The protection of data and identities is a perennial issue for companies. But over the years the urgency of the topic has increased. Therefore, companies will have to keep abreast of the latest cybersecurity trends and developments in 2022 as well.
1. Protection against identity theft, DDoS and ransomware
The COVID-19 pandemic has permanently changed the world of work. In the coming year it will also be common for some employees to work from home, others in the office and still others in a combination of both. However, this freedom of work places new demands on security. Because conventional measures - such as simple passwords, since all employees were in the company - are no longer sufficient. Today, security systems have to constantly check the identity of the person and the device. Because brute force attacks and credential stuffing steal identities in order to take over the access rights of an employee.
The concept of Zero Trust - don't trust anyone, check everything - works not only against identity theft, but also against ransomware and DDoS. Here, behavior-based and, ideally, AI-based systems can quickly uncover unusual activities and proactively fend off attacks. It should be noted that even classics such as DDoS attacks are constantly changing. Cyber criminals combine this type of attack with other types to attack companies from different sides at the same time. In addition, DDoS is increasingly being used to distract from the actual attack, for example to extort ransom money later using ransomware. Accordingly, web application firewalls and bot detection solutions should detect and block requests from automatic, malicious bots.
2. Consolidation of application publishing
Three quarters of companies already provide applications in several clouds. Of these, 63 percent use three or more clouds, according to a recent survey by Propeller Insights. But more than half (56%) find it difficult to manage workloads across different cloud providers. The biggest problems are in the areas of security, reliability and connectivity.
Companies therefore need uniform security compliance in multi-cloud and multi-site environments. For this purpose, the similarities between the providers can be used with the help of build-to-scale solutions. This new approach to a "distributed cloud" is based on three principles:
The network must support a model that can be used anywhere, anytime, without compromising quality or the customer experience.
Any inter-networking cloud should be simple, complete and consistent - regardless of the underlying cloud.
Companies get added value through a simple, declarative, API-controlled standardization across control and management levels.
3. Mobile App Security and Bot Prevention
2022 should also focus on better protection of apps and the prevention of unwanted automatic web access. Because attacks on the network and transport layers are increasingly being replaced by attacks on the application layer. According to recent studies, Layer 7 attacks have increased by 20 percent in the last two years. The extent and severity of its effects increased by nearly 200 percent.
Attacks on Layer 7 are more difficult to detect because bots and automation make it possible to disguise the attack as legitimate data traffic. Companies need regular insights into the behavior of applications. To do this, they should create baselines that identify normal behavior. Deviations from this can then be detected automatically. This gives an important indication of possible malicious traffic that the security team can specifically analyze.
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.