Cyber in 2022: A Look Forward

By Robert Hannigan

Anyone involved in the cyber protection of businesses knows that worrying about future trends must be balanced against tackling what is already here.

When the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other global agencies jointly published a list of the most commonly exploited vulnerabilities last year, the striking feature was how old these weaknesses were; many dated back years. So improving defenses — getting the basics right — is still a major project for many organizations. And while they rush to do this against a backdrop of global skills shortages, new problems are constantly stacking up: the Log4j vulnerability publicized in the final weeks of 2021 will keep many security teams busy for weeks, if not months to come, as they assess whether they have been compromised. Perhaps more critically, they also must assess whether their extended supply chain is vulnerable and mitigate the risks their suppliers might pose to them.

Despite the context of this continual complexity, as we enter 2022, we can be confident of some trends to watch. They will be driven by criminal attackers, nation states, the cybersecurity industry, and its customers.

1. Cyber criminals will continue to pursue business models that work against sectors that are productive. This means that ransomware will continue to dominate, generating staggering dividends for attackers. The best hope is that efforts to bear down on criminal groups, disrupt cryptocurrency payments, improve defenses against ransomware delivery, and wreck attackers' business models will have an impact, but this will take time. After financial services and government, healthcare will likely be the most targeted industry. It is seen as slower to improve its security and business interruption cannot be tolerated, for obvious reasons.

In general, we can also expect to see a continuing rise in attacks against manufacturing, Operational Technology (OT) and greater remote management system targeting. The supply chain—already the favored vector for delivering attacks—will become the dominant concern as companies realize that their wider ecosystem represents a threat to them, however good their own internal security. Getting visibility into that risk and then reducing it will be the key priority.

2. Hostile nation states will continue to behave badly, licensing cyber criminality within their jurisdictions: there is little chance of political agreement across borders.

In response, western governments, led by the U.S., will become more interventionist in an effort to drive up defenses across government and the wider economy. We have already seen energetic leadership from Jen Easterly at CISA, Chris Inglis, and Anne Neuberger at the White House, and others across the Biden administration.

Cyber remains an area of bipartisan agreement, and new funding will help improve basic government security, the Computing and Networking Infrastructure (CNI), and the wider industry. But the scale of the task is huge and remedies will not be quick; they can only be achieved in close collaboration with industry. Regulation to improve software development security, to design-in security into Internet of Things (IoT) devices, and to harden the supply chain is in preparation in many countries, but these are long-term projects.

3. The cybersecurity industry will continue to consolidate. Increasingly, even large companies will see cloud-based managed security services as a major part of the answer; this will be driven both by cloud adoption across the business, accelerated by the pandemic, and through the increasingly impressive Microsoft, Splunk Cloud (and others) security offerings.

The opportunities for “single pane” visibility, control of data, compliance, consolidation of products, and cost optimization will be significant. It goes without saying that companies will need expert guidance on how much to “let go” and how to get the best from cloud security products and services; similarly, they will look to solutions that enable them to respond through a single pane of glass. The complexity of both modern IT environments, and the threats themselves, demand these solutions for a more ecosystem-wide and manageable approach.

All companies will need external help in proactively managing third-party cyber risk as well as assessing their supply chains in real time, triaging risk and taking steps to reduce it. Last year was a landmark for supply chain breaches, and it demonstrated that organizations can no longer take a reactive approach here; this category of risk must be continuously monitored and addressed.

The key drivers will continue to be the escalating scale and sophistication of cyber threats and the inability of the cyber skills pipeline to keep up. The cyber industry will therefore be successful in proportion to its ability to automate at mass scale, offering highly sophisticated detection and remediation across the whole ecosystem.

Robert Hannigan is Chairman, BlueVoyant International.