Here are some insightful and actionable perspectives on this very topic from Secureworks and other industry experts. Read on!
Your success as a cybersecurity professional depends on much more than just a technical understanding of cyberthreats and the countermeasures needed to thwart them. You also need to understand how cybersecurity itself can best operate as a collective of resources—human and otherwise—within the larger context of the organization you serve.
ransomware and business email
compromise remained major threats.
read the Gartner market guide
read the Gartner market guide
Download Gartner Market Guide for MDR
Gartner predicts that 50% of organizations will be using MDR services for threat monitoring, detection and response by 2025. To learn more on this last prediction, download Gartner’s Market Guide for Managed Detection and Response.
Chief Information Security Officer, Secureworks
The Virtual SOC is Here to Stay
In 2022, we will not see the return to on-site SOCs. Instead, we will see an increase in a hybrid model where several services will be outsourced (threat detection, threat hunting, incident response) and others will remain controlled internally but through remote workers. The physical walls of the SOC have permanently been taken down.
Chief Product Officer, Secureworks
XDR Takes Center Stage
In 2022, XDR software sales will increase, taking security budget from SIEM, endpoint, and SOAR budgets.
VP, Product, Secureworks
Year of Integration & Consolidation
With the shortages of security experts still rising, organizations will continue to look to consolidate vendors. Organizations want comprehensive Managed Detection and Response solutions that include both technology and services to meet their needs with the highest ROI possible.
VP, Engineering and Data Science, Secureworks
AI Alone Won't be Enough for Cybersecurity in 2022
Machine learning – an important subset of artificial intelligence, or AI –
is increasingly relied upon to prevent and detect advanced threats. It does so at speed and scale beyond the reach of unaided human operators. But it can’t be your only cybersecurity strategy in 2022. When you're searching for important needles in immense haystacks, your most powerful defense will come from the pairing of AI with the best of human intuition. Cybersecurity in 2022 means defending your attack surface with managed detection and response, red teaming, threat hunting, and incident response approaches that combine AI with the best available human intelligence.
Senior Director, Product Management,
Vulnerability Detection and Response, Secureworks
Risk-based Vulnerability Management Will Take Lead
Spending will increase in the area of vulnerability management –
but compliance will be less of the driver. Instead, organizations will invest more in risk-based modeling and prioritization solutions so they can talk to the boards and executive teams about the level of risk one is willing to consume vs. the relative cost of putting risk mitigation plans in place.
Senior Director, Product Management, Secureworks
The Cyber-Skills Gap Will Grow Wider in 2022
Continued cyberattacks reaching further down-market into targets of opportunity – of all sizes and across every industry – will exacerbate the already yawning cyber-skills gap. This will lead to increased recruitment and turnover in the ranks of security defenders as scarce talent is sought out in the marketplace by an increasing number of buyers across all sectors.
Senior Director, IT, Secureworks
Patch or Be Punished
Organizations will fail to patch their systems in a timely manner and consequently will be compromised. This will be particularly profound in smaller organizations that lack the staff and expertise to properly manage patching, configuration, and policy changes as well as overall remediation. As a result, there will be increased demand for systems that prioritize, automate, track, and verify remediation activities among service companies that work with smaller organizations. Log4j is just the latest example of the level of disruption and risk a vulnerability can deliver as we close out 2021.
VP, Portfolio Marketing, Secureworks
ITOps & SecOps Combine Powers
IT Operations and Security Operations synergies will increase in 2022. We’ll see rising demand for solutions that span both functions, and security vendors will include both IT and Security in their roadmaps, such as detection and enumeration of the attack surface, and deep telemetry from discovered assets with IT and Security insights.
Co-Founder, Citus Health
The Race to Secure a Distributed Workforce Intensifies
As the need for remote and hybrid ways of working continues, challenges in securing work from home and remote work sites will grow.
CTO & Co-Founder, SecurityCurve
Devsec Will Remain Essential and Challenging for Most Companies
Even if you're not building software from the ground up, at this point almost every company is writing some kind of custom scripts and coding to build and customize workflows. A leader needs to manage this function across the entire organization while also overseeing the secure SDLC (software development lifecycle) and governing the use of libraries, plug-ins, and other 3rd party components through a robust SCA (software composition analysis) and ALM (application lifecycle management) program.
Chief Information Officer, Harris Health
Rise in Managed Services for Cybersecurity
There will be an emphasis on utilizing more managed services for cyber monitoring especially as organizations transition to work from anywhere. The internal capabilities for organizations to develop the cyber skillset is a huge hurdle.
Chief Information Officer & Strategic Advisor, AVOA
Increased Cybersecurity Visibility in the C-Suite
Historically, cybersecurity has not been a normalized subject of discussion. Moving forward, I expect cybersecurity to become a regular topic across the c-suite and during discussions about business operations and customer engagement.
Chief Information Officer, Harris Health
Adaptive Security Will Be the Key
Every security tool will incorporate AI to learn about the organization's environment to adapt their security responses.
Co-Founder, Citus Health
Supply Chain Attacks Will Increase
The level of dependency that most organizations now have on heavily integrated third-party applications means that we will see more supply chain attacks that leverage third-party code, and in doing so bypass perimeter-based defenses.
The past year has seen mixture of change and stasis in the threat landscape. TTPs evolved but ransomware and business email compromise remained major threats. The coming year will see continued evolution and new developments.
Find out what Secureworks threat intelligence experts predict will change and what will remain the same as we bring 2022 into focus…
Threat Actors Choose Speed Over Stealth
As it becomes more challenging to move through compromised environments without detection, adversaries will increasingly choose speed over stealth. Because of this, the time domain will become more and more important for defenders.
Business Email Compromise Will Remain a Serious Threat
Ransomware will continue to get all the headlines, while in the background BEC attacks will continue to lead to large single-loss events that are both easier and faster to conduct.
Common Security Gaps Remain Threat Actor Magnets
Keeping good cyber hygiene will be more important than ever. Cybercriminals will continue to leverage common security issues to compromise their targets wherever they can, in preference to using complex zero-day vulnerabilities. Prime examples of such issues include lack of MFA, compromised credentials, and services such as RDP exposed to the internet.
On-Premises Attacks Will Not Disappear as Hybrid Cloud is Embraced
The security of cloud-based resources will become increasingly important for organizations, although many network intrusions will continue to have a on-premises component to them.
Cloud Misconfigurations Will Add Risk
We’ll see an increase in cloud-based attacks due to the 'assumed security' of these platforms. Organizations will deploy new applications and infrastructure to the cloud where possible and spend less time understanding the particulars of their environment. However, while cloud-based technologies, such as containers, make deployment easier, they also introduce additional risk. I think we'll see more attacks due to misconfigurations (exposed data, "We didn't know that was internet facing," etc.), vulnerabilities, and a lack of adequate controls on these platforms.
We’ve seen ransomware evolve from encryption to exfiltration and exposure. As organizations prioritize risk mitigation, threat actors will advance their modus operandi and find the latest, most effective way to disrupt business by making the decision of ‘to pay or not to pay’ much more relevant again. Actors will start to target data integrity – modifying information in such a way that the time, effort, funds, and resource needed to assess, remediate, and recover will far outweigh the cost of extortion. Payment in these circumstances could significantly improve the survivability of an organization, and, therefore, becomes the perfect leverage for the adversary.
Data Integrity Gets a Long-Awaited Seat at the Table
Ransomware threat actors have realized that not all publicity is good publicity. Some will avoid targeting critical infrastructure operators and other organizations in politically sensitive verticals for fear of retribution from law enforcement and intelligence agencies. That will create challenges for these groups around tighter control of their affiliates. In contrast, other less established criminals may deliberately focus on those sensitive targets as a way of growing their own brand and filling a perceived gap in the ransomware market.
Ransomware Operators Will Change Tactics to Avoid Law Enforcement Consequences
Law enforcement will adopt increasingly aggressive techniques in their ongoing efforts to disrupt the ransomware ecosystem, or the ecosystems (e.g., cryptocurrency) it relies on. This will begin to impact cybercriminals’ ability to operate freely, although it will not deter the more capable (and more damaging) ransomware groups.
Crackdown on Ransomware Becomes More Aggressive
Threat actors will increasingly use DDoS attacks to augment ransomware attacks. DDoS attacks alone do not provide threat actors with a good return on investment, given organizations’ normal ability to withstand these attacks or minimize their impact. As an additional extortion technique against victims already struggling with ransomware, their impact is magnified.
DDoS Attacks Used to Augment Ransomware Attacks
There will be a rise in the number of intrusions where threat actors exfiltrate data without utilising ransomware to encrypt hosts, believing that holding the confidentiality of data hostage against the pressure of regulatory fines will negate the need for ransomware. Objectively it's faster and simpler for adversaries to execute and doesn't require them to give a cut to the ransomware operators. How widespread this becomes will depend on whether initial experiences prove as lucrative as traditional ransomware-based intrusions.
Number of ‘Ransomware-less’ Attacks Will Grow
Overt Blame Will Bolster Covert Deterrence
The U.S. and other Western states will become increasingly assertive in attributing hostile state cyber activity, coupled with more covert deterrence operations.
Espionage Remains Key Driver
Hostile state activity will continue to focus primarily on espionage rather than on disruption/destruction. Several states, notably China, Russia, and Iran, will continue to conduct operations aimed at harvesting bulk data to support subsequent cyber operations and traditional espionage activities.
Risk Calculation for Cyber Insurance Will Change
The cyber insurance market will reach a watershed moment where cover for certain types of activity (e.g., ransomware cover) becomes prohibitively expensive. Cyber insurers will become increasingly stringent about the conditions under which a policy will pay out. “None of this will fundamentally change the threat that organizations face, although the challenges around recouping a loss may change the risk calculation, increasing the value of effective preparation and incident response plans.”
2021 State of THE THREAT REPORT