A look at some of the key security trends for next year
By Mark Guntrip, Strategy Leader at Menlo Security.
Ransomware and the fight back
Ransomware has dominated the cybersecurity news for the past year, but how will the landscape change over the next 12 months?
We have seen lots of commentary from vendors around remediation strategies, such as XDR. It’s not possible with ransomware. Remediation does not work; you must restore everything and set up separate systems. Companies need to focus on prevention first.
Once ransomware has got you, it’s got you. Locking up your systems is the last action that attackers take. They have been in your systems for weeks, months, possibly even years, figuring out what they can steal. They are patient, they have been taking your credentials and looking at what they can use. Locking up your system is the last resort to see if they can extort a few more million dollars from you.
There are plenty of organizations that have been breached but they simply don’t know until the switch is flicked and they then become a victim of ransomware. It’s lying in wait while attackers are in there harvesting everything else.
Given the time of year, I expect to see a rise in seasonal ransomware. Every organization has seasonal weak points, whether it’s confectionary manufacturers, the travel sector, or a global enterprise holding a big annual event. Expect to be attacked when you are at your most vulnerable. This year we have seen attacks on critical national infrastructure, supply chains, healthcare and government. Attackers are just watching and waiting.
We can also expect to see more questioning of the honesty of ransomware groups. As those behind the attackers become better known, being recognized as the group that gives the data back, once a ransom is paid, might make businesses more likely to pay. All too often we see ransoms being paid and the data not returned.
There needs to more direction from government on regulation and tightening of existing practices. We should see clearer processes and mandatory reporting procedures on ransomware. We’re already seeing this in APAC, so may well see it replicated elsewhere.
Future of Work
Remote and hybrid working has led to an exponential increase in security breaches. So, how will staff going back into the office, with others still working remotely, impact organizations’ cybersecurity efforts? Will there be more or less breaches as people return to the office?
Organizations will move to consolidate their security solutions. We know from our own research that 75 per cent of businesses are re-evaluating their security strategy as a combination of remote and hybrid (home/office) working is set to remain.
They will be looking to ensure they don’t get left with two security solutions – the one that existed before and the one implemented when employees switched to remote working. To avoid twice the work and twice the reporting (as well as other associated tasks for security teams) organizations need a common approach. There will be more focus on adopting zero trust network access, whether staff are working in the office, remotely, or a combination.
Focus onzero trustarchitecture
In May 2021, President Biden signed an executive order to improve the nation’s cybersecurity, with arguably the most important order of business being an emphasis on zero trust architecture within government.
We have seen attacks on critical national infrastructure and supply chains. We have learnt that it doesn’t matter what you do and what industry, geography or sector you operate in, security is everyone’s problem.
The US government calling out widespread security failings is a good thing and will force many companies to change their ways and move much more quickly. Businesses will realise that they must seek an alternative. We hope that this emphasis by government on implementing a zero trust architecture means that organizations recognise this to be the blueprint and the approach they should follow.
The move to the cloud will finally happen
While other industries moved operations to the cloud years ago, there has been some reluctance to shift away from on-premises operations for security professionals. With the increase in sophisticated threats, as staff continue to work remotely, organizations can no longer depend on legacy systems for protection, but instead shift to cloud-native solutions.
Ultimately, what will drive business to move to the cloud is the need to do security better.
We are also seeing the pendulum beginning to swing in the favour of the user experience. The emphasis is on how you can carry out your job without negatively impacting workflow processes and device choice for the end user. Users must be able to work as they expect to, and at speed, but with security a priority. That points to the cloud because you need the scalability, you need a global view, device coverage, and you need to be in between the end user and the cloud services they are accessing and using.
- The impact of
the talent shortage
Microsoft recently announced a partnership with community colleges around the US to provide free resources in an attempt to help end a shortage in cybersecurity workers by 2025. The question is whether the talent shortage will impact the security industry in 2022 and how technology can help to mitigate this?
It stands to reason that if there are less security incidents to manage, the need to recruit new talent will be reduced and the impact of a talent shortage less. How can vendors take a services and people augmentation approach? We need to give them the tools that they were hiring services to do. The shortage is not going away – solutions will be built around it, but better solutions will mean fewer incidents.
About the Author
Mark Guntrip is the Strategy Leader at Menlo Security. Before, he worked as Director of Product Marketing at Proofpoint. Mark also worked as a product manager in companies like Symantec, Cisco Systems, and Websense.