Cybersecurity: 12 trends and threats for 2022
Published on 21/01/2022 in Inspire
Cyber incidents affected a lot of organizations over the past year. Meanwhile, it does not look like cybercriminals are going to take a break in 2022. Proximus zooms in on the trends and threats for the new year together with four partners.
1. Cybersecurity mesh
Cybersecurity requires a flexible and configurable architecture that allows different components to work together. This platform approach is what research firm Gartner christened “cybersecurity mesh”. Yves Lemage of Fortinet says, “Creating a single ecosystem of best-in-class security solutions, including connectivity and applications, creates better overall protection against cyberattacks.”
2. Zero-trust security
The motto behind zero-trust security is “never trust, always verify.” Jesper Olsen of Palo Alto Networks says, “It comes down to continuously validating every digital interaction and never assuming that authentication or access to devices, applications or workloads is conclusive. Zero-trust provides an opportunity for companies and organizations to properly rebuild their security network from the ground up.”
How do you secure your ever-growing network? This question and several others surrounding flexible enterprise networks are addressed in the Digitalks podcast.
3. Shift from DevOps to DevSecOps
“Given the unprecedented influx of cyber threats, it’s advisable to include security even during the development process of new applications,” Wouter Vandenbussche of Proximus believes. “In this way, DevSecOps forms a logical extension of a DevOps approach. Just as you bring development and operations together, you also integrate security into the development cycles. That brings network management and its security together in an integrated way. That’s why looking for an internal or external party to cover the entire security aspect is a good idea.”
Hackers often hang around inside their victims’ IT environments for quite some time before actually striking.
Nico Sienaert, Business Group Lead Security at Microsoft Belgium and Luxembourg
4. Cloud-proof security architecture
More and more companies are embracing the cloud. The Covid-19 pandemic and telecommuting have further accelerated the shift to the cloud. According to Steven Heyde of Trend Micro, “Malicious organizations are developing strategies to access cloud applications and services. That requires an integrated architecture that’s set up according to the visibility, scalability and accessibility of the cloud.”
5. From cybercriminal to criminal organizations
The days of cybercriminals trying to lure victims with emails in poor English and with poorly rendered company logos are long gone. Nico Sienaert of Microsoft says, “Cybercriminals today are much more organized and thoughtful. For example, they analyze the financial situation of the companies on their radar in advance and consider how much an attack might be worth. Hackers also prepare their attacks meticulously. They often hang around inside their victims’ IT environments for quite some time before actually striking.”
Linux systems are attractive prey for hackers.
Yves Lemage, Manager System Engineering BeLux at Fortinet
6. Attacks via Linux systems
Yves Lemage of Fortinet expects more attacks to come through the Linux open source operating system. “Linux used to enjoy great popularity, primarily for back-end applications such as databases and web applications. Today, the use of docker systems for applications in the cloud is increasing. These docker systems are mostly based on Linux technology. In addition, Microsoft is making a subsystem for Linux available in Windows 11. All this makes Linux systems attractive prey for hackers.”
7. Importance of visibility
Steven Heyde of Trend Micro says, “IT networks are becoming increasingly complex and open. The number of users and devices is constantly increasing. Therefore, it’s important to gain visibility across applications, users and systems and networks. This allows you to prioritize risks and map out critical accesses.”
Cybersecurity teams need to expand their legal expertise in response to the increasingly complex use of the cloud.
Jesper Olsen, Chief Security Officer Northern Europe at Palo Alto Networks
8. Passwordless future
Hackers don’t break in, they log in, so they need passwords. Nico Sienaert of Microsoft says, “Part of the solution is multifactor authentication. Face or fingerprint recognition or a code generator are used in addition to a password before access is granted. But we want to go even further. Microsoft is aiming for a world without an underlying password, for example by combining facial recognition with a code generator in an authenticator app. Anyone who has a Hotmail or Outlook address can already do this. Microsoft wants to extend this to the business world.”
Is no password more secure than a complex password? In this episode of the Digitalks podcast we discuss which authentication method you should use.
9. Attention to Governance, Risk and Compliance (GRC)
Most companies and organizations have to comply with a wide range of standards, laws and guidelines around data security, quality and disclosure. An overarching process provides the necessary oversight and matching support to set up the designated procedures. Wouter Vandenbussche of Proximus: “GRC stands for governance, risk and compliance. It’s about identifying all risks, mitigating them and managing them. With a sophisticated approach, you help the business to further develop and launch new projects. With the growth of telecommuting and work independent of time and place, GRC is becoming even more important.”
10. Data privacy: globalization vs. localization
Countries or regions strive to encourage local industries to secure their citizens’ data. “One of the reasons for this is the open nature of the cloud,” says Jesper Olsen of Palo Alto Networks. “So cybersecurity teams need to expand their legal expertise in response to more complex use of the cloud and the additional security measures that come with that.”
It is important to gain visibility across applications, users and systems and networks.
Steven Heyde, Regional Director Benelux at Trend Micro
In addition to new threats such as killware, where hackers target life-critical processes and devices in hospitals, Nico Sienaert of Microsoft also expects a rise in disinformation via so-called deepfakes: fake videos or messages that are almost impossible to distinguish from the real thing. “They can be used in many ways to manipulate opinions and inflict reputational damage,” Sienaert says.
12. Supply-chain attacks
The number of supply-chain attacks is growing. Smart targeted attacks with ransomware, for example, don’t just affect one company or organization, they impact the entire ecosystem. A chain is only as strong as its weakest link. Therefore, companies explicitly choose their new suppliers or partners based on how they have set up their cybersecurity. This keeps them resilient and ensures business continuity at all times.
Cybersecurity is constantly evolving. Secure your infrastructure and workstations against sophisticated attacks and prevent your company’s applications and websites from becoming inaccessible.
Would you like to discuss an issue with one of our cybersecurity experts?
Yves Lemage, Manager System Engineering BeLux at Fortinet.
Jesper Olsen, Chief Security Officer Noord-Europa at Palo Alto Networks.
Wouter Vandenbussche, Solution Lead Security Benelux at Proximus.
Steven Heyde, Regional Director Benelux at Trend Micro.
As Business Group Lead Security, Nico Sienaert is responsible for the security department at Microsoft in Belgium and Luxembourg.