This is part 2 of Trustwave’s 2022 Cybersecurity Predictions blog series.
In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever.
As global cyber defenders, predicting where the broad industry could be heading is a daunting task. But by analyzing data patterns, the latest threat intelligence, the path of legislation, and the evolving needs of organizations as they continue their digital transformation and a rapid move to the cloud, we can make informed recommendations about where we need to focus our efforts as a cyber community in the coming year.
To this end, the security experts at Trustwave, Trustwave Government Solutions and the elite Trustwave SpiderLabs team from around the world will share their thoughts in a series of blogs on what 2022 might have in store for the cybersecurity industry and how we can best prepare for the next evolution of the fight against cybercriminals.
Please check out Part 1 of Trustwave’s 2022 Predictions.
The Focus Will Be on Machine Learning, AI and Automation as Defensive Measures
Tom Powledge, Chief Products Officer and Senior Vice President of Managed Security Services at Trustwave
“Advancing innovations in machine learning, artificial intelligence and automation will continue to be a key initiative for the cybersecurity industry in 2022. As the attack surface widens with rapid cloud adoption and the number of endpoints on networks continues to grow, we need even smarter solutions that can sift through mass alert noise and precisely elevate the real threats to human security experts, so they can focus their efforts on rapid response.
Organizations should invest in implementing solutions that leverage these technologies and ensure they have the staff or an expert partner in place to utilize solutions to their full capabilities. Machine learning, artificial intelligence and automation are not outright replacements for human talent with deep expertise, but these technologies can certainly help us defend at scale and maximize the effectiveness of human security experts in the ongoing fight against cybercriminals.”
Government Will Continue to Prioritize Cybersecurity and Mandate Critical Solutions in Data Protection
Bill Rucker, President, Trustwave Government Solutions
From a government perspective in 2022, I expect to see a continued focus on executing the Executive Order (EO) on Improving the Nation’s Cybersecurity signed by President Joe Biden in May. There are a number of items in the EO that could prove beneficial, including the requirement for federal agencies to implement Endpoint Detection and Response (EDR).
I see the federal government turning to automation and artificial intelligence to reduce the impact of the ongoing cyber personnel shortage.
In the coming year, I also expect Congress to continue looking at how to better address reporting and disclosure by ransomware victims. At the same time, the Cybersecurity and Infrastructure Security Agency (CISA) will look into improving collaboration with the private sector to provide best practices around combating ransomware.
Next year, Congress will likely start to look more deeply at data management, governance and protection. Privacy rules likely will be a part of that conversation as well. I don’t think we will see final action on these issues before the 2022 election, but there will definitely be a greater focus leading into November.
Effective Identity and Access Management Is A Necessity, Not an Option
Kory Daniels, Global Director, Cyber Defense Consulting, Trustwave
Effective Identity and Access Management (IAM) at scale will be critical for organizations to prioritize in the coming year. The rules of engagement were much more predictable when workers kept to the traditional 9 to 5 workday and remained at a designated office location. As a result, many companies didn’t even have insider threat management on their radar. Now, there is a new layer of complexity with the surge in remote and hybrid work.
Successful digital identity theft means an attacker can freely impersonate a member of your workforce. So, how do you know if someone is who they say they are? What certification exists, and baseline behavior is in place to establish trust? This is much more difficult to decipher with a virtual workforce – as workers are in a myriad of locations, time zones, and accessing files off-hours. Baselines for understanding normal user and entity behaviors have shifted further since remote behaviors differ quite drastically.
As a result, it has become much more expensive for organizations, especially those with mature insider threat management programs in place, to distinguish a bad actor from an actual employee. Refining an ongoing identity and access management program and addressing these challenges will be paramount in 2022.
Organizations Will Establish Information Security and Cybersecurity Architectures to Provide GRC
Kevin Kerr, Lead Security Principal Consultant Americas for Trustwave's Consulting & Professional Services.
Companies must get their hands around data/information and develop a culture within a company where data/information is the key to all aspects of the business. Organizations will need to address the concept of data and information security from the inception of an idea, line of business, or project.
Organizations will have to establish infosec and cybersecurity architectures to provide governance, risk and compliance (GRC), and also implement risk management and cybersecurity frameworks to ensure that the appropriate level of security is in place.
Organizations will need cyber business resiliency, and they will need it in near real-time.
Organizations have and will continue to struggle to manage IT/IoT/OT as they are different and bring with them different threats/risks/impacts, requirements, technologies, management techniques and tools.