Cybersecurity trends for 2022 and looking back to 2021

2021: cybersecurity trends in review

Passwords have been the most critical layer of security for everything in our digital lives – from email to bank accounts and shopping carts. At the same time, nobody really likes passwords. They are often inconvenient and can be a prime vector for attacks. Why? Because safe passwords should be complex and unique but are often not because regularly creating and resetting long and complicated passwords is something that most people don’t like or forget to do. Passwords are incredibly inconvenient to create, remember and manage across the many accounts in our lives.

In 2021, remote working proved to be the biggest driver of zero-trust adoption. Passwordless authentication and the advancement of conditional access policies facilitated the move towards zero trust. We saw that a growing number of companies started considering passwordless authentication for remote users within their organisation.

But zero trust is not a piece of technology. It’s a journey that involves five phases. These are:

1. Defining the protection surface.
2. Mapping the transaction flows (how does traffic move across the network).
3. Developing a zero-trust network.
4. Creating a good zero-trust policy.
5. Monitoring and maintaining the network.

We know that zero trust is a journey, and most organisations accelerated their remote workforce enablement and cloud migration due to the COVID-19 pandemic. One of the most important questions concerning zero trust in 2022: how far along are you in your journey? And what are your plans for 2022 and beyond?

Cloud workloads are still exposed

In our security assessments, we have observed poor or default configuration of cloud-native security controls and default policies across multiple client environments. These problems are largely driven by a lack of qualified staff and complex controls, in combination with poor cloud migration planning. The result: high risk to corporate environments. Cybersecurity Insiders’ ‘Cloud Security Report 2021’ revealed that 96% of organisations are moderately to extremely concerned about cloud security. At the same time, 72% are not at all confident to moderately confident in their cloud security position.

This means that many companies still have a lot of work cut out for them when it comes to improving cloud security. In light of the aforementioned, it’s no surprise that extended detection and response (XDR) has gained a lot of traction in 2021, a trend that is expected to continue in 2022.

XDR solutions integrate security visibility across an organisation’s entire infrastructure, including endpoints, cloud infrastructure, mobile devices and more. This single pane of glass visibility and management simplifies security management and allows you to enforce consistent security policies across the entire organisation.

The year of supply-chain attacks

From the SolarWinds SUNBURST breach (described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time) to the Kaseya Managed Service Providers breach: 2021 saw a rise in well-coordinated supply-chain attacks. And these were just the identified large-scale breaches. This string of high-impact attacks has once again brought up the overarching question that all modern companies have to ask themselves: does my organisation have the right threat detection measures and incident response procedures in place to tackle modern and continuously evolving cybersecurity threats?

What to anticipate in 2022? New and familiar cybersecurity trends

After this compact summary of the cybersecurity year 2021, it is now time to shift our focus to 2022. What cybertrends can we expect?

EDR to XDR remains a challenge

The gradual shift from EDR to XDR was a hot topic in 2021 and will remain an important cybersecurity trend in 2022. There is still a lot of confusion within the customer space regarding these terms and why companies need these solutions. Today they have Palo Alto EDR, the next day, they hear Microsoft has a new security feature and they move there. The big picture is often lacking. Why do I need this solution to begin with? And what specific needs does it serve?

Multiple vendors continue to grow their endpoint and workplace security offerings from endpoint detection and response (EDR) to the more integrated and sophisticated extended detection and response (XDR). XDR is an approach to provide threat detection and response capabilities not just on endpoints but across the network and cloud. The technology takes advantage of threat analytics and automated incident response capabilities.

Despite the great business benefits, such as better detection of sophisticated attacks, improved visibility for SOC teams and a wide range of third-party threat intelligence integration for faster incident response, the various XDR offerings in the market have still not been adopted in large numbers by customers. Are they too complex for client environments? Do the right teams exist to deploy and manage such controls? In 2022, many organisations will still struggle to wrap their heads around XDR and how exactly it collaborates with other, more established security solutions (SIEM, SOAR, EDR).

Governmental crackdown on organised cybercrime

2021 saw a coordinated effort by government agencies from different countries working together to combat known cybercrime groups all over Europe. A couple of prime examples:

• On 28 September, a coordinated strike between the French National Gendarmerie (Gendarmerie Nationale), the Ukrainian National Police and the United States Federal Bureau of Investigation (FBI), with the coordination of Europol and INTERPOL, led to the arrest in Ukraine of two prolific ransomware operators known for their exorbitant ransom demands (between €5 to €70 million).
• On 4 November, Romanian authorities arrested two individuals suspected of cyberattacks employing the Sodinokibi/REvil ransomware. They are allegedly responsible for 5,000 infections, which in total pocketed them half a million euros in ransom payments.
• A collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, coordinated by Europol and Eurojust, disrupted EMOTET, one of the most significant botnets of the past decade.

Since ransomware gangs are here to stay, we expect to see continued action against professional cybercrime gangs, especially since these criminal networks usually find a way to (partially) regroup and revive their operations after being taken down.

Improved cloud-native security controls

Recent vulnerabilities in public cloud environments such as Microsoft ChaosDB or Azure Cosmos DB have put cloud providers in a heightened state of alert. Since the vulnerabilities could allow an attacker to access another customer’s resources by using the current account primary read-write key, we expect public cloud providers to further enhance the security of their managed services and cloud-native tools. Ways to do this include cloud-native vulnerability assessments, improved threat analytics, enhanced container security, a stronger focus on application security, and cloud-native firewalls.

Adoption of cloud-native tooling

More and more organisations are shifting from cloud-first to cloud-native technology. This means that adopting and properly securing cloud-native tooling are important cybersecurity trends in 2022. How can we make sure that everything is attached in an automated manner? And how do you correlate asynchronous events in your applications? These are pressing questions that many organisations must answer in 2022.

This article describes how Netflix utilises a cloud-native microservices architecture to power its global video streaming services. It becomes very clear that all these moving parts form a complex architecture, requiring a broad set of skills to maintain.

Growth in connected devices (IoT) and 5G network breaches

With the growing adoption of 5G technology that requires complex infrastructure overhaul, the adoption of software-based services and the continued connection to the Internet of literally “anything”, the perfect attack surface is being created for threat actors. Service providers and IoT solution providers need to prepare themselves for any security gaps by adopting a zero-trust architecture.

To do that properly, you should devise a set of best practices that includes:

• Conducting a thorough cyber-risk assessment using a common framework.
• Maintaining an inventory of all connected assets. Up-to-date network architecture is also a part of this equation.
• Prioritising and implementing IoT and IIoT specific patch management and defining appropriate update mechanisms for software and firmware updates.
• Securing manufacturing data at the edge and in the cloud by encrypting data at rest and creating mechanisms for secure data sharing, governance and sovereignty.
• Creating a business continuity and recovery plan, including a plan for backups and cybersecurity testing.

Event-driven architectures

Customers and partner organisations are continually raising the bar when it comes to digital services. The modern way of satisfying extreme customer demands in 2022 and beyond? Event-driven architectures! Asynchronised messaging is a good example of event-driven technology. How does it work? Say that you are in a web portal and are doing stuff in Azure. You spin up a new VM so that you don’t have to wait for that VM to be ready for you. You do other things until you get a notifier at the top of your screen: your VM is ready. Or you’re scrolling through your LinkedIn timeline and are presented with different posts every time you refresh. That is event-driven technology in action.

However, everything you do in cyberspace and every new innovation comes with a price. Setting it all up often comes with a steep learning curve. Understanding the angle of a bad actor to attack your fancy piece of new technology is another challenge.

Vulnerability management

Vulnerability management will also be an important cybersecurity trend in 2022. It may not be sexy, but it’s definitely necessary in this day and age! More and more organisations are becoming aware of the fact that vulnerability management encompasses a lot more than just scanning PCs, applications and infrastructural components. It should also include tasks such as scanning your container registry and checking your code for inefficiencies.

The Log4j incident proves that we should be aware of the software components that we use. Overnight companies were tripping over each other to verify if they were vulnerable and the number of attacks raised exponentially; with over 800k attacks 72h post-outbreak. The number of variations of the original exploits also exploded on GitHub (>60 different payloads within 24h). So, on top of the COVID pandemic, we experienced a true cyber pandemic in the late days of 2021. It’s a miracle this vulnerability (a classic top 3 OWASP injection) has gone unnoticed all those years (or has it).

What can we learn from the Log4j incident? Visibility into your software bill of material is paramount and enables you to quickly identify if you’re affected. Stay vigilant when using open-source libraries. A few years back it took a few days for attacks to gain momentum, Log4j showed almost immediate exploitation. I.e., we need to move at the speed of DevOps, especially since in this case we needed to update twice in a row.

Zero trust remains top of mind

Zero trust should and will remain top of mind in 2022, especially with all the remote workers and the proliferation of devices (both end-user and IoT). Some companies will embark on the journey towards a comprehensive zero-trust framework, whilst others will reach the next phase of this operation or even reach the final destination of their zero-trust voyage.

Nomios: secure and connected

There is one thing that all the cybersecurity trends of 2022 have in common: modern organisations do not only want to use new and innovative technologies; they need them. They look for solutions that help push their business forward. Typically, security is often an afterthought.

That is where Nomios comes in. While you build a new system, we can proactively help you with security issues and bridge the gap between business and IT security. At Nomios, we are focused on achieving long-term results and building playbooks for incident response.

Would you like to find out more about our services? Then be sure to contact one of our network and security experts today. We’re happy to make your acquaintance!