What is to come and how companies can prepare
A statement from Arne Ohlsen, Senior Field Marketing Manager at SailPoint
Arne Ohlsen, Senior Field Marketing Manager at SailPoint
The past year has been very eventful for IT security. In many places, pandemic-related, hybrid working models have once again been dug out of the ground with provisional solutions. This new way of working once again made it clear how much the corona pandemic has shaped the threat landscape and mercilessly exposed vulnerabilities. Cyberattacks have evolved and companies have discovered the advantages of cloud applications for themselves, which potentially – if not properly secured – entail further risks for IT security. The good news is that the increase in decentralized working models has led to managers increasingly focusing on a robust, holistic security strategy. Identity security is more important than ever.
The findings of the current year allow some conclusions to be drawn as to which trends are already emerging for 2022:
There is no alternative to investing in identity security and cloud security
In the past, cybersecurity teams have focused heavily on hardening to prevent outside attacks. However, attacks based on compromised identities are on the rise. Here, a single vulnerability is often enough to cause great damage. The attackers use valid credentials in these attacks to gain control over a network. To prevent or detect such attacks, companies should rely on a zero trust architecture. Investing in identity security is now more important than ever, as remote employees bring not only their own devices, but also their own IT environments. Investments in the hardening and monitoring of cloud security are also becoming a crucial building block for corporate security. The use of cloud services is increasing rapidly and it must not be forgotten that the responsibility for securing and monitoring a cloud environment does not lie with the provider, but with the customer. Security misconfigurations in the cloud represent an immense attack surface, which is getting bigger every day.
Ransomware will continue to evolve
We now see that ransomware converges with hacktivism. For example, companies are attacked with ransomware because the hacker rejects the values, the industry or the actions of a company. In these cases, the hackers do not even ask for a ransom or offer to decrypt the data. We also see that ransomware gangs are now able to acquire zero-day vulnerabilities that were previously only accessible to nation states. Ransomware-as-a-service will continue to make ransomware accessible to a larger number of cybercriminals. At the same time, company insiders are paid to launch ransomware attacks against their own operations. The nation-states will continue to invest heavily in identity compromise and in corresponding attacks, which are very difficult to detect because they are not classic malware, but rather use native functions to carry out the attacks.
AI-based security will gain momentum
Cybersecurity teams have struggled to trust AI decisions and alerts in the past. However, due to the high demands in the field of cybersecurity, the numerous warning messages and the scarcity of resources, companies will be forced in the future to learn more and more – not only through automation, but also through AI. It can be assumed that this trend will continue to accelerate. However, cybersecurity teams will demand real transparency about the AI algorithms in order to be able to trust, check and analyze the AI results and the guided actions.