Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022.
1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches
One area organizations need to continue to monitor in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end-users to collect and process data. The reality is that these apps constantly communicate with different entities and systems like software-update infrastructure and with each other — interactions that are often not monitored.
In late 2020, the cybersecurity community uncovered one of the worst breaches in recent memory when the SolarWinds software-publishing infrastructure was infiltrated. More than 100 organizations, including nine U.S. federal agencies, were compromised by trojanized updates that opened backdoors to their infrastructure. This is a prime example of how a weak supply chain can be used to amplify the attack by taking advantage of cloud interconnectivity. Now that this attack vector was proven to be successful, expect copycats to follow suit in 2022.
In addition to SolarWinds-type attacks, Lookout predicts threat actors to look into exploiting another seldomly-monitored area: cloud-to-cloud interaction. For example, it is very common for organizations to use HR software to capture an employee’s personal and financial information, which is then shared to a payroll system. Once apps are connected to each other, seldom do enterprises monitor these automated workflows for changes in behavior. An attacker could exploit this implicit trust between systems to siphon off sensitive data without anyone noticing.
2 — User error and account compromises to become more pronounced
One of the major advantages of SaaS apps is the ease by which we can collaborate with colleagues, customers and business partners. Using apps like Workday, Salesforce, Slack, Google Workspace or Microsoft 365, we can share content and collaborate with others with very little friction.
But this interconnectivity also significantly amplifies the impact of any user errors or attacks. Whether an employee accidentally shares a document with the wrong person or a compromised account extracts information, data now moves at lightning speed. As we head into 2022, with hybrid and remote work cemented as the new norm, Lookout expects this to become an even bigger issue.
3 — Converging technologies to bring threat hunting to a new level
One of the steps organizations need to take to tackle evolving threats is to leverage threat hunting, also known as detection and response. The requirement for this is quickly becoming recognized, including with the U.S. government. I’m encouraged by the fact that the U.S. Office of Management and Budget (OBM) provided funding guidance for federal agencies to adopt detection and response capabilities.
To operationalize threat hunting in 2022, Lookout expects organizations will look into integrated endpoint-to-cloud security solutions that are cloud-delivered. With everyone working from anywhere and using unmanaged devices and networks, there are an unprecedented number of entities and communications for security teams to track. When security technologies converge in the cloud, organizations can take advantage of storage and computing power that on-premises tools never had. Security teams can also leverage security insights in a single place, enabling them to hunt for threats or conduct forensic investigations proactively.
4 — DLP to become center of cloud-delivered cybersecurity
Data loss prevention (DLP) has traditionally been deployed as a standalone tool tethered to an enterprise’s perimeter data exchange points. This isn’t how things work anymore. Data now flows freely between clouds, endpoints and other entities — not just enterprise managed, but also with partners and contractors. To regain control, organizations need full visibility into how their data is handled regardless of where the users are and what device and network they’re using.
Lookout predicts that organizations will accelerate the move to cloud-delivered solutions where data protection, inclusive of DLP and enterprise digital rights management (E-DRM), are at the heart of it. More and more enterprises will look for advanced DLP capabilities such as exact data match (EDM) and optical character recognition (OCR) to keep abreast of all the new workflows. Only by tapping into the scalability and power of the cloud can security solutions ensure that data is protected efficiently without hindering productivity.
Is 2022 the beginning of the end for on-premises security?
Nearly two years after most organizations were forced to experiment with remote work, 2022 will be an inflection point for both threats and cybersecurity solutions. With increased interconnectivity comes heightened security gaps, such as software supply chain vulnerabilities and data leakage. But this also means an accelerated adoption of integrated, cloud-delivered security solutions that enables proactive threat hunting and advanced data protection.
On-premises security tools that are deployed in isolation are no longer enough, even for on-premises workloads. To tackle the ever-evolving challenges of a cloud-first world, organizations need to invest in an integrated platform that can secure their data from endpoint to cloud. Join Lookout on their upcoming webinar on January 27th at 10 am GMT: 3 Steps to Protect Cloud Data in the Wake of the Pfizer Data Leak.
To learn more about how organizations should take advantage of the convergence of security technologies, download a complimentary copy of the “2021 Gartner Strategic Roadmap for SASE Convergence.”