While we optimistically hoped for normality in 2021, organizations continue to deal with the repercussions of the pandemic nearly two years on. Once considered temporary measures to ride out the lockdown restrictions, they have become permanent fixtures now, creating a dynamic shift in cybersecurity and networking.
At the same time, cybercriminals have taken advantage of the distraction by launching ambitious attacks against critical infrastructure.
As we continue to deal with the pandemic effect, what can we expect to see in 2022? Here are my thoughts on some of the most talked about topics in cybersecurity and network management.
Related: help secure your business with the best antivirus software.
Taking an application-centric approach
One thing I have been calling attention to for several years now has been the need to focus on applications when dealing with network security.
Even when identifying a single connection, you have a very limited view of the “hidden story” behind it, which means first and foremost, you need a clear-cut answer to the following: What is going on with this application?
You also need the broader context to understand the intent behind it: Why is the connection there? What purpose does it serve? What applications is it supporting?
These questions are bound to come up in all sorts of use cases. For instance, when auditing the scope of an application, you may ask yourself the following: Is it secure? Is it aligned? Does it have risks? In today’s network organization chart, application owners need to own the risk of their application; the problem is no longer the domain of the networking team.
Understanding intent can present quite a challenge. This is particularly the case in brownfield situations, where hundreds of applications are running across the environment and historically poor record keeping. Despite the difficulties, it still needs to be done now and in the future.
Heightening ransomware preparedness
We’ve continued to witness more ransomware attacks running rampant in organizations across the board, wreaking havoc on their security networks.
Technology, food production and critical infrastructure firms were hit with nearly $320 million of ransom attacks in 2021, including the largest publicly known demand to date. Bad actors behind the attacks are making millions, while businesses struggle to recover from a breach.
As we enter 2022, it is safe to expect that a curbing of this trend is unlikely to occur. So, if it’s not a question of “will a ransomware attack occur,” it begs the question of “how does your organization prepare for this eventuality?”
Preparation is crucial, but antivirus software will only get you so far. Once an attacker has infiltrated the network, you need to mitigate the impact.
To that end, as part of your overall network security strategy, I highly recommend Micro-segmentation, a proven best practice to reduce the attack surface and ensure that a network is not relegated to one linear thread, safeguarding against full-scale outages. Employees also need to know what to do when the network is under attack.
They need to study, understand the corporate playbook and take action immediately. It’s also important to consider the form and frequency of back-ups and ensure they are offline and inaccessible to hackers. This is an issue that should be addressed in security budgets for 2022.
Smart migration to the cloud
Migrating to the cloud has historically been reserved for advanced industries. Still, increasingly we are seeing the most conservative vertical sectors, from finance to government, adopt a hybrid or full cloud model.
In fact, Gartner forecasts that end-user spending on public cloud services will reach $482 billion in 2022. However, the move to the cloud does not necessarily mean that traditional data centers are being eliminated.
Large institutions have invested heavily over the years in on-premise servers and will be reluctant to remove them entirely. That is why many organizations are moving to a hybrid environment where certain applications remain on-premise, and newly adopted services are predominantly transitioning to cloud-based software.
We are now seeing more hybrid environments where organizations have a substantial and growing cloud estate and a significant on-premise data center. All this means that with the presence of the old historical software and the introduction of the new cloud-based software, security has become more complicated.
And since these systems need to coexist, it is imperative to ensure that they communicate with each other. As a security professional, it is incumbent upon you to be mindful of that; it is your responsibility to secure the whole estate, whether on-premise, in the cloud, or in some transition state.
Adopting a holistic view of network security management
More frequently than not, I am seeing the need for holistic management of network objects and IP addresses. Organizations are experiencing situations where they manage their IP address usage using IPAM systems and CMDBs to manage assets.
Unfortunately, these are siloed systems that rarely communicate with each other. The consumers of these types of information systems are often security controls such as firewalls, SDN filters, etc. Since each vendor has its own way of doing these things, you get disparate systems, inefficiencies, contradictions, and duplicate names across systems. These misalignments cause security problems that lead to miscommunication between people.
The good news is that there are systems on the market that align these disparate silos of information into one holistic view, which organizations will likely explore over the next twelve months.
Adjusting network security to Work from Home demands
The pandemic and its subsequent lockdowns forced many employees to work from remote locations. This shift has continued for the last two years and is likely to remain part of the new normal, either in full or partial capacity. According to Reuters, decision-makers plan to move a third of their workforce to telework in the long term.
That figure has doubled compared to the pre COVID period and subsequently, the cybersecurity implications of this increase have become paramount. As more people work on their own devices and need to connect to their organization’s network, one that is secure and provides adequate bandwidth, it also requires new technologies to be deployed.
As a result, this has led to the SASE (Secure Access Security Edge) model, where security is delivered over the cloud- much closer to the end user. Since the new way of working appears to be here to stay in one shape or another, organizations will need to invest in the right tooling to allow security professionals to set policies, gain visibility for adequate reporting and control hybrid networks.
If there’s anything we’ve learned from the past two years is that we cannot confidently predict the perils looming around the corner. However, there are things that we can and should be able to anticipate that can help you avoid any unnecessary risk to your security networks, whether today or in the future.
Avishi Wool is CTO at AlgoSec.