CyCognito’s 2022 Cyber Security Predictions

Once again, the season of cyber security predictions is back upon us. This year we come with a collection of predictions from a selection of experts to provide a glimpse of what is coming in 2022.

2020 was a whirlwind of changes to adapt to a unique biological threat. This forced an evolution in how businesses operated, moving more into the cloud and pushing rapid adoption of remote work. In 2021, this trend continued with remote work still being the rule rather than the exception and businesses learning how to manage in this new environment.

On the other hand, attackers were quick to adapt to the changes in business and have been busily continuing their business. Ransomware has continued to rise to take advantage of companies already struggling to maintain the new normal. The increased attack surface of business transformation also opened the door to some of the most significant breaches on record with SolarWinds, Colonial Pipeline, and Kaseya, just to name a few.

The stakes have only gotten higher for businesses to protect their digital assets. What security challenges and trends are in store for 2022?

In this series, we’ve been exploring predictions from CyCognito experts on the state of cybersecurity for 2022. Our final expert is Rob Gurzeev, CEO & Co-Founder of CyCognito. Rob is an offensive security expert who spent five years in the Israeli Intelligence Corps. Understanding how attackers could exploit security blindspots, Rob was driven to help companies better identify their areas of weakness. He co-founded CyCognito with the goal of improving businesses’ visibility into the potential security gaps that can provide attackers with the path of least resistance into their organization’s IT ecosystem.

Predictions from Rob Gurzeev, CEO and Co-Founder of CyCognito

Blind Spots Will Provide the Pathway In For More Attacks Than Ever Before

The battle between attackers and defenders is not an equal one. While it is true that security teams are becoming better at securing the network assets and cloud instances that they know, that is only in respect to those assets that they know about. They cannot defend unknown, unmanaged, and poorly managed assets and we’ve seen this play out in the increasing number of attacks that are generated through these blind spots. I predict that in 2022 we will see more attacks than ever before originate from these unknown and unmanaged assets.

This is because even as security becomes more proficient in their trade, the ecosystem they have to defend becomes more and more complex, and attackers advance at an exponential rate with more automated and efficient ways to find exploitable assets the moment that a new vulnerability is discovered or a misconfiguration created. Security teams can only regain the upper hand by automating their reconnaissance to identify the entire external attack surface before the criminals can.

The Year Attack Surface Management Evolves

In 2022, with the spotlight on security because of the high-profile breaches and vulnerabilities of 2021, security teams will look for new ways to identify security blind spots, uncover their impact, and better prioritize those that are most likely to lead to exploitation. This problem will not be solved by legacy tools that only provide limited visibility. Those tools bombard teams with alerts and make it harder to differentiate real issues from the noise. While security teams have relied on these solutions for years, even decades, in 2022 they will realize that it’s time to evolve.

Identifying blind spots and fixing them before attackers requires an integration of visibility, classification, and risk assessment to create the genuinely in-depth view that security teams need to defend the organization. Without this visibility, attackers will continue to have the upper hand.

Hackers Improve Monetization

Over the past few years, the increase in malware attacks has generated significant revenue for bad actors. However, demanding a ransom from a business to decrypt a computer is often a relatively low return on investment per attack. Suppose the company has robust backups and can rebuild. They may choose not to pay. Then, the attacker sees no gain for their effort—small as it may be. As we know, attackers continue to evolve as the landscape evolves, and the main reason for cyber attacks remains financial. That’s why I predict that in 2022 we will see attackers use that initial infiltration in more ways against both the initial company and also more downstream actors like employees, customers or partners.

For example, attackers may use the elevated access that they would get to install malware to exfiltrate sensitive files simultaneously (an attack pattern we’re already seeing). This will allow the criminals also to extort the business to prevent the files from being leaked. So even if the company refuses to pay to unlock the endpoint, they are more likely to pay out the extortion. If they fail, the criminals can always sell the data on the dark web. But even beyond that, I think we’ll see more attackers reviewing the exfiltrated data to use it again in, say, a targeted phishing attack.

To hear more about my insights on the inner workings of criminal and nation-state tradecraft, watch the recent panel discussion hosted by SINET.

Rob’s predictions about blind spots offering a path in for attackers are on point. It’s imperative that proactive cybersecurity become embedded as a mindset in today’s global market. With the continued expansion of the attack surface, this is definitely a trend that enterprises keep top of mind. As ransomware tactics evolve and ransomware as a service (RaaS) becomes a trend, being proactive about visibility and knowing your security gaps makes smart business sense.

Predictions from Lori Cornmesser, VP of Worldwide Channel Sales

Lori’s expertise as a global channel and commercial management executive across the managed services, computer networking, testing/measurement, network management/security, and the hardware industries as well as her skill in strategic market planning and go-to-market strategy give her a unique view into the future of global channel markets. We asked her to share a few predictions for 2022, and here’s what Lori had to say:

Channel Improves Security Integration

A surprising amount of the IT channel, 36% according to compTIA, are just now beginning to lean into the strategic importance of cybersecurity as a fundamental component of operations. With the increase in cybercrime and the added focus of organizations leveraging cyber insurance, customers will now be evaluating security risks in all areas of their enterprise. This also includes considering the capabilities of channel partners, including VARs and system integrators, to improve their security postures. This will drive channel partners to increase their security focus and make it a key selling point in 2022.

Cybersecurity vendors will need to better tailor their message to the channel. It is important to understand their partners, what they have to offer mutual customers, provide them with advice on where an individual or set of security solution(s) fits into their portfolio, and what customer challenge it solves and how it benefits the channel organization and their customers.

Rise of Online Marketplaces

Marketplaces will emerge as a growth driver for businesses. They enable customers to directly investigate and contact partners without requiring them to serve as the middleman. This streamlines the process from the customer’s point of view and makes using a product more accessible. From the partner’s point of view, it is another way to market their offerings as it creates an opportunity for them to craft bundled packages and make it even easier for customers to make decisions without having the pressure of a salesperson in the mix, especially if they are evaluating multiple partners.

Having robust cybersecurity has become increasingly important for organizations across industries and sizes in the past few years, and as we see from Lori’s predictions this will translate into the channel as well.

Predictions from Ansh Patnaik, Chief Product Officer at CyCognito

Ansh’s extensive experience delivering enterprise software across security, compliance, cloud, and data-related software segments and his ability to translate market data into product vision offers a unique perspective and extraordinary insight when looking at industry trends. We asked him to share his top predictions for 2022, and here’s what Ansh had to say:

Security Board Seat Requires the Right Data

While the board has often had members on it with primary expertise that they brought to the table, cybersecurity was rarely a focus. With the increase in attacks over the last few years, there is a real need to have cybersecurity experience in the boardroom. In fact, Gartner predicts that by 2025 40% of boards will have a dedicated cybersecurity committee. 

I agree with Gartner that we will see more board-level focus on security and with this increased focus we will also see an increased need for the data to arm that board member (or team). I anticipate that we’ll see requests for the following broad categories of data. First, information of the current state of their cybersecurity program in both relative and absolute terms. How are they doing overall, and how does that compare to their peers? Second, as with insurance, they will want trend data. And finally, they will need to know what areas generate the most risk. What asset groups or subsidiaries or geographies are presenting the most risk to the company. Then, they can present this information to direct funding and risk-mitigation efforts.  

Getting Proactive Against Ransomware

We all acknowledge that 2021 was the year of ransomware. It has impacted all aspects of the security industry, and in some cases, even our everyday lives. Historically, the common wisdom was that the best defense against ransomware is for organizations to backup their data. But that’s a false hope. Even if an organization can restore data, an organization still runs the risk that any stolen data will itself be ransomed. 

The real best defense is to prevent ransomware from ever entering an organization in the first place. 2022 is the year to get that done. It’s the year to invest in the technologies that help you proactively identify the paths of least resistance into your organization so you can fortify those exposures before an attacker can take advantage.

Ansh’s predictions about the board-level changes that organizations should expect are on point. It’s imperative that cybersecurity awareness become embedded in our organizational mindset. This is definitely a trend that enterprises need to get in front of because executives with cybersecurity acumen aren’t an unlimited resource. Being proactive about ransomware makes smart business sense, especially since August of 2021 saw a 125% increase in cybersecurity incident volume year-over-year. Prevention is going to be a watchword for 2022, without a doubt.

Predictions from Randy Streu, VP of Business & Corporate Development

Randy’s broad range of leadership experience in both public and venture-backed companies creating comprehensive and transformative partner programs across global markets, including OEM, channel, and strategic technology alliance initiatives, lends him exceptional insight. We asked him to share his top predictions for 2022, and here’s what Randy had to say:

360 Degree Visibility Becomes Critical

Organizations can only protect themselves from what they can see. The rapid evolution of technology and cloud adoption has made the IT ecosystem extremely complex and the proliferation of attacks in the past two years has highlighted the importance of knowing the external attack surface. But businesses will need improved visibility both inside and outside of the network to continue to stay ahead of attackers. 

For that reason, I predict that in 2022 the intersection of ASM (attack surface management) and XDR (extended detection and response) will gain steam. Converging the outside-in ASM discovery, contextualization, alerting, and monitoring with internal protection to draw more accurate correlations between data points and ensuring complete coverage will reduce false positives and allow security teams to diagnose actual attacks early on more accurately. This expedites the overall response rate, helping mitigate attacks early in their lifecycle before they become major incidents.

Cyber Insurance gets a Reboot 

With the fast pace of change and the skill of attackers—as evidenced by the continued rise in ransomware—the cyber insurance landscape is set for a seismic shift in 2022. Insurance companies that want to stay in the cyber security market and remain profitable will need to adopt a new and agile approach based on modern technology. In particular, approaches that mimic attacker behaviors to assess risk not only during underwriting but also continuously throughout the policy will see more success. We’re already seeing this from the smaller, tech-centric insurance vendors but I anticipate that in 2022 the heavyweights in the industry will also either adapt or opt-out.

As Randy’s predictions indicate, now more than ever, in-depth visibility throughout your IT ecosystem is crucial to your cybersecurity posture. At the same time, watch as ransomware forces cyber insurance companies to adapt or die. 2022 is shaping up to be a dynamic year in all industries, with cybersecurity at the fore. You can get more insight on this in Randy’s blog. 

Predictions from Jim Wachhaus, Attack Surface Protection Evangelist

Today we’ll take a look at predictions from Jim Wachhaus, CyCognito’s Attack Surface Protection Evangelist. Jim’s twenty-plus years of experience in technical roles across the cybersecurity industry provides him unique insight into the state of cybersecurity both now and in the future. We asked him what his top predictions for 2022 looked like. Here’s what Jim had to say:

Ransomware/Supply Chain Disclosure

After having success in the Colonial Pipeline and Kaseya attacks, cybercriminals will increase their focus on ransomware attacks in the coming year. And given the success of both the SolarWinds and Accellion supply chain breaches, there will be more focus from the community on the “upstream origin” of “downstream attacks.”

I predict that these ransomware and supply chain epiphanies will be accompanied by legislation to force timely and complete public disclosure of breaches involving ransoms or potential “downstream consequences.” These will include notification requirements after organizations pay a ransom so that the public and the government know where attacks are happening and how they occur. Better transparency will hopefully lead to organizations responding faster and catching attacks earlier or preventing the downstream consequences altogether with shortened response times.

Rise of AI/ML

In 2022, artificial intelligence (AI) and machine learning (ML) will expand how we automate rote tasks and let professionals focus on more complex, creative, and strategic areas that cannot be readily automated. This is not to say that AI will replace anyone doing routine work. But for tasks like discovery and security testing, AI is pragmatic and promising, while the next steps will invariably need to be approved and taken by people. AI will be able to fill in for the routine, repetitive, and boring “first step” tasks with automation and machine accuracy with people doing the complex work of exploit validation and remediation.

ML-driven automation is essential for scale and accuracy in complex environments to maintain security and best practices. The adoption of AI and ML will grow in importance as increased cloud adoption and accelerated digital transformation continues to add complexity for humans and skilled labor shortages persist.

Year of Electric Vehicles (EV)

2021 was a weird year thanks to the pandemic and unintended consequences. The supply chain and international logistics became a family conversation topic as people stranded at home with more savings wanted to buy things that they couldn’t get thanks to bottlenecks on container ships at ports. Even multi-billionaires have lamented the pain of the supply chain shortages! But for us regular folk, because new cars were in short supply, people sought to purchase more used cars in 2021.

In 2022, this is likely to change as supply chains work out issues and automakers push out new electric vehicles that are more affordable. So, all those used cars will start to get long in the tooth, and rather than invest in legacy technology that guzzles gas and requires ongoing maintenance.

As Jim’s predictions indicate, it’s not time to let our guard down and we can expect the government will try to ensure we don’t. At the same time, we can look for expanded adoption of AI and ML in answer to increasing technological complexity and skills shortage’s. Let’s just hope he’s spot on about those electric cars.