2021 was a record-breaking year for data breaches, with a total of 5 billion records stolen and an 11% increase in security incidents. No industry was safe from the constant pressure of regular cybersecurity threats, either. From ransomware attacks and zero-day exploits to stolen credentials and supply chain disruptions, cybersecurity felt like a never-ending fight in 2021. With the world bracing for a potentially global cyberwar as the Ukraine-Russia conflict continues to unfold, 2022 is already shaping up to be another eventful and challenging year for security teams. Strong cyber defense skills, strategies, and technology will be critical in the fight against cyberattacks this year.
So, what areas of cyber defense will be most in demand in 2022? Let’s find out!
1. There will be a wide-spread consolidation of cloud security tooling.
There is an old saying that too many cooks spoil the broth. The truth in this adage can be easily seen in today’s cloud security tools market. From cloud security posture management (CSPM) to cloud infrastructure entitlements management (CIEM) to cloud workload protection platforms (CWPP), organizations have an overwhelming number of options when it comes to protecting their cloud environments. This “tool sprawl” has driven many CISOs to want to consolidate their cloud security tools; however, many struggle to do so without losing their key features, capabilities, and coverage.
When considering tool consolidation options, many companies tend to adopt a best-in-suite approach rather than a best-in-breed strategy (the best products regardless of if they come from more than one company), as best-in-suite provides a complete, all-in-one solution from a single provider with tools that are designed to integrate seamlessly with each another. This provides a simpler contracting process, a faster onboarding process, and a more efficient solution to manage.
As a result, many cloud security solutions providers have developed platforms that offer access to the best tools across the cloud security space, otherwise known as a Cloud Native Application Protection Platform (CNAPP). Instead of simply choosing a single security tool to react to a problem, organizations can choose a company that offers a unified solution in cloud security to proactively gain a holistic view of their security posture. Recent acquisitions have allowed companies like Aqua Security and Palo Alto Networks to embrace the CNAPP concept and deliver a comprehensive platform that provides end-to-end protection across cloud and multi-cloud environments
As the cloud security tooling market becomes more streamlined and consolidated, more organizations will shift to vendors offering comprehensive CNAPP solutions.
2. Software supply chain security will become a top priority.
Over the years, the software supply chain has become an essential resource for modern businesses. Rather than spending valuable time developing their own software, companies can use pre-built libraries, common open-source packages, third-party APIs, and proprietary code from vendors to increase productivity and efficiency while lowering costs. However, the software supply chain has also become a prime target for cyberattacks. In 2021, software supply chain attacks grew by more than 300%.
By targeting the software supply chain, cyber criminals can compromise more victims at one time through a single vendor (e.g., the Codecov system breach) to achieve the widespread distribution of malicious code (e.g., the SolarWinds attack). Even if an organization has strong cybersecurity measures in place, attackers can move sideways within the supply chain to circumvent any defenses and remain concealed, making attacks a challenge to prevent, detect, and remediate. As a result, these attacks can often go long periods before being discovered, giving cyber actors plenty of time to steal, encrypt, or destroy critical enterprise data.
There are several methods for attacking the supply chain, but the most common techniques include exploiting open-source vulnerabilities, poisoning open-source packages, compromising CI/CD tools and code integrity, and manipulating the supply chain process and supplier trust. Despite the fact that 84% of security leaders believe that software supply chain attacks will become one of the biggest cyber threats to their organization, only 36% have actually vetted their new and existing suppliers in the last 12 months. With more high-profile supply chain attacks making headlines every day, like SolarWinds, Codecov, and Microsoft, we expect stakeholders and business executives will make securing their supply chain a priority in 2022.
3. Zero Trust adoption will continue to mature.
After more than a year of remote work, many companies have shifted to hybrid work models as a safe and flexible way for teams to work. But, as businesses redefine their workplace policies, remote and hybrid work environments continue to introduce new security challenges and complications prompted by the increase in devices and networks vying for corporate and client data access. In addition, the emergence of Bring Your Own Devices (BYOD), the growing Internet of Things (IoT), and the continued migration to the cloud have made traditional perimeter-based security models no longer enough to protect against today’s sophisticated cyberattacks.
No longer just a buzzword, a Zero Trust approach to managing IAM has become critical. Rooted in the idea of “never trust, always verify,” Zero Trust follows the principle of least privilege, which limits user access rights to only what is necessary to perform the desired task. This ensures that the right people have the right level of access to the right resources, and that this access is continuously verified. Applying a Zero Trust approach to identity can give organizations greater visibility and access across their networks and help reduce insider exploits and ransomware attacks. Roughly 76% of companies are currently in the process of implementing a Zero Trust security framework, an increase of 20% over the last year.
4. Secrets management will play a bigger role.
Over the last two years, roughly 57% of organizations have experienced a security incident related to exposed secrets from insecure DevOps processes. A secret is a privileged identity that acts as a key to unlock protected resources or sensitive information in tools, applications, containers, DevOps, and cloud-native environments. A few common secrets include privileged account credentials, passwords, API keys, certificates, and encryption keys. Securing these credentials can be challenging for IT security, operations, and compliance teams.
Poor secrets management can lead to costly mistakes that can open the door for cyber criminals and lead to severe cyberattacks. To effectively secure enterprise secrets, organizations must set up a strong secrets governance program and consider adopting a centralized secrets management solution to ensure the proper storage, management, and access of secrets across the enterprise. Strong secrets management provides assurance that tool stacks, platforms, and cloud environments can only be accessed by authenticated and authorized identities, and allow organizations to securely, store, transmit, and audit secrets. With effective secrets management, organizations can secure CI/CD pipelines, container solutions like those leveraging Kubernetes, and internal and COTS applications. As we move through the next year, we expect to see a greater emphasis on securing and managing secrets.
5. Organizations will start including APIs in security testing.
From web applications to mobile apps, application programming interfaces (APIs) are at the heart of every modern application. From standardizing procedures to building new features, APIs are highly versatile and offer many business benefits – from better user experiences to faster data reviews and migrations to increased speed to market. By 2023, the global API market size is expected to reach $5.1 billion, up from $1.2 billion in 2018.
However, in 2022, APIs are expected to become the most frequent attack vector for web applications, causing data breaches for enterprise business applications. Over the last year, roughly 91% of organizations suffered from an API-related security problem, and more than 50% had discovered vulnerabilities in their APIs. Some of the most common approaches for securing APIs include static analysis security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA), which either look at the source code of the application to identify potential vulnerabilities or the dependency of applications against a database of known vulnerabilities. Unfortunately, these approaches to API security are time consuming and often generate false-positive security alerts. They also tend to focus on known threats, which can leave many vulnerabilities undetected, resulting in Zero Day exploits like Log4j and SolarWinds.
While static and dynamic testing is essential, to properly protect APIs, common controls must also be implemented (e.g., encryption of network traffic, API access authentication and authorization, audit logging, etc.). A strong API security platform can help achieve this by analyzing an organization’s API configuration settings, network traffic, and code to prevent misuse, and provide API attack protection with automated detection and response. In 2022, we believe that the rapid growth in APIs and their associated risks will drive the widespread adoption of dedicated API security solutions.
6. CIEM tools will lead in access management for the cloud.
The top threat to cloud infrastructure is its unchecked spread of permissions and entitlements, with 75% of cloud security failures expected to be the result of an inadequate management of identities, access, and privileges. Oftentimes, managing complex cloud, multi-cloud, or hybrid identity ecosystems overburdens IT resources, and standard IAM and PAM solutions are unable to manage a rapidly growing number of roles and permissions.
Cloud Infrastructure and Entitlements Management (CIEM) is a relatively new tool for managing access and enforcing least privilege in the cloud. The lifecycle framework of CIEM allows organizations to continuously discover, manage, and monitor the activity of all identities (human or non-human) across multi-cloud environments, as well as alert security teams of anomalies and unexpected risks. With the right CIEM solution, such as Britive, organizations can determine what data identities can access, how they can access that data, and what they are allowed to do with the data.
While CIEM is vital in managing cloud risk, not all cloud security solutions are created equal. It is important that organizations understand their specific business goals, technology stacks, and risk appetites in order to effectively select a CIEM solution. Each platform offers a diverse range of capabilities and services – from just-in-time permissioning, cross-cloud discovery, least privilege enforcement, activity-based authorization, and hybrid/multi-cloud support. The right CIEM solution can make cloud access management straightforward (and feasible), and we expect more organizations will adopt these platforms to provide secure access to the cloud in 2022.
7. Investments in high-quality configuration management database (CMDB) will grow.
The use of a Configuration Management Database (CMDB) has been standard in IT departments for years, but in today’s hyper-connected and ever-changing data landscape, many CMDBs fail to keep pace. While CMDB investments can deliver significant benefits, many businesses fall short in realizing their potential (80% according to Gartner). In many cases, the reason for this issue is simple. Poor quality input will always result in poor quality output – “garbage in, garbage out.”
When CMDB data is “dirty”, trust in its value and accuracy can quickly weaken. A CMDB with incomplete, inaccurate, or outdated data will often fail to provide the necessary visibility into an organization’s assets and configurations. Without this proper insight, managing and maintaining assets, detecting potential security vulnerabilities, and discovering the main source of a security incident can present major challenges for security teams. Roughly 99% of organizations that use CMDBs but ignore data quality will experience business disruptions, including unplanned business outages, a decrease in productivity, and financial losses. In other words, the CMDB will create more problems than it solves.
As the security tool stack continues to consolidate and utilize organizational data, we expect more organizations will increase their efforts to improve data quality and maximize their investment in their CMDB in 2022.
8. Big data analytics will drive the future of cybersecurity.
Experts predict that there will be 200 zettabytes of data by 2025 (for reference, just one zettabyte is the volume equivalent of about 250 billion DVDs). The sheer magnitude of big data and the growing number of interconnected devices and systems has given cyber criminals the ability to access massive quantities of sensitive and personal information. By combining data analytics and cybersecurity, businesses can leverage high-volume data sets to help better detect threats as they emerge.
Traditional security tools designed to prevent cyberattacks are typically more reactive than proactive, which can increase an organization’s exposure to zero-day vulnerabilities, advanced persistent threats (APTs), and other sophisticated attack vectors. Using real-time, AI-enabled analytics tools, cybersecurity teams can automate their cyber defenses to receive the early detection of threats and enhance in response and mitigation strategies after exposure.
A few ways data analytics can help prevent cybersecurity threats includes:
- Cloud Security Monitoring: While the cloud offers businesses numerous benefits, data security continues to be one of the biggest challenges facing cloud customers. Security analytics can provide cloud application monitoring in order to detect threats and protect data in cloud environments.
- Insider Threat Detection: Insider threats are responsible for roughly 22% of security incidents, and about 61% of breaches involve the use of stolen credentials. By implementing intrusion detection systems and using data analytics to automate this process, cyber teams can gain real-time analysis of unusual login times, unauthorized database requests, indicators of data theft, and other abnormal irregularities to stay ahead of insider threats (whether malicious or negligent).
- Network Traffic Analysis: Most cyberattacks are caused by human error or blind spots in the network. Security analytics can provide a holistic perspective of network traffic, giving security teams the ability to analyze, detect, and classify irregularities in large-scale network infrastructures.
- Threat Hunting: Security teams and Cyber Threat Hunters can automate the search for potential breach indicators and threats in the IT infrastructure, as well as identify elusive malware.
- Threat Intelligence: It can be difficult to effectively prepare, prevent, or identify cyber-attacks without understanding the threats currently targeting similar organizations. Using security analytics, organizations can gain valuable knowledge about potential cyber threats, prioritize effective defense measures, and develop a faster, more informed plan of action.
As cyber threats continue to grow in severity and complexity, we expect more cybersecurity teams will leverage these analytics to identify and monitor threats in 2022.
Over the last year, there has been a massive migration to the cloud, cyberattacks are on the rise, and digital transformation has taken on a new urgency. Looking ahead to the remainder of this year, it’s clear that cybersecurity teams and business leaders will have their hands full when defending their environments and connected assets. With these cyber predictions, we hope you can better plan for the year ahead and enhance your organization’s cyber protection in 2022, especially as the cyber skills gap continues to widen.
If you’d like to learn more about any of the topics discussed today or want to discover how to better protect your organization for the year ahead, Focal Point and CDW are ready to help.
Want more insights into the latest cybersecurity news?
Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with guides, webinars, interesting white papers, and news all focused on data privacy. You can unsubscribe at any time.