Businesses Are Taking Action to Build Strong Cybersecurity

Here are eight trends which point to the need for a strong cybersecurity posture in 2022.

software-security

Software companies and their users faced serious challenges from cyberattack and ransomware groups in 2021, from the outfall of the SolarWinds attack to the Colonial Pipeline and Kaseya attacks, and to round out the year, groups exploiting the Log4j vulnerability. Industry thought leaders predict that businesses and enterprises will take action in 2022 to build strong cybersecurity strategies and minimize their risks from cyber threats.

Strong Cybersecurity for Businesses

Here are four things your users are planning to strengthen their security postures:

1. Become more proactive

Cam Roberson, Director of the Reseller Channel at Beachhead Solutions, says, “In 2022, businesses will pursue more proactive and automated security risk responses to protect their systems and data.”

He adds, “They won’t have a choice. Facing broader threats (it’s not just ransomware!), businesses will seek the flexibility to implement customized predetermined countermeasures aligned with their particular use cases.”

“I expect approaches enabling zero-trust policies will accelerate the fastest, along with strategies that protect against employee-centric threat vectors without impacting employee productivity,” Roberson predicts. For example, a company might use geofencing-based rules to proactively send warnings if a device travels outside normal work location boundaries and disallow data access if it travels further. “In this way, more businesses will neutralize threats before they do harm in 2022,” he says.

Sylvain Siou, Vice President, Worldwide Systems Engineering at EfficientIP, cites IDC research that states 26 percent of companies reported stolen company information in 2021, up 10 percent from 2020.  “This threat will continue to grow as exfiltration nearly always goes unnoticed by firewalls since they are incapable of performing the necessary context-aware analysis of traffic, Siou says. “To enhance security in 2022, businesses will increase spending on DNS security as the first line of defense, allowing them to monitor IP traffic and better identify and prevent potential data theft.”

Ivan Paynter, National Cyber Security Specialist at  ScanSource, predicts, “Companies will increasingly rely on security (SaaS) application, such as endpoint detection and response (EDR) and extended detection and response (XDR) to help identify and mitigate malfeasance while reducing dwell time.”

He explains that EDR solutions are the next generation antivirus with internet intelligence, and XDR solutions combine endpoint data and security information event management (SIEM) data, provide a contextual correlation of events and alarms, and increase visibility of actional events. “The key is to identify the correct managed service security operation center, as one size does not fit all,” Paynter says.

2. Leverage next-gen technologies

Trustifi’s CEO and Co-Founder Rom Hendler says, “Next-gen cybersecurity will gain prominence in 2022, like relay-based solutions using artificial intelligence (AI) and optical character recognition.”

He explains that older approaches like security email gateways (SEGs) will become less relevant. “Bad actors have evolved. Their sophisticated ‘imposter’ phishing schemes are nearly impervious to SEGs, which mainly filter email based on known malicious IP addresses. Cybercriminals will impersonate C-level executives and order colleagues to make wire transfers. Understand, the bad guys are using AI to identify these important users to hack high-level accounts and do damage. Companies need to use these same advanced tools in their email security arsenal to protect themselves,” Hendler says.

3. Merge physical and cybersecurity

Tim Eades, CEO of vArmour, predicts that physical security and cybersecurity will merge. “In the past, these two strategies were separate thoughts, yet the growing hybrid workforce will mean that cyber and physical security need to come together,” he says.

“Nowhere is this truer than in the supply chain. From internet-controlled thermometers to the components responsible for driving an AV, digitized components are increasingly cloud-connected, and there are real-life consequences of cyberattacks. We can expect to see an uptick in cyber-physical security attacks as the Internet of Things continues to increase exponentially and we hit peak cloud, setting the stage for a reckoning over how to secure enterprises amid increasingly complex connectivity.”

4. Strengthen cybersecurity for insurance reasons

Kate Kuehn, vArmour’s VP of Security, points out that, in addition to protecting data and securing their businesses, your customers may also be incentivized to strengthen cybersecurity for insurance reasons. “

“There will be a minimum baseline of security controls that will be required in order to be insured, and that will help drive a level of security maturity that society will benefit from in the years to come. It is just like having your car in proper working order and a valid driver’s license to be insured,” she says. “However, organizations will need to have a minimum baseline for coverage in their cyber that they can demonstrate through audit, or the cyber insurance policy will be null and void. Tools which focus on cyberattack detection and protection, such as application relationship management, will likely become one of those key requirements.”

Strong Cybersecurity for Developers

While software users deploy new solutions and implement new policies for strong cybersecurity, there are also trends in the software industry to build cybersecurity as well, including these four:

1. Shifting to the Zero Trust model

More businesses are moving to the Zero Trust model; however, as Joe Leonard, CTO and VP Security Strategy at GuidePoint Security, points out, it also takes a shift in culture and adapting processes to be effective.

“The traditional security model operated with implicit trust where everything was allowed unless it was known to be bad. Zero Trust implements a granular least privilege per-request access, where only those specified as needing access get access,” he says. “Organizations need to educate their employees on why the shift to Zero Trust is needed and relate it to how it can help them be more productive because let’s face it, at the end of the day, employees are focused on doing their jobs much more so than on prioritizing security. It’s critical to educate users on this shift and help them understand how this will ultimately allow them to be more efficient in their job responsibilities.”

He adds, “Transitioning from the traditional cybersecurity approach to one based on a Zero Trust model, also requires a shift from a manual, static environment to one with more automation and integration of processes and systems that enables dynamic policy enforcement based on a user’s behavior in real time to determine access. While mapping out security requirements, it’s important to build in as much automation as possible so that controls are transparent to the end users.”

2. Leverage threat modeling

Victor Wieczorek, VP, AppSec and Threat and Attack Simulation at GuidePoint Security, predicts, “Threat modeling will be front and center in 2022 from an AppSec perspective. Not only is it now part of the OWASP Top 10, but the earlier you can identify design-related flaws and potential threats, as well as implement effective compensating security controls to mitigate those threats, the better you will be from both a security personnel’s and an application owner’s perspective.”

3. Gain visibility into third-party software vulnerabilities

Wieczorek adds, “With the supply chain attacks that we’ve seen in the last year, the big impact we will see moving forward is that organizations will be focused on trying to understand third-party and open-source libraries that are used in their software development. I think we will start to see more organizations create software bills of materials (SBOMs) for many of their key solutions and include this as a requirement within their procurement process. While suppliers have traditionally been hesitant to share this information in the past, they will be driven because of the inherent risks that an organization is taking on by using that software.”

4. Introduce new security roles

Wieczorek also anticipates employees taking on new roles. “As this need to understand, manage, and document our own software supply chains grows, we’re going to see new positions created by organizations to support this need, such as software supply chain architects and teams that will manage this process internally and for the organization’s suppliers,” he says. “These teams will be responsible for monitoring software dependencies, documenting secure usage, approving new libraries, managing internal and vendor SBOMs and identifying risk to the organization based on this data.”

Consider these trends and how they can bring value and deliver strong cybersecurity to your organization and your customers.


SHARE

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of DevPro Journal.