As 2022 gets underway, we’re looking ahead to the changes, developments, and trends the coming year will bring to the cybersecurity industry and the threat landscape. To help you prepare for 2022, we recently spoke to three Barracuda executives, each with their own perspective and predictions about what the next 12 months have in store and what businesses need to be aware of to stay secure.
In this first post in the three-part series, CTO Fleming Shi shares his insights on the evolution of ransomware, the continued impact of the COVID-19 pandemic, staying secure in the post-breach era, and more.
Fleming Shi, CTO
As we head into 2022, what are your predictions for the cybersecurity and tech space?
Ransomware will still be a problem, but we’re starting to see governments taking it very seriously and collaborating at the nation-state level. The more active actions from these collaborations are slowing down the ransomware attackers’ ability to transfer their assets, which will impact the volume of attacks in the coming year. However, I still believe we’re in the post-breach era where attackers are ahead of their targets since they have their hands on stolen data, including credentials. These attacks range from extortion on valuable data to penetrating the software supply chain. It has gone beyond disrupting business operations and goes as far as revealing information to discredit a corporation and destroy the trust chain.
I also think there will be a renewed focus on governments prioritizing cybersecurity initiatives, building alliances with vendors, and sharing data with other countries. This level of collaboration will help improve security for everyone.
What threats do you see proliferating in 2022?
Ransomware will still dominate the news because that’s the most lucrative way for the bad guys to make money right now. Figuring out how to slow that down by encouraging collaboration between governments and developing alliances with vendors will be critical in the year ahead.
What ways do you expect to see ransomware evolving?
I think we will hear some good news about our defenses against ransomware in 2022 as we are starting to see more collaboration at the law enforcement and nation-state level, which disrupts the payments. For the bad guys, if you go out with a ransomware attack and you’re not able to collect — even if there is the willingness to pay or negotiate — it gets to a point where there is enough fear and uncertainty to make you less likely to attack. In 2022, we need to continue to work together as a global alliance to make sure we slow down the movement of these assets. If we can effectively slow down the wealth movement, it will make a difference.
Which industries will face the greatest security challenge in 2022?
Critical infrastructure will continue to face significant security challenges in 2022. This critical infrastructure includes everything from energy and financial services to education and healthcare. For example, there have been numerous stories about how ransomware attacks that hit hospitals affect patient treatment and even lead to deaths. Attacks on critical infrastructure have the most direct impact on people’s lives, so security will be a challenge as cybercriminals continue to focus on these vulnerable areas.
What are the most important ways the COVID-19 pandemic will continue to impact security in 2022?
The COVID-19 pandemic has shown that cybercriminals are willing to exploit the crisis to attack critical infrastructures like healthcare and the vaccine supply chain. It will be necessary for hospitals and healthcare organizations to understand the three steps of ransomware protection: avoiding credential leaks, securing access to their applications and infrastructure, and backing up their data. That will help us get through the pandemic with as little impact from cyber-attacks as possible.
What new skills will IT security executives need in 2022 that may not have today?
IT security executives need to develop the ability to understand forensics and incident response. Many IT security organizations — whether they’re large companies or small companies working with a managed service provider — are still struggling with too many tools and not getting the signals to work together.
Detection and response will be the keywords to help IT security executives achieve what they need to in 2022 and beyond. Improving in this area will require an Open XDR platform or managed XDR solution through a service provider. Those tools will enable IT security executives to respond more efficiently than they are now. Right now, most companies have more tools and more information than they know what to do with. For example, we have seen enterprises investing in tools to protect multiple attack surfaces. It will be essential to capture the signals from each tool and correlate the data for actionable insights. From prevention, detection to response, it will require forensics and security analytics skills to defend against todays cyberattacks. And we are all aware of the shortage of cybersecurity skillset; therefore, utilizing a managed SoC (Security Operations Center) with XDR capabilities could be the answer for small, medium enterprises.
What changes will the security market as a whole see in 2022?
Consolidation on data-driven platforms is one change you will see in 2022 as the market moves to more of a service-driven kind of tooling, including XDR and managed detection and response. Detection and response will get more complex, and it’s a skillset many organizations are missing that will need to be addressed. Many companies, especially SMBs or small-to-medium-sized enterprises, will need some type of managed service to help them in this area. I think they must get the assistance they need to respond efficiently and effectively to survive these cyber-attacks without investing so much in building a team in-house. So, a lot of that market is going to shift toward managed security service providers. At an enterprise level, it will mean getting to know what tools you’re using, which were signals you’re getting from those tools and consolidating those signals to make detection and response easier for your team.
What emerging security technologies do you anticipate will become more popular in 2022?
Three letters: XDR. It stands for extended detection and response, but it really means extending to all the telemetry information you can get with other tools. As mentioned earlier, Detection and Response in the XDR context are enormous gaps for many organizations. They will need help with detection and response, which will drive increased demand for this emerging technology.
What new security roles do you see emerging over the next few years?
Cybersecurity champion is a new role that we will start to see emerging in the next few years, especially at organizations where they are developing software. You are going to see security champions who will focus on what we call shifting left because now it is about the developers, software development, and the software supply chain, which includes Open-Source libraries and other third-party libraries. On the very left of the entire software development lifecycle, getting that level of security attention at the developer level is where those roles will start to add value. There are software tools that allow you to scan for dependencies understand your Open-Source risks. Those tools will generate the type of initiatives that these roles can drive within the developer community.
The other role I see emerging in the next few years is a security analyst. To effectively detect and respond to threats, which means forensics and incident response, you’re going to need security analysts who understand the correlation of these different signals and can execute on responding to these threats.
With security now starting to be prioritized, do you think there will be a time where IT teams report into security, instead of current reporting structure where most security teams report into IT?
The reporting structure will depend on the organization’s maturity and the leadership they have in place, such as if there is a CISO involved. Many of the IT teams won’t naturally be reporting to a CISO because their approach to security is event-driven. But where you can be predictive and preventative and have the right tools and resources, you can have plans and programs to prevent incidents. So instead of having an event-driven approach to security, organizations will need to shift to proactively putting the measures and stopping those attacks from ever happening or stopping it earlier in the attack chain, so there’s less damage. If you don’t have a security practice at the very top, it will be challenging to make this kind of change.