare will likely be the most targeted industry. It is seen as slower to improve its
security
and business
interruption cannot be tolerated, for obvious reasons.
In general, we can also expect to see a continuing rise in attacks against manufacturing,
Operational Technology (OT)
and greater remote management system targeting. The supply chain—already the favored vector
for
delivering attacks—will
become the dominant concern as companies realize that their wider ecosystem represents a
threat to
them, however good
their own internal security. Getting visibility into that risk and then reducing it will be
the key
priority.
Hostile nation states will continue to behave badly, licensing cyber criminality within
their
jurisdictions: there is
little chance of political agreement across borders.
In response, western governments, led by the U.S., will become more interventionist in an
effort to
drive up defenses
across government and the wider economy. We have already seen energetic leadership from Jen
Easterly
at CISA, Chris
Inglis, and Anne Neuberger at the White House, and others across the Biden administration.
Cyber remains an area of bipartisan agreement, and new funding will help improve basic
government
security, the
Computing and Networking Infrastructure (CNI), and the wider industry. But the scale of the
task is
huge and remedies
will not be quick; they can only be achieved in close collaboration with industry.
Regulation to
improve software
development security, to design-in security into Internet of Things (IoT) devices, and to
harden the
supply chain is in
preparation in many countries, but these are long-term projects.
The cybersecurity industry will continue to consolidate. Increasingly, even large companies
will
see cloud-based
managed security services as a major part of the answer; this will be driven both by cloud
adoption
across the business,
accelerated by the pandemic, and through the increasingly impressive Microsoft, Splunk Cloud
(and
others) security
offerings.
The opportunities for “single pane” visibility, control of data, compliance, consolidation
of
products, and cost
optimization will be significant. It goes without saying that companies will need expert
guidance on
how much to “let
go” and how to get the best from cloud security products and services; similarly, they will
look to
solutions that
enable them to respond through a single pane of glass. The complexity of both modern IT
environments, and the threats
themselves, demand these solutions for a more ecosystem-wide and manageable approach.
All companies will need external help in proactively managing third-party risk as well as
assessing
their supply chains
in real time, triaging risk and taking steps to reduce it. Last year was a landmark for
supply chain
breaches, and it
demonstrated that organizations can no longer take a reactive approach here; this category
of risk
must be continuously
monitored and addressed.
The key drivers will continue to be the escalating scale and sophistication of cyber threats
and the
inability of the
cyber skills pipeline to keep up. The cyber industry will therefore be successful in
proportion to
its ability to
automate at mass scale, offering highly sophisticated detection and remediation across the
whole
ecosystem.