2021 became a bell-ringing year for cybersecurity. From the ransomware attacks of Colonial Pipeline and JBS to the hacks at financial organizations and educational institutions, the number of attacks against global organizations continues to rise. And now, even with President Biden’s call for a whole-of-nation approach to cybersecurity, security professionals everywhere are preparing for another challenging year ahead.
Despite the increasing number of attacks, 2021 was also a year of growth in cybersecurity technologies and company investments—marked by the emergence of new solutions to defend against threats, hunt down threat actors, and even analyze your security posture. As we ring in 2022, consider the following predictions for how the cybersecurity industry will continue to shift as we all look to defend against cyber attacks.
In its CISO Effectiveness Survey, Gartner found that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, with 12% of CISOs having 46 or more solutions. Using many security products may seem like a good idea, but it creates complexity, drives integration costs, and causes the need to increase headcount. To streamline operations, cut costs, and optimize configurations, security leaders will look to reduce the number of security vendors they rely on—opting instead for an integrated, platform-based approach.
People often pose the most significant threat, but they also represent the solution to most organizational security issues. Automation and AI help scale and optimize security operations, but organizations still struggle to fill the skilled security professional gaps. Enterprise security leaders will address staffing issues by enacting more inclusive hiring practices and using tools like human cyber readiness platforms to improve training.
A study by (ISC)² Cybersecurity Workforce reveals that even though 700,000 new workers joined the field in 2020, there is still a global shortage of 2.72 million cybersecurity professionals. And with only 25% of infosec jobs currently held by women, addressing the industry’s talent shortage must include more investment in STEM and mentorship programs for women in technology.
While the number of CVEs will continue to grow, the biggest challenge will be social engineering. Remote work makes it much easier for cybercriminals to conceal their identity and pose as employees requesting information. Threat actors will also use increasingly life-like social engineering attacks to obtain credentials and sensitive data.
DarkReading research shows that nearly 60% of data breaches in the past two years traced back to a missing operating system or application patch. And with the high cost and workflow disruption associated with downtime, patch management often ends up on the back burner. The shift to remote work isn’t making things any easier: It’s more time-consuming to patch remote endpoints, and IT and security teams have less visibility over employee devices.
The numbers behind ransomware are staggering when you look at the average cost per breach, ease of execution, and the rise in ransomware-as-a-service by cybercriminals. 2022 will see more major ransomware events that could cause the extinction of cyber insurance policies as we know them. Axa announced in May that it would no longer underwrite cyber insurance policies that reimburse customers for payments made to ransomware hackers. The decision appears to be an industry-first amongst cyber insurers. Still, with the rise of attacks and the volume of payouts, Axa will likely be the example to follow for insurers.
We believe that digital twinning is the next age of tech-focused manufacturing. And as cyber ranges mature to the point of digital twins, these tools will help bring organizations to the generation of industry 4.0. Using high-fidelity replicas of their production environments, companies will model millions of security scenarios that impact industrial control systems, operational technology, and Internet of Things (IoT) environments. Security teams will use these tools to gain hands-on experience handling real-life attack scenarios in a safe environment, validate new tools, and implement vulnerability fixes, ensuring that systems continue to work and maintain uptime when deployed in production.
Research from Sophos shows that 58% of PowerShell attacks employ Cobalt Strike for command and control. Cobalt Strike is undoubtedly not the only tool to be exploited in this way. In 2022, we expect the use of adversary emulation tools by threat actors to become even more prominent. As hackers choose these tools for flexible command and control functionality and rely increasingly on existing malware families, attribution will become more challenging.
Extended detection and response (XDR) is a threat detection approach that goes beyond silos and collects data across multiple layers of security. For the last several years, this area has been dominated by native XDR vendors that deliver services via a collection of their own products. However, we expect to see a shift toward open XDR vendors, which are built on integrations and allow organizations to fine-tune their tech stacks without “ripping and replacing.”
So how can you prepare your security organization for the year ahead? You’ll want to provide ongoing training for your SOC teams, improve your organization’s cybersecurity posture, and understand the impact that specific tools will have on your production environment.
Cyber range simulations are a great way to validate your stack and perform real-world security testing on your teams and technology. If your organization is ready to get hands-on and put your security controls to the test, the team at SimSpace will welcome the opportunity to get to know you.
Click here to get started with your personalized demo.
Take the next step toward continuous security improvement
With SimSpace, you can assess
and optimize your complete
security posture — all in one platform