New year, new cyber.
We started 2021 in the wake of the famous SolarWinds cyberattack, followed by some hacks on other major players, including DC’s own Howard University. Alongside it, the year found a huge push for talent and pipeline builds. Now, we’re all on the edge of our seats waiting to see what’s next for the industry, from new technology to a whole mindset shift in how the game is played.
To find some answers, we asked four local leaders about their thoughts on cyber in 2022.
Larry Roshfeld, CEO of CodeHunter
Instead of “hoping that they won’t be the target of an attack,” Roshfeld thinks a growing number of companies are taking a more proactive approach to cybersecurity in 2022. He noted that defense is a growing trend in the industry, with a booming number of threat intelligence software being created to assess vulnerability.
But before those successes, he expects a number of attacks in the coming year on well-known companies and organizations that will alter their ability to operate for weeks.
“My biggest hope for the sector in 2022 is that organizations will move to effectively implementing a defense-in-depth cybersecurity strategy,” Roshfeld told Technical.ly. “Organizations will need to recognize and invest in more than detection capabilities at the desktop, and network and firewall that identify attacks in progress. Instead, these companies will become more proactive in handling threats by adopting softwares or strategies that tackle cyber threat issues prior to impact.”
Joseph Spurrier, CTO of Kion (formerly cloudtamer.io)
For 2022, Spurrier thinks machine learning will be a big component of cybersecurity — although he noted its potential for use on both sides of cyberattacks. But, he hopes that attacks can be prevented through machine learning detection, plus more automated security solutions that companies can easily put in front of their website such as CloudFlare.
“I think we are going to have a large attack from another country,” Spurrier said. “Now that everyone is remote, there will be more systems that are open potentially to the rest of the world. There is still a large cloud skill gap out there and with all the quick adoption, there are bound to be some mistakes for those that are not taking security seriously.”
Rohyt Belani, CEO and cofounder of Cofense
One of the biggest trends Belani is planning for in 2022 is a wave of companies moving to Microsoft-based cloud services, creating an additional opportunity for cyber orgs to create security to support the transition.
He also anticipates a turn to managed service and managed security service providers, or MSPs and MSSPs, respectively. He expects the biggest technological advancements in the industry to come from AI-based solutions, security automation which matches the speed of attack automation and security intelligence at scale that’s analyzed in real time.
“In 2022, I expect that the industry will finally deliver on the promise of AI-based security to stop attacks,” Belani said. “I also predict that next year, we will see more automated attacks that can scale — practically infinitely — which makes all targets worthwhile, and not just certain industries or people.”
As a whole, though, with the ever-growing need for cyber talent and security for increased attacks, Belani would like to see increased collaboration amongst industry companies and professionals.
“I am also hopeful to see more collaboration among the cybersecurity industry, a focus on leveraging best of breed security solutions for critical areas of cybersecurity such as endpoint and email security and recognition that the best security defense is a combination of people, AI and automation,” Belani said.
Chris Jacob, global VP of Threat Intelligence Engineers at ThreatQuotient
In the new year, Jacob is expecting even more pressure on threat intelligence teams to prove a return on investment in their work. Instead of just preventing attacks, leaders will need to market the work they’re doing and note their successes all the way up to the C-Suite. Jacob also has his fingers crossed that extended detection and response will emerge as more of a reality, because with more integration of disparate systems and the injection of cross-team intelligence, the more effective a company’s security posture can be.
“Innovation in 2021 will likely include more focus on decentralized services and individual privacy,” Jacob said. “While these advancements will go a long way for privacy, security practitioners and law enforcement will be faced with new challenges. They will no longer be able to simply reach out to a service provider for information or a takedown request.
While many are looking forward in 2022, though, Jacob expects a resurgence of a past trend in the cybersecurity biz.
“2022 will bring back everyone’s favorite term from a few years ago: blockchain,” Jacob added. “While I think this technology continues to be a solution looking for a problem, at least outside of cryptocurrency, I think we will see innovative new ways of utilizing blockchain, specifically leveraging the open and auditable ledger and smart contracts.”
Sarbari Gupta, CEO of Electrosoft
Gupta also anticipates the rise of cyber attacks in 2022, but she noted that the rise of cryptocurrency will be a large cause of increased attacks and open up more vulnerabilities. She’s also on the lookout for continued phishing and spear-phishing attacks on individuals and businesses to steal information and money or install malware.
“Ransomware attacks on public and private sector businesses will continue to grow exponentially in 2022,” Gupta said. “Since ransomware attacks often target companies that support critical infrastructure and essential supply chains, the disruption of services provided by such companies can have a broad impact on average citizens and their lives.”
To help qualm the threat, Gupta said she expects a rise in zero-trust architectures and solutions as well as expansion on AI and machine learning to identify attacks and block them before they get to the end users.-30-