Over the last two years, organizations in every industry have experienced an immense amount of stress and change. We moved to a remote work model, introduced new applications, rapidly scaled our ways of working, and are now starting to return to the office in some fashion. All of these things put new pressure on our security capabilities, from both new threats and the simple need to reduce friction to get work done.
So, what’s on the horizon for enterprise security? Below, some of AHEAD’s top security experts weigh in on what to expect and where to focus your attention as we begin the new year.
Dustin Grimmeissen, Senior Director, Specialty Sales Engineering
Prediction: High Stakes for Ransomware Prevention
My prediction for cybersecurity in 2022 is that it will be a record year for ransomware—both in total number of successful attacks and in monetary damages. Remote workers and Internet-of-Things devices will be the top targets, as we (and the attackers) adjust to the new way to work. Businesses involved in the global supply chain will be heavily targeted, along with healthcare and public sector.
A number of preventative measures that already exist will rise to become the most effective ways of prevention and mitigation—namely identity and access management, cloud-based security (e.g., SASE), vulnerability management, and user education. Those businesses that do not address the increasing ransomware challenge with strong programs built around these pillars will face significant financial damages, and in the case of healthcare, potential lost lives.
Mervyn Chapman, Specialty Sales Engineer
Prediction: Increased Privacy Regulations, IoT Concerns & Cloud Attacks
Consumers in the US are paying more attention to privacy—and with more states and localities jumping on the bandwagon, there will be an increasingly complex fabric of regulations, especially for multistate organizations. Until the US adopts a formal and overarching privacy framework, companies will have to navigate these waters on their own.
IoT usage – from cars and medical devices to industrial control systems – leaves us vulnerable to attacks from domestic and international threat actors. Corporate espionage is also growing as a concern, and as these devices get more intelligent, we must have plan in place to govern data as it flows to and from these devices.
More cloud usage, combined with lack of knowledge of shared responsibility, only points to more attacks in the cloud. Misconfiguration is still the leading cause of breaches, and shows no sign of letting up as staffing shortages make it hard to put knowledgeable people in vital security roles.
Grant Sewell, Director, IT Information Security
Prediction: A Return to the Basics
In the coming year, organizations should consider taking a step back to assess their fundamental security controls to determine if they are still effective and providing benefit. Revisit controls that provide environmental visibility – such as vulnerability management, malware defense, and asset management – and ensure they continue to cover all of your on-premises, work from home, and cloud workload assets. While you may have good tools and vendors, they may no longer be the right tools for how your organization is working in 2022.
As threats continue to grow, another fundamental control worth revisiting is firewall egress filtering. This control is commonly overlooked and viewed as difficult to implement, but it should be noted that proper firewall rules and knowing which systems should be communicated with externally would have been effective in preventing impact from two of the most severe security incidents in the last year – the Solarwinds Cyber Attack and the Apache log4j vulnerability.
Finally, 2022 is the year to refresh your approach to identity. Not just provisioning, offboarding, and audits, but a true risk-based identity approach to both improve security and the experience of your end users. With a remote workforce, identity is arguably the most important and consistent control at your disposal. Consider moving away from a traditional network-based VPN to a zero-trust concept. This can reduce the risk of having users operating directly on your network and increase visibility into application access. Adding true risk scoring to your identity program should also be a goal, both to ensure your controls are enforced based on actual threats and to create a better experience for remote workers. A great example would be to use risk-based password policies. Consider using a 180-day expiration for your average low-risk users or requiring more complex passwords for high-risk and privileged accounts.
A huge benefit of maturing your essential controls is that, for the most part, these investments have already been made, ensuring you’re leveraging the full potential of your systems. While it’s not as fun or flashy as purchasing a new tool, maturing these foundational processes can have a substantial impact in protecting your company in 2022 and the years that follow.