When it comes to IT security, we are in a race against time. Attackers are always one step ahead of us, constantly experimenting with new techniques and tactics, or redesigning and recombining old techniques. If you want to protect yourself, you have to continuously configure and redefine your own threat detection and response capabilities in order to even be able to detect new attack vectors.
All of this increases the challenge for the attackers, who are far from discouraged and instead are always trying new ways. And so the cycle goes on and on. It's always particularly worrying when security vulnerabilities make the news and the details surface. Because it becomes clear that the attack was not developed specifically for this specific target, but is part of a vulnerability that has been unknown for years or maybe even decades and that not only weakens this one target, but affects millions of potential targets that are networked systems located around the world. This is the reality in the field of IT security today.
NetWitness: What to expect in 2022
And if we look to the year 2022? What can we expect in the world of IT security and risk management? NetWitness Field CTO Ben Smith has ventured a "cyber prediction" for this year.
Ransomware
Ransomware tactics will evolve. The “double blackmail” model, in which the victim's data is encrypted and the attack not only demands a ransom for decryption, but at the same time threatens to share the data, will not go away. Like every year, this year we will see new combinations of already known tactics.
Privacy
Data protection legislation will be accelerated worldwide. Around the world, where data is kept will continue to matter at a national level. If your job is to protect a global business, no matter the size of the business, you need to consider the architecture itself, knowing where the data is collected, where it's stored, and where it's managed, because that could be it deal with three different legal systems. The flexibility of the current architecture will become increasingly important as new data protection regulations are adopted and applied.
IT professionals
The shortage of IT security specialists will continue to increase. However, the numerous training programs and certifications that are supposed to certify the technical competence of IT security experts will not be sufficient to cover the new jobs to be filled. Companies will probably relax their standard requirements for the "perfect applicant". It is also likely that cybercriminals will not "have" the high level of security knowledge that is required of new employees.
These are just some of the key areas companies need to keep an eye on in 2022. But how can you meet some of these challenges?
plans for resilience
Plan for the uncertainty, plan for the resilience. The fact that the world we live in seems to be turning faster and faster, with new attacks and new normative challenges, does not leave us with the possibility of putting our flag in the ground somewhere and being able to defend it at all costs. A company must remain flexible and adaptable. It's one of the many factors driving organizations to embrace clouds, which can shrink and grow in a very short period of time.
“You cannot protect what you cannot see”. Far too many companies, guided by a normative audit model, think that "visibility" means being able to collect and aggregate the log files of the most important devices in their operating environment. That might have been the right answer 20 years ago, but today this approach is absolutely wrong.
Being able to see these log files while also seeing the network and endpoint data is even more difficult when the environment is a mix of on-premises, virtualized and cloud-based tools. Organizations should take the time to identify the critical data and prioritize visibility into those assets. Only when the moment has come can companies be sure that they can really see everything that is needed to make the right decisions in the solution phases.
More at Netwitness.com