Episode 23: Cybersecurity Predictions for 2022
In Episode 23 of Cybersecurity Where You Are, hosts Tony Sager and Sean Atkinson are joined by our Senior Vice President of Operations and Security Services, Josh Moulin. Together, the three share their thoughts on some of the topics that were discussed in our recent blog post, 2022 Cybersecurity Predictions to Watch Out For.
So, What's in Store for 2022?
Log4j isn't going anywhere
To start, the three discussed Log4j, the latest vulnerability that many technology and security teams faced at the end of 2021. Moulin shares that the MS-ISAC is "still seeing active exploitation happening against the Log4j vulnerability." These could impact anything from a smart TV in our home to an enterprise-class cloud application used to run a business. Moulin noted that, because the vulnerability can compromise a hardware device, conducting a software inventory alone may not be enough to adequately protect an organization. Overall, the three agreed we're going to continue to see the impacts of Log4j for the foreseeable future.
Attacks on MSSPs
Many organizations are having difficulty finding enough cybersecurity talent and/or difficulty securing the budget they need to pay for advanced systems that detect sophisticated attacks such as Log4j. A lot of organizations depend on Managed Security Service Providers (MSSPs) to handle their security needs, and Moulin says it's likely we'll be seeing attackers targeting MSSPs more frequently in 2022.
Burnout of Cyber Defenders
Increased regulatory requirements, COVID-19, and advanced attacks...the hits keep on coming to the already short-staffed cybersecurity community. Frustration grows and burnout is inevitable for cybersecurity professionals when they know what they want to do, but simply don't have the resources to execute. Moulin stresses how important it is for leadership teams to keep the mental wellness of their employees top of mind. Organizing coverage for employees when they're away, encouraging them to use vacation time, and increasing the focus on using automated prevention tools can help teams avoid this burnout.
Eligible organizations can partner with the MS-ISAC. Membership offers services that can ease the burden on your security teams.
Scaling of Defense
As the conversation continues, Sager suggests many organizations will start to rethink their entire cybersecurity strategy so that they can scale for defense. Evaluating the technologies they use, reviewing their processes, and better managing IT for visibility are just a few things that can help build your home-field advantage in 2022.
An Industry Shift Towards the Zero-Trust Model
Atkinson concludes by highlighting an excerpt from the predictions blog post by James Globe, Vice President of Operations for the MS-ISAC. Globe predicts "increased adoption of endpoint monitoring, multi-factor authentication, and zero-trust network access methods." Atkinson agreed that the broader cybersecurity community will need to shift towards the zero-trust model, while Moulin encourages listeners to start small with slow and iterative approaches. That, he says, will be more likely to deliver the great results your organization is looking for.
Resources
- Log4j Zero-Day Vulnerability Response
- Sign up for the MS-ISAC
- Establishing Basic Cyber Hygiene Through a Managed Service Provider