This time of year is traditionally for either looking back at the previous year or looking forward to the year ahead
While there have been great advances over the years with respect to information security tools, technologies, training and awareness, significant challenges remain. What follows are my estimations of the top information security challenges for 2022. Please note that I could probably have written the same challenges for 2021, 2019, 2001 and perhaps even 1973. Some of these issues are perennial, some are new. And as a lawyer, some of these challenges are specific to security-focused lawyers rather than technical challenges which might be faced by CISOs.
Increased digitization makes strong cybersecurity more important than ever
We now live in a world where cyberattacks can shut down critical infrastructure. Those who follow the mega-trends driving the global economy - like the convergence of the digital revolution and the energy transition - understand that with more and more critical infrastructure remotely operated or digitally managed, it was only a matter of time before a cyberattack caused disruptions that crossed over into the physical world. Last year, I wrote that 2021 would "shine a light on the need for industrial cybersecurity."
The key takeaway from October's Cybersecurity Awareness Month was the urgent need to make security a priority
To do this, many security operations teams are leaning into threat intelligence to understand specifically where and how to focus their efforts to protect their organisations better.
The SANS 2021 Cyber Threat Intelligence (CTI) Survey found that organisations of all sizes and industries are adopting CTI (cyber threat intelligence) programmes. It reflects a broad-based recognition of the benefits CTI programmes can provide. It is quite an evolution from several years ago when CTI was conducted on an ad-hoc basis.
Bad actors continue to capitalize on the widening gaps in endpoint security that all organizations are planning to improve in 2022. chief information security officers (CISOs) and their teams are stretched thin and being asked to support larger virtual workforces, transition infrastructure to the cloud, and protect endpoints in an increasingly unpredictable threatscape. Automating endpoint security is critical to thwarting increasingly complex cyberattack strategies.
Gartner's latest Endpoint Protection Platform Forecast predicts that global enterprise spending will reach $13.3 billion in 2021, growing to $26.4 billion in 2025, achieving a compound annual growth rate of 18.7%. Gartner's latest forecast reflects that endpoint security is a priority for enterprises today.
Getting endpoint security right in 2022
While 82% of CISOs have reevaluated their security policies in response to the support needed for work-from-home (WFH) and virtual teams, endpoints often lack needed patches to stay secure or are overloaded with conflicting software agents. Those are two of the more valuable findings from Absolute Software's report earlier this year. Its 2021 Endpoint Risk Report found that over-configuring endpoints leave them just as vulnerable as not having any endpoints at all.
Welcome to the fourth and final blog post in our series dedicated to helping you find a cloud security vendor that fits your cloud security strategy.
This series takes you along the journey of picking, evaluating, identifying and assessing your security partners so you can feel confident as you deliver cloud security to your organization.
We invite you to review the other posts in this series:
- The Top 24 Concerns for Cloud Security Teams - to acquaint you with the landscape and potential threats
- Useful Tips for Choosing a Cloud Security Vendor - to help you evaluate and identify relevant vendors to engage with
- Top 6 Questions You Should Ask a Cloud Security Vendor - to determine if the offering warrants moving forward to a POC
And now, drumroll please: You're ready to start a POC with a cloud security vendor. Congrats on sorting through the options and noise to get to this point - it's an achievement! Since you're still in the evaluation phase, you'll want to keep doing your research and tracking progress to ensure the POC brings the clarity and value you seek...
Undoubtedly the last two years have been incredibly challenging for businesses, as many companies grappled with the health and safety of employees, massive revenue loss, threats of closure and the great resignation.
To make matters worse, as businesses set their sights on recovery, cybercriminals focused on taking advantage of any vulnerabilities available.
According to the FBI's Internet Crime Report, the Internet Crime Complaint Center (IC3) saw a 69% increase in total complaints from 2019 to 2020. Business E-mail compromise, phishing and ransomware all are on the rise.
Yet, despite an uptick in cyberattacks since the pandemic began, global corporate payments provider FLEETCOR surveyed business owners and learned 91% say they have not fallen victim to a cyberattack in the last 12 months.
LogRhythm's Analytic Co-Pilot team works with customers to get the most value from their cybersecurity investment; we spend time reducing and removing the false positive alarms within their environment through investigating, tuning the rules, and checking the outputs
Sometimes rules can be tuned too much where true positives are not alerted upon and can be missed. Read this blog post to learn how to perfect your rules and properly trigger alarms. We'll guide you through
- The differences between true and false positives
- Ways to test and ensure that rules are working as desired
- How to tune rules and build confidence in your SIEM
- Additional tools and resources to improve your tuning efforts
What is a True Positive vs. a False Positive
When looking at rules and use cases, use the table below to decide what is a true positive and a false positive in network security...
Seeing opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management, security spending and more.
As global economies look to exit the pandemic chaos, there is a cloud of uncertainty around navigating the new normal. While enterprises tout their efforts to accelerate digital transformation efforts, for security leaders in business there is a dark side to the rapid deployment of new technology.
Remote work, virtual meetings, hybrid cloud networks, and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues. Meanwhile, CSOs also must help ensure their organizations are in compliance with new regulations.
Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022.
In the business of extorting money from victims, bad actors are finding innovative, disruptive new ways to gain leverage and provide incentives for victims to hand over the ransom payment.
The rise of double and triple extortion methods-used by ransomware operators to improve their success rates-is putting additional pressure on organizations to understand common and emerging ransomware trends, as well as how to respond to them.
The double extortion tactic has proved very effective given it undermines ransomware recovery strategies for organizations who planned to rely on data backup remediation options in the case of a ransomware attack. With double extortion, the options for organizations become more limited.
Threat intelligence has been a part of cyber defense processes in the private sector for nearly a decade now.
Many threat intelligence teams were initially composed of classically trained intel operators from the public sector, where they focused on gathering data to thwart national security threats. And as these teams grew and adjusted to protecting against customer data breaches and disruptions to services, growing pains associated with working in a corporate environment were to be expected.
Expectations are changing, though. Security operations is maturing, and as threats have continued to evolve, enterprises have made significant investments in security infrastructure. C-suites and boards are increasingly involved in security decision-making, and studies show that they are doubling down on security investments, which are expected to rise to $458.9 billion in 2025 from $262.4 billion in 2021.
As 2021 wraps up, we're taking stock of the year from our cybersecurity point of view.
After a tumultuous 2020, this year continued to be a roller coaster of new workplace conditions, disruptive cyberattacks and optimism in government action.
Below we list our top 3 trends and hacks that stood out for 2021, followed by what we see are the trends to watch for in 2021.
See all Archived IT - Security articles
See all articles from this issue