BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Cybersecurity: What To Watch In 2022

Forbes Technology Council

Timothy Liu is the CTO and co-founder of Hillstone Networks.

For enterprises, 2021 was indelibly marked by the stubbornly persistent pandemic, the proliferation of ransomware and other cyberthreats and an increasingly distributed or remote workforce. These trends will continue into 2022, but there are a number of emerging developments that cybersecurity professionals will also need to monitor, assess and respond to.

Ransomware And Data Breaches

Ransomware took center stage in 2021 with high-profile and damaging attacks worldwide. Some of the most notable were the Colonial Pipeline attack, which took a large percentage of the U.S. East Coast fuel supply offline; the incident at JBS meat processing plants that affected the food supply chain; and the Kaseya attack that breached several hundred small- to medium-sized businesses’ operations.

As in other forms of cyberattacks, the hackers responsible for ransomware follow the money — ransom demands have soared recently into the millions-of-dollars range in some attacks. While ransomware incidents frequently focus on specific industries like financial services and healthcare, recent attacks have shown that any organization, no matter its size or revenues, can be a target.

Data breaches are another of the top threats that enterprises will continue to face in 2022. While often a part of a ransomware attack, data breaches also result from focused attacks by individuals or teams with the goal of exfiltrating financial information, intellectual property or other sensitive data. Like ransomware, data breaches can be highly injurious to an organization in terms of damage to reputation, costs of remediation, lost business and other expenses.

Moreover, privacy and data protection laws and regulations are becoming increasingly common at the national or regional level. Any breach of data, be it due to ransomware or a direct attack, can result in steep fines and other penalties for the organization for noncompliance.

Fighting Back: Security Detection And Response

Given the proliferation of ransomware, data breach attempts and other attacks, it is a sad truism that one cannot prevent being hacked. However, security professionals can try to reduce the damage of any security breach that should occur. The key lies in being resilient and attaining the ability to respond and restore business operations quickly.

Building up both your security platform and your process for incident response are the most important first steps a security team can take toward achieving resiliency and responsiveness. For example, risk management audits, performed either in-house or by a third party, can help identify areas that can be improved.

While periodic or scheduled security audits can help find holes in the security infrastructure, a relatively new class of products called extended detection and response (XDR) bears consideration as well. XDR holds the promise of bringing together real-time, enterprise-wide security data streams on a continuous basis for greater visibility and faster detection of and response to potential threats. XDR intakes traffic and other data from multiple security devices, like next-gen firewalls, endpoints, servers, services and others, and then correlates and analyzes it using artificial intelligence or machine learning to detect anomalous behaviors or signs of malware.

Although XDR is envisioned as a means to reduce the workload of security analysts and deliver faster, more comprehensive security responses, it is a nascent technology that may pose challenges in implementation. For example, internal stakeholders may be resistant to change, making buy-in difficult to attain. XDR’s strength lies in the ability to aggregate and correlate security information into a single data lake, but some devices may lack the ability to send their metadata to the XDR. In addition, even after implementation, it takes time for an XDR solution to gather information and for its machine learning models to assess normal behaviors and refine detection capabilities.

New Technologies For The Distributed Workforce

Originally necessitated by the pandemic, the remote workforce is here to stay. Most enterprises will have to navigate the hybrid model of working, as well as the security consequences that ensue. While a patchwork of existing technologies initially sufficed to support the distributed workforce, the remote work trend has driven interest in technologies like SD-WAN, zero-trust network access (ZTNA) and the secure access service edge (SASE).

Vendors are rushing to fill the void, and the maturity of these products will only increase as deployments and experience develop. Realistically, though, the technologies in this space still need time to mature. Thus, enterprises and other organizations will need to deal with the coexistence of existing security deployments and new security architectures, at least for the time being.

Increased Investment In Cloud Security

While cloud adoption is now widespread, the security technology needed to protect cloud resources still trails in terms of maturity. With threats like ransomware and data leakage increasing, more investment in securing data in the cloud is plainly needed.

Visibility is a critical need in cloud security because of the lack of control over many elements of a cloud deployment, such as the location of a VM or container and its environment information. These factors make it difficult to perform fine-grained monitoring for security purposes, but it is a critical component in overall cloud security.

Further, the dynamic nature of cloud workloads makes artificial intelligence very important. Workloads can migrate, scale up or down or spin up or down — often at lightning speed. Accurately detecting anomalies and threats amid a rapidly changing cloud environment requires an equally agile security solution leveraging machine learning or AI.

Conclusion

Without question, the threats of ransomware, data breaches and other attacks will continue into 2022 and beyond, and the trends toward a distributed workforce and cloud deployments will remain. By building up security resiliency with improved detection and response, looking into new methods of supporting remote workers and paying close attention to developments in cloud security, enterprises and other organizations can help assure the security of their networks, data and resources, regardless of physical location.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on LinkedInCheck out my website