32 Experts Share Predictions for Information Security in 2022

img blog 32 Experts Share Predictions for Information Security in 2022 r1

Let’s start off with what we feel were the best two quotes on the Solutions Review list below, then we’ve got some scary stats, some cyber security information about Canada specifically, and then we’ll jump back into the rest of the quotes about the cyber security predictions for 2022. 

BTW, You might want to get a cup of Joe before reading the quotes. Even we zoned out (mainly because we’re security experts and we know this stuff), but, if you care about your business, every prediction can help. Hang in there, you’ll be glad you did… which is infinitely better than being sorry that you didn’t! 

….Erkang Zheng, CEO and Founder, Jupiter One

“One clear trend we will continue to see in the security field is the resource and skill shortage. It’s absolutely a concern and focus we should have in 2022, with the caveat that we are potentially looking for the wrong skill sets in security. Security practices and tooling are changing to more cloud-native, more automation and data-driven, in order to provide greater efficiency and efficacy for continuous cyber governance. As a result, we should focus on hiring security talents with engineering and automation skills in addition to security analysis and testing.”

“Ransomware has gotten scarier, and I expect we will see a lot more of that problem which will escalate as another unfortunate trend for cybersecurity. To some extent, we have seen insurance companies coming out with some complicated policies to address ransomware, either by not paying out the ransoms or demanding extreme security requirements to issue their insurance policies. I think that is a good impulse. The previous trend was that we needed to simplify compliance, which was not a good thing. The unfortunate reality is, money always talks — so, until there is a breach, security is often viewed as preventing nothing. So, for many, the only immediate driving factors are compliance or cyber insurance policies.

Well, there you have it. Still think that cyber criminals won’t target you? Think again. In 2020 alone, 114 million people across the globe lost their jobs. Most people who remained employed had their hours cut significantly. What does that have to do with cyber crime? People all over the world desperately need to find new sources of income. And, many of them turned to Cyber crime. 

If the information above hasn’t convinced you that you seriously need to up your cyber security game, We’ll share some scary (but true) statistics

  • 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete.
  • Russian hackers can infiltrate a computer network in 18 minutes.
  • There is a hacker attack every 39 seconds.
  • Cybercrime is more profitable than the global illegal drug trade.
  • Hackers steal 75 records every second.
  • 66% of businesses attacked by hackers weren’t confident they could recover.
  • There were 3.5 million cybersecurity (unfilled) jobs openings in 2021. (You should hire a cyber security expert now!)

Packetlabs wrote, “Cybercrimes are among the most prolific security threats facing the world currently. Reports suggest that cyber threats resulted in damages worth a whopping $6 trillion in 2021 alone, making it the single largest economic disaster in history. In fact, at the current 15% growth rate, the cost of cybercrimes is expected to touch $10.5 trillion by 2025. 

Even though Canada fares comparatively better globally in mitigating cyber threats, the catastrophic impact of these threats is still a major issue. According to the 2020 Cyberthreat Report, 78% of Canadian organizations faced at least one successful cyberattack; phishing and ransomware being the most common threats.

As these threats and hackers themselves evolve, cybersecurity and the protective measures it offers grow correspondingly. As organizations look at their final quarter of the year and start determining budgets for IT security in the new year, these trends and stats may help solidify budget decisions to support strengthening internal cybersecurity.”

At Adaptive Office Solutions cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

Don’t believe us? Let’s look at what the experts had to say… 

Solutions Review asked 32 experts where they see the field of information security going in 2022 and beyond. You just might be surprised by the differing opinions of these top cybersecurity vendors, security hardware and software providers, and IT software companies. 

Out of respect for your time, we have shortened some of the quotes, but we have not altered what remains below – unless identified by a [bracket]. Also, if the predictions were redundant, we eliminated some of those sections. If you would like to see the predictions in their entirety, the article can be found here. As a side note, if there is more than one quote per person, each quote is about a different prediction.

Lastly, we added links to some confusing acronyms (or terms), and links to the companies that shared their predictions. The reason for the latter is two-fold. First, we felt you would appreciate being able to easily discover more about these cutting edge companies and their solutions. And second, as a means to see if these predictions were self-serving for the companies themselves. 

Okay, enough preamble. Let’s jump right in…

In an article by Daniel Hein for Solutions Review, he wrote, “As part of our Information Security Insight Jam, we got in touch with several experts and asked for their advice and predictions for information security in 2022. These experts represent the top cybersecurity vendors, security hardware and software providers, and IT software companies, and have decades of combined experience with securing and protecting user and company devices. We’ve compiled [these] quotes from 32 experts on where they see the field of information security in 2022 and beyond.   

Onkar Birk, CTO, Alert Logic

“In 2022, we’ll see developers commit to “security first.” Why? Because they know that – every time they introduce a new version of an app or software – they could introduce a new exploit. Development is about discovery, after all, so they’re constantly learning as they go. This community is slowly recognizing that thinking of security as an afterthought only encourages vulnerabilities, attacks, and subsequently, damaging turbulence. By committing to “security first,” developers will build protection into products from the start instead of bolting it on after the fact. The same thinking applies to the safeguarding of apps and software before they are widely distributed within our enterprises.”

James Carder, Chief Security Officer & Vice President of Labs, LogRhythm

“Cyber Attackers commonly use lateral movement techniques to move through an organization’s network after carrying out the initial breach. In 2022, we will see hackers seek to up-level the lateral movement concept for internal networks and apply it to an entire partner network using misconfigured APIs, which serve as a doorway from the internet into a company’s environment.”

Cody Cornell, Co-founder and Chief Strategy Officer, Swimlane

“In 2022, automation will grow beyond the Security Operations Center (SOC) to serve as a system of record for the entire security organization. As companies struggle to adequately staff security teams – and fallout from ‘The Great Resignation’ adds additional stress across the organization – automation will help employees overcome process and data fatigue. Companies will seek to use low-code automation to harness the collective knowledge of their entire security organization and form a centralized system of record for operational data.”

Sam Crowther, Founder and CEO, Kasada

“Over the course of 2021, bots have been tremendously successful in aiding resellers of wanted goods (such as PS5s, tickets, graphics cards, etc.) at securing inventory they can then flip at an incredible markup. Because it is so difficult to find desired goods right now, I predict that mainstream consumers will begin to turn to bots to get gift items that are unavailable on store shelves. The success they have will push bot usage beyond high-end, limited edition goods to basic consumer goods when an arbitrage opportunity exists in 2022.”

Kevin Dunne, President, Pathlock

“In 2022, Zero Trust will shift from a nice to have to a need to have item on every CISO’s agenda. The federal government has already mandated that all agencies employ a Zero Trust approach, and agencies are moving quickly to put these safeguards in place. However, today’s approach to Zero Trust is mostly an application of Least Privileged Access, and a rudimentary one at that. Monitoring of entitlement usage at the transaction level will be a critical capability to ensure that Least Privileged Access is a reality and not simply an assumption.”

Brian Foster, Chief Product Office, ReliaQuest

“2022 will be the return to basic cyber hygiene and cyber resilience. Rarely are organizations getting the fundamentals of cybersecurity, like identity and authorization, right. Companies are chasing new technologies to try and enhance their cybersecurity posture. However, none of these will have a significant impact if there is not a strong foundation of cyber hygiene for further support – especially if any of these shiny technologies prove to fail. Cyber resilience also requires more than just the right products and fundamentals – it calls upon resiliency in terms of people as well. Team resilience during a cyberattack, including fast response and mitigation, must remain a critical focus for organizations over the next year.”

Sascha Giese, Head Geek, SolarWinds

“The explosion in data available to a company has made the use of artificial intelligence (AI) and machine learning (ML) a critical competitive advantage, but the talent and resources required to build solutions in-house is still prohibitive. Ultimately, a machine is faster than a human—or even a group of humans—which means shifting to AI/ML services also allows for cost savings. Yes, purchasing or subscribing to an AI service and integrating it doesn’t come cheap, but it’s still far more efficient than a team of 20 data analysts. In 2022, we’ll start to see AI and ML featured more prominently in organizations’ IT environments through the adoption of off-the-shelf AI/ML services.”

Christina Hoefer, VP of Global Industrial Enterprise, Forescout

“[The] Cybersecurity skills shortage will drive more orchestration and automation. While there has already been an ongoing skills shortage in IT/IoT security, the skills shortage in OT security is far more drastic. Very few professionals and college programs focus on OT [Operational Technology] cybersecurity, and that will take years to fix. With so many cybersecurity point solutions in place and so few people to manage them, enterprises struggled in 2020 and 2021 to incorporate enterprise-wide cybersecurity. For that reason, enterprises will move away from siloed, stand-alone cybersecurity solutions to platform-based software or tools that can provide integration with many other tools.”

Fei Huang, CSO, NeuVector

“Look for enterprises in 2022 to utilize automated scans of YAML files and other Kubernetes resources to identify and mitigate misconfigurations and other risks. Enterprises will similarly implement zero-trust models using policy-as-code and CRDs, blocking all unauthorized run-time network, process, and file activities as a default protection.”

Casen Hunger, CTO and Co-founder, Symmetry Systems

“In 2022, the deployment of zero trust architecture will skyrocket. In our recent research with Osterman, we found that zero trust is anticipated to have a 144% greater impact on the ability to stop data breaches and double the efficacy of existing cybersecurity protections. We expect organizations to put a stronger emphasis on a data-first approach with zero trust initiative to protect their external parties as a result of the staggeringly high number of supply chain breaches in 2021.

Martijn Loderus, Vice President of Solution Engineering & Delivery, Symmetry Systems

“We expect that through 2022, most organizations will have incorporated data security into their Zero Trust architecture initiatives. Focusing on Zero Trust for data will be critical to combatting high-profile ransomware incidents and security issues resulting from the hybrid or completely remote workforces. In the coming year, we can anticipate that organizations will seek cybersecurity measures that harden their defenses against future threats. The recent escalation in ransomware attacks and data leaks has forced business leaders to expect that involvement in a breach is high.”

Dan Maksim, Software Engineer, Beachhead Solutions

“2022 is the year that proactive and automated security risk responses become an absolute necessity for businesses. Ever-expanding threats to systems and data (that go well beyond ransomware) will drive businesses to adopt deeply customizable preset protections that they tune to their own unique work environments and risk areas. Businesses will similarly place a premium on approaches that prevent employee-based risks while remaining transparent to employees. An example is geofencing-based protections that automatically warn the user if a device travels outside expected locational limits, and remove data access if it goes further astray.”

Eve Maler, CTO, ForgeRock

“Balancing security and experience – these two areas share many requirements, including fostering privacy and mutual trust; this is why a no-compromises approach is paramount. In 2022, Identity Access Management (IAM) will become [even] more important as it addresses new requirements in two newer areas: It’s essential for ‘payment’ (and everything surrounding trade and transactions) as well as for ‘people’ (for example, consumer-to-consumer sharing).”

Andrew Maloney, COO and Co-Founder, Query.AI

“When COVID-19 forced organizations to transform their business models practically overnight, companies did what they had to do to keep the lights on and their employees connected in a remote world. They deployed a voluminous number of new technologies in a sprint to sustain operations, and, in many cases, moved so quickly that they were unable to properly address security concerns. This has left CISO’s stuck mopping up a big mess: Plugging all the security holes introduced by organizations’ rush to digitally transform. Even with CISOs focused on COVID security cleanup, they can only move so fast, and we’re likely going to see significant fallout over the coming years (e.g., security incidents caused by cloud misconfigurations, excessive access rights, and Shadow IT).”

“The cybersecurity skills gap still exists and, according to research from Information Systems Security Association and Enterprise Strategy Group, 95% of companies believe the gap has not improved in recent years. Not only are there not enough skilled cybersecurity professionals to fill the number of vacant positions, but organizations are tired of battling the competitive talent pool.”

Carlos Morales, SVP of Solutions, Neustar Security Services

“News cycles in 2021 have been dominated by organizations falling victim to cybercrime, and attacks are now so common that it is no longer a case of if a business will be on the receiving end, but when it will happen for the second, third, or even fourth time. We can expect to see security spending on tech, outsourcing, and talent rise in 2022 as part of wider investments in the Security Operations Center (SOC). Trust in third party providers, track records, peer endorsement, and of course leading class services will all rise in value, as third-party support becomes standard practice.”

API attacks pose an often-overlooked security risk, and we expect to see a continued increase in attackers targeting APIs to disrupt business and harm organizations. One big hazard comes from the fact that APIs have become so ubiquitous that some enterprises may not be aware of where they are, or the function that they perform. While this can cause problems for the backend site when an external API is overwhelmed, it can cause huge issues in the cases where that API is connected to another inside the application. Since they can’t simply cut APIs out of the infrastructure, security leaders need to set safe practices. Start by limiting requests and monitoring traffic rate, and then utilize a more robust application security strategy that includes APIs.”

Brian Murphy, CEO and Founder, ReliaQuest

“If this past year taught us anything, it’s that cyber attacks are only increasing, so it’s paramount that organizations have the best talent to prevent and address these breaches when they occur. In 2022, the industry will need to make substantial progress in addressing the cybersecurity skills gap as efforts thus far haven’t shown the progress we need to properly address increasing threats. ISC2’s recent report made it clear – there aren’t yet enough cyber pros to build secure tech, implement protections or respond to breaches.”

Mike O’Malley, SVP — Strategy, SenecaGlobal

“As more organizations shift their operations to the cloud, some are not as focused on third-party access risk and, as a result, expose their networks. This year, organizations will reprioritize third-party remote access and be more discriminating to pick the “right” cloud provider to ensure their long-term success. As many businesses continue to outsource critical business processes to third-parties, I foresee that they will do a better job of assessing their third-party partners’ security and privacy practices before granting them access to sensitive and confidential information.”

Nilabh Obol, Ph.D, Vice President of Data Strategy, FiVerity

Synthetic identity fraud (SIF) is one of the best kept secrets of the financial world. It’s clearly a big deal – it’s currently the fastest-growing financial crime, responsible for $20B in theft from U.S. banks. It’s a relatively new threat, however, and is extremely hard to detect – so few banks have a robust strategy in place to counter it. I predict that next year, in addition to SIF’s continued growth, government-led efforts will increase awareness of this cybercrime.”

Murali Palanisamy, Chief Solutions Officer, AppViewX

“Looking ahead to 2022 and beyond, there will be an emphasis on seamlessly managing digital certificates and implementing a zero trust model. Due to the surge of digital technologies, the number of machines or digital assets has grown tremendously. Securing these distributed assets and their communication is critical for data security. As such, the need for automation will become even more pressing in the context of digital certificates, which vary in type (SSL/TLSS/MIME, etc.) and source (IoT devices, containers, workstations, etc.). Aside from the heavy workload and significant expertise needed for manual certificate management, the risks of mismanagement that can lead to security compromises are high.”

Jason Pfieffer, Chief Strategy Officer, ReliaQuest

“In 2022, we will see an increase in cyberthreats that will impact critical infrastructure. Society and economies, both at a local and global scale, will continue to see a more direct impact on their day to day lives due to poor cyber hygiene. Supply chain attacks will also become more prolific in 2022, as threat actors continue to target organizations with access to larger target populations. It’s very likely a large and well-known software vendor will be targeted and its software used to proliferate attacks across its customer base within the next year. Good cyber hygiene, cyber resilience, and a zero-trust mindset are all crucial for organizations to prioritize to help ensure they don’t become the next cyberattack victim, or at the very least, mitigate damage when a data breach occurs.”

Craig Ramsay, Senior Solution Architect, Omada

“This shift to more and more autonomy in these processes is a trend I envisage growing throughout 2022. Right now, Identity Management is stuck in a hybrid of manual and semi-autonomous actions. Whilst there will always be a need for some level of human decision making when it comes to the most critical applications and sensitive data, a unified approach to identity will greatly reduce manual effort. This will be realized through increased automation and intelligent decision support where automation is not suitable.”

Josh Rickard, Security Solutions Architect, Swimlane

“As organizations add more third-party SaaS and IaaS providers to their technology stack, the impact of cyberattacks on centralized cloud services will have a broader impact. In 2022, we will see cybercriminals take advantage of misconfigured SaaS APIs to exploit private data at an unprecedented scale. This will lead to a large distribution of core software code becoming compromised and impacting thousands of organizations across the globe. Similar to how cybercriminals have developed phishing kits to launch attacks with minimal effort, ransomware groups will seek to grow the RaaS ecosystem and improve infrastructure. In 2022, this will make it even easier to deploy ransomware attacks and will lead to a rise in more sophisticated attacks such as double extortion.”

Ashok Sankar, VP of Product and Solutions Marketing, ReliaQuest

Zero-trust has been one of the biggest buzzwords of 2021. The surge of recent high-profile cyber attacks has ushered this concept to the forefront for many security leaders and organizations. In 2022, we will see zero-trust adoption speed up, however mass confusion will remain unless we treat it as a mindset shift and a concept versus a product solution. About half (48%) of security leaders say they are prioritizing implementing zero-trust principles as part of their security strategy. That number is expected to only increase in the new year, but too many leaders still don’t understand it to its full extent. Zero-trust can’t be thought of as a single-packaged solution; it’s essentially rethinking enterprise security and cutting across silos. It’s an evolution of the security paradigm that requires continuous monitoring.”

Jackson Shaw, CSO, Clear Skye

“With the new, distributed post-pandemic workforce, companies are having an increasingly difficult time harmonizing their tools and technologies. Additionally, they’re struggling to capture and optimize new revenue streams. As a result, a workplace suite approach, in which all the solutions needed are incorporated in one place, will define the next generation of software. In addition to streamlining security and risk management best practices across business functions throughout an entire organization, a platform approach will also help cut down context switching, reduce friction, and increase efficiencies.”

Daniel Smith, Head of Security Research, Radware

“The evolution to a remote workforce was inevitable. The pandemic accelerated the digital transformation timeline. With the shift to a remote workforce, the attack surface has evolved and expanded in favor of threat actors. Protecting the remote workforce in 2022 from service degradation will be critical to maintaining a productive work environment. In addition, organizations will continue to hire remote employees who they have never met. This will raise concerns around their knowledge base, security hygiene, and exposure to social engineering attempts, resulting in the move towards a zero-trust model.”

Adam Stern, Founder and CEO, Infinitely Virtual

“In 2022, look for the status quo in cybersecurity to remain both fluid and precarious. State actors — or actors supported by states – continue to represent the most insidious ongoing cyber threat, largely through aggressive moves to attack tech companies upstream. The trend is disconcerting and will almost certainly accelerate in 2022. Here’s what keeps IT pros up at night: the systems upon which enterprises rely are themselves undermined. When code finds its way into vast networks, conventional means of protection cease to be effective.”

Nick Tausek, Security Solutions Architect, Swimlane

“This year we have seen an increase in both internal and external actors breaching companies such as Epic and Twitch for “ethical” reasons versus purely financial intentions. In 2022, there will be a significant increase in hacking for a political or social cause. Most organizations in this position will fail to adequately respond to the threat of exposure by focusing only on “clamping down” internally to prevent leakage rather than addressing problematic business cultures that make employees want to go rogue.”

Tilo Weigandt, Co-founder, Vaultree

“With the responsibility for data security threats broadening, there is a strong case to be made for most companies to invest in their internal security team and to hire a CISO. I foresee companies ensuring their senior IT management staff also have a holistic understanding and approach to cybersecurity as an organizational-wide risk issue with a focus on the legal and regulatory implications of cyber risks as they relate to a company’s specific circumstances.”

Darren Williams, CEO and Founder, BlackFog

“In the past year, we’ve already seen ransomware gangs morph into savvy businesses with sophisticated organizational structures, with one going so far as to create a fake company to recruit talent. In 2022, we’ll see this trend continue to pick up steam, with greater coordination between gangs, double extortion evolving to triple extortion and short selling schemes skyrocketing. While many companies, [that are] hit with ransomware, opt to pay up, to quickly resolve the situation, they’ll find themselves paying in other ways when it comes to the court of public opinion. Consumer trust of organizations that pay the ransom will continue to erode and lawsuits will abound as organizations are thrown under the bus for not doing enough to prevent data exfiltration.”

Landon Winkelvoss, Co-founder, Nisos

“With security incidents and breaches skyrocketing, the security industry is looking for value-based metrics that show return on investment. In 2022, threats will continue to rise and will include increased targeting of small to medium sized businesses that are important to the supply chain of larger enterprises. One way to accomplish this is by attacking the identities in the supply chain including mergers and acquisitions that have the least sophisticated security posture. To combat these threats, the security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.”

Greg Woolf, Founder and CEO, FiVerity

“Although fraud analysts express interest in collaborating with their peers to identify fraud, a range of regulatory and competitive concerns hold them back. This will begin to change out of necessity in 2022, as the losses across banks reach untenable levels. Banks lost an estimated $20B last year to synthetic identity fraud (SIF) alone. Meanwhile, private companies are offering tools like double-blind encryption to protect consumer privacy while collaborating.”

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca