Ad Image

32 Experts Share Advice on Information Security in 2022

32 Experts Share Advice on Information Security in 2022

32 Experts Share Advice on Information Security in 2022

As part of our Information Security Insight Jam, we got in touch with several experts and asked for their advice and predictions for information security in 2022. These experts represent the top cybersecurity vendors, security hardware and software providers, and IT software companies, and have decades of combined experience with securing and protecting user and company devices. We’ve compiled 41 quotes from 32 experts on where they see the field of information security in 2022 and beyond.

Thanks to all of these experts for submitting their quotes and advice — and be sure to follow us on Twitter all day for insights, advice, and best practices on cybersecurity during our #InfoSecInsightJam!

Widget not in any sidebars

Thanassis Avgerinos, Co-founder and VP of Engineering, ForAllSecure

“The value of cryptocurrency has dramatically increased over the past few years. And as the value continues to rise, so too does its value to adversaries. But this currency lives on a network with no “armed guards” protecting its vault. It’s not a matter of if, but when, vulnerabilities will be found. And the result could cause a mass evaporation of funds. Bug bounty programs are a start — but there is still much more to do in the way of shoring up the security posture.”

“This year, the SolarWinds attack reinforced the importance of accessing where the keys to the data are, not just protecting the data itself. At the same time, development teams continue to introduce more technologies into their stack to get the “best tool for the job” and enhance their agility. This trend, coupled with a continuously increasing reliance on open source software creates a growing challenge for organizations. As a result, the number of supply chain attacks will continue to increase and it is likely we’ll see more large scale attacks come up in the coming year.”

Peter Bauer, CEO, Mimecast

“After years of high-volume breaches combined with employees sharing excessively via social media, the trove of personal information and intelligence available to attackers is extraordinary and beyond disturbing. This will enable adversaries to craft even more convincing attacks. They will exploit the human layer aggressively, resulting in significant business disruptions and a corrosion of trust. Email and cloud communication systems continue to provide attackers the ideal venue for to target their victims.”

Slava Bronfman, CEO and Cofounder, Cybellum

“Security of software supply chains will be a hot topic in 2022 and beyond – a combination of open-source, commercial, and proprietary code makes medical devices, critical infrastructure systems, and connected vehicles highly susceptible to supply chain attacks. To reduce these risks, companies should embed security design early in the development process, implement monitoring, information sharing, and risk analysis processes, and validate the software bill of materials (SBOM) of connected devices independently.”

Nicholas Brown, CEO, Hitachi ID

“We’re seeing an accelerated adoption of cloud deployment in the cybersecurity space, fueled in part by the rise of remote work environments and increased political and criminal ransomware attacks. The heightened stress of a potential cyber attack underscores the need for a cloud-based solution that can be managed seamlessly by IT professionals. The cloud has become critical for a company’s success in our ever-changing business environment. Users want rich, deep functionality with their cybersecurity processes, and cloud delivers. It’s efficient, cost effective, and allows companies to stay up-to-date on the latest security updates.”

Patrick Carriere, Director, Cloud Platform and Operations, Buildings IOT

“Limiting access to software applications, building systems, and IT infrastructure is critical for building security. Identity management systems improve building security by reducing the number of users who have excessive or problematic privileges to access a building’s digital network and building management system. When implementing an identity management system and integrating it within a building management system, always err on the side of security.”

Steve Cochran, CTO, ConnectWise

“Infosec will dominate our lives in the tech space for the foreseeable future. Companies may think they’re protected, but many of them are using slingshots to protect themselves while the bad guys have tanks, bombs, and machine guns. We have a long way to go as a technology-driven society in terms of cybersecurity. Getting ourselves to the point where we aren’t at risk of a serious attack will be our focus for the next two to three years. On the less serious side, tools that allow us to better engage in the new hybrid working model will become more prevalent. Solutions will be developed that will allow us to work in a more meaningful way during this new era. Tools that let us set up conferences, arrange food deliveries, and show who is in and out of the office will take center-stage now that the majority of companies have introduced hybrid working models.”

Chetan Conikee, CTO, ShiftLeft

“Each day it is possible to encounter a different threat in any part of the world, and the severity of each threat is increasing day by day. A new cybersecurity challenge we are seeing as we head into 2022 are Social Engineering Attacks. They are lethal but straightforward attacks where users can be tricked to provide sensitive information, resulting in massive data breaches. Mostly, it is used in scamming businesses. However, most companies are applying secure spam models and block such phishing attacks. However, due to emotions (greed, curiosity, empathy, and fear), users get easily trapped in the attack and release crucial information. Deepfake is a recently developed mechanism to create fake videos or audios, especially to create riots or to spread wrong information. Hackers use AI-based technology to create counterfeit videos by swapping people’s faces and modifying their speech.”

Maxim Dressler, Co-founder, Vaultree

“The traditional security model is no longer fit for purpose and zero-trust models are simply more relevant in this era of remote working. The need for a zero trust security model has arisen because enterprises no longer tend to host data in-house but rather through a variety of platforms and services which reside both on and off premise with a host of employees and partners accessing applications via a range of devices in diverse geographical locations. Especially with the rise of remote work, companies will rely on an identity driven focus to bring security and networked convergence to organizations.”

Kevin Dunne, President, Pathlock

“When evaluating cybersecurity tools, it’s important to align your security objectives with your business objectives in both the near and long term.  For example, if your company plans on offering a self-service model for your customers, security will need to reach to the customer and how they engage with your offerings.  If there are new geographic expansion, moving into Europe or China, for example, have assets in new regions will require a thoughtful extension of your security approach to those new regions as well.  In the end, security should support the business, as opposed to being seen an inhibitor for growth and innovation.”

Brian Dye, CEO, Corelight

“As attackers have evaded defenses and flown under the radar of detection technologies, defenders turn to threat hunting and in-house analytics initiatives (or worse, external notification of a successful attack) to find adversaries. Regardless of how we find them, we are faced with the same question: What happened then? Of course, “then” could have been weeks, months, or economic quarters ago. How do we know? Where else did it happen? Do we have data for that slice of time? Do we have the right data? In many cases today, we unfortunately answer: “I don’t know” because the alerts and other event logs we keep cannot help us look back in time to what we didn’t know then. This drive to answer “what happened then” leads organizations to a focus on data centric security, which requires changes at both the executive and operational levels.”

Pamela Fusco, Chief Information Security Officer, Splunk

“COVID-19 extended corporations and enterprises beyond the traditional business boundaries through their employees’ home offices. The perimeters have unexpectedly expanded at mach speed to you, corporate citizens at home. The actions you take as a security professional to curtail cyber situations are from afar. Malicious attackers are eager to take advantage of the new norm hybrid working environment and are becoming more patient and persistent. Whether it’s trolling IoT access points repeatedly in stealth mode or targeting a user account with a phishing attack, attackers hone in on the most basic elements of security to obtain a target. Unfortunately, these sightings typically won’t trigger an event because they are often below most alerting thresholds.”

“It’s more imperative than ever that employees remain vigilant to ensure that security operatives are consistent and actively detecting, protecting, and responding.  Organizations are digging in — deeper to identify risks before they morph into a large-scale incident. The agility and ability to crunch, analyze and review low-and medium-level events for the past 30 to 60 days can lead to identifying unearthed events and or a pending attack. Throughout 2021, every organization has been hyper security  conscious and every employee is pivotal to securing their enterprise, customers, and home offices.”

Shai Haim, Security Product Marketing Manager, Radware

“In the world of carriers, several predictions paint a picture for 2022. For starters, some of the same attacks trends we saw in 2021 will continue into next year. Expect to see a greater number of more sophisticated, higher intensity attacks at lower volumes. But don’t be fooled by lower volumes. Phantom floods – the relatively low volumetric floods that fly under the radar, especially in high bandwidth networks – can be equally as disruptive and damaging as the higher volumetric attacks that make news headlines. To detect and mitigate this new generation of attacks, carriers will need to use more automated, granular, and dynamic security solutions.”

John Hellickson, Cyber Executive Adviser, Coalfire

“Many organizations did not have a robust security infrastructure/architecture prior to the pandemic, and the need to enable the entire company to work remotely in short order only exasperated the ability to address foundational security elements. With this shift, many of the security & risk management tools were implemented primarily with an on-site workforce in mind, which will now need to be reconsidered and/or rearchitected to get the originally expected risk mitigation capabilities and ROI. This rationalization of existing tools will be a great time for organizations to adjust their cybersecurity strategy and approach for increased cloud adoption to reduce operational burdens, improved DevSecOps to reduce risk while instilling confidence in faster release cycles, and implementation of zero trust models to reduce the attack surface while ensuring efficiencies in the work from anywhere paradigm. Any organization with an appetite to tackle one or more of these strategies will likely collaborate with their risk & governance teams to adopt a continuous compliance approach.”

“The cybersecurity landscape has drastically changed over the last few decades, with one thing being constant: we’re inundated and we inundate others with too much information. There have been, and continue to be, attempts to correlate massive volumes of cybersecurity related data sources to make timely and wise risk management decisions, because of course, we need to detect bad actors before they can cause too much harm. Security teams constantly get push back from infrastructure & development teams stating that information provided, such as vulnerabilities to remediate, is too noisy and fraught with false positives. With the help of industry leading and targeted solutions, the data produced alone from vulnerability management and application security tools will be analyzed and enriched with meaningful company specific context and integrated into existing workflow management tools that development and infrastructure teams already use. This focus on correlating vulnerabilities across multiple toolsets to reduce information overload and resulting analysis paralysis will provide increased visibility, a reduction of false positives, and a measurable reduction of risk that will transform DevSecOps programs while simplifying the process of remediating vulnerabilities.”

“In 2021, there was a lot more media awareness and consequently senior executive awareness about the impacts of large cyber attacks and ransomware that brought many organizations to their knees. These high-profile attacks have elevated the cybersecurity conversations in the Board room across many different industries. This has reinforced the need for CISOs to be constantly on top of current threats while maintaining an agile but robust security strategy that also enables the business to achieve revenue and growth targets. With recent surveys, we are seeing a shift in CISO reporting structures moving up the chain, out from underneath the CIO or the infrastructure team, which has been commonplace for many years, now directly to the CEO. The ability to speak fluent threat & risk management applicable to the business is table stakes for any executive with cybersecurity & board reporting responsibilities. This elevated role will require a cybersecurity program strategy that extends beyond the standard industry frameworks and IT speak, and instead demonstrate how the cybersecurity program is threat aware while being aligned to each executive team’s business objectives that demonstrates positive business & cybersecurity outcomes. More CISOs will look for executive coaches and trusted business partners to help them overcome any weaknesses in this area.”

Tom Huntington, Executive Vice President of Technical Solutions, HelpSystems

“2022 is the year that C suite recognize that they are getting further and further behind on their security projects. They’ll start to turn to RPA (Robotic Process Automation) and enterprise automation to help their teams become more productive in the battle against the cybercriminals. If they cannot hire talent, automation allows them to augment this deficiency. This effort takes SOAR (security orchestration automation and response) to a new level.”

Kim Johnson, VP of Product, BIO-key

“While it seems that the biggest challenge for identity security would be successfully defeating the “bad guys,” it is a lack of resources that could create the biggest hurdle for organizations in 2022. With the recent explosion of cyberattacks, organizations know that they need to improve their identity security, with many solutions to choose from. Yet many are deterred by the high costs and workload required to implement critical security controls, as well as the lack of cybersecurity talent required to do so successfully. Organizations will need seek out flexible, affordable solutions to improve their identity security in 2022.”

Neil Jones, Cybersecurity Evangelist, Egnyte

“Ransomware-as-a-service (RaaS) will continue to grow and become more sophisticated over the next year. By September of 2021, the number of publicly reported data breaches had already surpassed the total of the previous year by 17%. This is not a new problem and with its increasing frequency it’s important for our leaders to understand how profitable an industry RaaS has become, and the risks they may be facing. We cannot underestimate the intelligence of these RaaS gangs. They are constantly overcoming systems and evolving with new technological advancements. Don’t let your company be fooled by false notions or assumptions about cybercriminals, especially that paying ransom will magically restore access to your company’s files. Instead, stay proactive and vigilant as you create and manage your cybersecurity systems.”

Ryan Lasmaili, Co-founder, Vaultree

“Encryption technology is becoming more widespread. While industries such as finance, health and law enforcement are early adopters of encryption, we will begin to see more industries implement better data protection as their knowledge on the benefits increase. Realizing that encrypted data is useless to criminals and that searchable encryption is practical and could solve many of the issues surrounding data privacy, will encourage more adopters of the technology.”

Elaine Lee, Staff Data Scientist, Mimecast

“In light of rapidly advancing deep fake technology and increasing reliance on virtual collaboration tools due to the post-COVID-19 work arrangements, we should be concerned about malicious actors getting more sophisticated in their impersonation attempts. What was a cleverly written phishing email from a C-level email account in 2021 could become a well-crafted video or voice recording attempting to solicit the same sensitive information and resources in 2022 and beyond. After some incidents of a phishing attack of this nature, organizations will want to move toward verifying such content with a process (manual and/or automated) that results in an explicit ‘certificate of authenticity’ designation. Or, they may adopt more secure authentication regimes (e.g., blockchain) and require the originator of the voice/video content to authenticate in this manner.”

Danny Lopez, CEO, Glasswall

“With each new year, it’s important for executives and board members to view their cybersecurity measures with fresh eyes. Hackers will never rest when it comes to finding new angles to break into organisations’ critical systems. Once one problem is patched, they will just continue to poke and find new openings that will enable them to steal data or move laterally across the network. One way, this is expected to escalate over the next year is through the insurgence of bad actors and insider threats. According to IBM, 60% of organisations have more than 20 incidents of insider attacks a year and the cost related to these incidents was over $2.7 million. This means not only do companies need to be aware of exterior threats, but aware of internal vulnerabilities by implementing a zero trust approach.”

Andrew Maloney, COO and Co-Founder, Query.AI

“The concept of data centralization for threat detection and response had a chance of working when data volumes were small, housed on-premises, and protected by a security perimeter – but, even then, it was a lofty goal. In today’s world, it’s impossible. There are new technologies producing different data types, formats, and sources; data lives in disparate silos across many different environments, including on-premises, on the cloud, and within SaaS apps; and data volumes have skyrocketed – all of which have eradicated the reality of universal data centralization and a single pane of glass. Today, organizations must modernize their security operations to deal with decentralized, distributed data from a variety of tools and platforms, and this means thinking outside the box.”

Matthew Meehan, Chief Operating Officer, TokenEx

“The continued rise in cyberattacks we witnessed in 2021 will cause C-level execs to take cybersecurity more seriously. There are two risk buckets to consider in this regard: business interruption risk (where the business goes down as the result of an attack); and liability for loss of sensitive customer and other data. The technologies to manage these risks are different, but both sets of risks are concrete, quantifiable, and have a direct, immediate economic impact as well as reputation and brand-value implications. Boards and executives that appreciate the quantifiable aspects of these risks will invest wisely to protect and build company value over the coming years.”

Carlos Morales, SVP of Solutions, Neustar Security Services

“Cybercrime has become a lucrative and mature market; we have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe havens. This sophistication, combined with a booming market, means that what were once informal criminal groups and individual malicious actors are now fully fledged criminal enterprises, providing as-a-service offerings – most commonly for ransomware and ransom-related DDoS (RDDoS) attacks – and malware licenses to established customer bases and target markets. We will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. Public infrastructure and large, private businesses that provide vital services – like cloud providers or data centers – will likely remain at the top of the target list, since the risk of the potential knock-on effects from an attack (service disruptions that impact customers) adds extra incentive for them to pay up. Organizations must implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks, and they need to partner with security providers that continually evolve their defense capabilities. These new best practices prove far more cost-effective in the long run and will provide peace of mind for organizations.”

Joe Partlow, CTO, ReliaQuest

“The lack of enterprise-wide visibility across security tools, combined with the prevalence of tool sprawl, will lead to greater need for and adoption of Managed Detection & Response (MDR) solutions in 2022. A mere 13% of security leaders say they have greater than 75% visibility across all security tools – and on average, organizations maintain a whopping 19 different security tools, with less than a third of those being vital to security objectives. This poor visibility across numerous tools puts organizations at an increased risk for cyber attacks; this cannot continue into 2022. These ongoing struggles will drive demand for MDR solutions that can drive efficiencies across investments – tools and people – while also reducing risk with faster detection, investigation and response. Organizations need to bridge existing gaps and gain visibility to better protect against malicious actors. You can only protect what you can see, and in 2022 we will see more security leaders adopt MDR solutions to aid in those efforts.”

Brian Pick, Managing Director of Managed File Transfer, HelpSystems

“Organizations will continue to look closely at how to minimize any type of data breach. This includes a close examination of how they are exchanging data/files with third parties. For example, we’re seeing a lot of inquiries that relate to organizations taking a closer look at any processes that require someone to manually secure a file before it’s exchanged. This could include having a programmer write a script to transfer a file securely or someone using a PC application to encrypt the file first before sending it. Security personnel are looking for a consistent, reliable and auditable process for securely exchanging files that help prevent data.”

W. Curtis Preston, Chief Technical Evangelist, Druva

“Cybercrime will increase due to the ease with which bad actors can be paid via bitcoin, and similar currencies, without being tracked. But, if a concerted, coordinated effort, such as the White House’s “The Counter-Ransomware Initiative,” a coalition of 30 countries aimed to ramp up global efforts to address the threat of ransomware, is able to address this core issue, it could be quite effective. However, cyber crime is ever-evolving. Even with greater coordination than is likely in the White House’s” Counter-Ransomware Initiative,” ransomware will still remain a threat. US Senator Elizabeth Warren’s proposed new bill, The Ransom Disclosure Act, is the beginning of more regulations to come around ransomware, as it aims to de-incentivize paying the ransom and, by extension, make ransomware a less tempting tactic for criminals. As the number of attacks that include both exfiltration and ransomware continues to grow, we can expect to see many more of these types of regulations.”

Craig Ramsay, Senior Solution Architect, Omada

“Intelligent unification will be a major trend in 2022 in the Identity Management space – in other words, a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, and the contexts through which they have the access will be crucial in reducing identity related risk. By breaking down these siloes and sharing information across these boundaries adapting to new identity challenges as they arise will become easier.”

“The sharp uptick in cloud adoption and SaaS offerings will continue across the board, which will make it easier for organizations to increase the services they’re consuming. With this trend in mind, any solution providing Identity Management and/or Identity Governance capabilities must provide versatile configurability to integrate and scale with the future and changing needs of businesses. Combinng this configurable flexibility with increased identity analytics means we will start to see intelligent unified governance platforms that enable huge reductions in manual effort in implementing, managing, and interacting with Identity Management processes.”

Matt Sanders, Director of Security, LogRhythm

“Malicious actors have repeatedly demonstrated their technological aptitude at infiltrating and compromising organizations. Those same skills will be increasingly applied to the open-source software ecosystem (which welcomes all contributors), where attackers can intentionally introduce vulnerable code to widely used open-source software components. This would allow cybercriminals to exploit vulnerabilities on a massive scale, targeting companies that have built products using open-source technology without reviewing the code before copying and pasting it into their platforms. Such attacks can be extremely difficult to detect. It is likely that several instances of such attacks are already present in widely used open-source software today, which may be found in the year to come.”

Dave Sikora, CEO, ALTR

“There is no way to protect data privacy, access and use without first ensuring that the data is secure – a complex job for governance and security teams that will be made clearer by regulations this year. A big regulatory storm looms on the horizon: a U.S. federal data privacy law on the level of the Sarbanes-Oxley Act of 2002, which would require corporate officers of publicly traded companies to personally certify that the company’s data security/protection statements are accurate. I certainly hope that we don’t see scandals as shocking as those of Enron, but if data breaches continue to worsen, we can expect legislation that requires publicly traded companies to have board-level data audit committees documenting how the company is protecting sensitive data, with CEOs and CDOs required to sign accountability statements.”

Harman Singh, Director, Cyphere

“Security misconfiguration attacks are one of the most common threats around cloud computing infrastructure. Misconfiguration issues include publicly accessible or misconfigured storage buckets (S3 or azure storage blobs), unrestricted outbound access or use of unencrypted tokens or keys, and so on. It is critical to follow technical security baseline procedures that can be established internally in line with something like CIS benchmarks or comparable standards to avoid security misconfiguration vulnerabilities. At times, even the tiniest of changes lead to misconfigurations that may have a significant impact on cloud security posture and set off a chain reaction with other security issues.”

“APIs are critical for processing and data access and integration in cloud computing. APIs may represent a significant high-security threat on a communication line if they are not adequately secured. If not adequately protected, the same APIs might be exploited allowing access to the underlying components. The most common API risks include broken object level authorization, user authentication, data exposure, broken function authorization, security misconfiguration and injection attacks. As most companies use numerous and frequent APIs in the cloud, API security is a major issue for cloud computing. Before going live with your APIs, consider penetration testing to ensure you’ve discovered all of the potential vulnerabilities affecting them.”

Prakash Sinha, Technology Evangelist and Senior Director of Corporate Marketing, Radware

“As more cloud and on-premise applications use open APIs, scraping and bot attacks on applications will continue to increase. Looking forward, organizations will need to evaluate and invest in better security mitigation technologies to address bot protection, API and application security, and data leak prevention. In addition, they’ll need to look at entitlements and permissions to access APIs, applications, and user data. In 2022, we should also expect to see bigger investments in more advanced visibility tools as well as forensics tools that provide actionable insight for management, monitoring, auditing, compliance, and troubleshooting.”

Jeff Sizemore, Chief Governance Officer, Egynte

“Protecting unstructured data will likely be one of the biggest challenges in the new year. If you can’t see it, you can’t govern it. If you can’t govern it, you definitely can’t manage privacy. However, organizations need to have visibility into structured and unstructured data to build out an effective data governance program, and there are data security and governance tools available to protect that information across the board. We also expect to see ongoing privacy assessments becoming more common. Organizations need to put privacy at the forefront and make sure they are solving the problem holistically in the new year and well beyond.”

Joe Vest, Tech Director, Cobalt Strike by HelpSystems

“The goal of cybersecurity is not to prevent the ‘hack’ but to prevent a threat actor from achieving their goal. Prevent first, detect always. Many of our security controls focus on prevention, but it is nearly impossible to prevent all threat activity. If we can’t prevent threat activity, then it is crucial that we detect it.”

“Threat needs a vote. If the goal of security operations is to protect against a successful attack from a threat, it only makes sense to include the opinions of those you are defending against. How do you include the threat in security defensive design? Conduct threat emulation-based engagements, like red teaming, to measure and understand how defense prevents, detects, and responds to threat activity. Use this data to improve program deficiencies rather than mitigate flaws.”

Brian Wrozek, CISO, Optiv Security

“The impact of the “great resignation” will be significant. Many companies and cybersecurity teams will struggle to execute on new projects as they spend more time onboarding and training new resources. At best, they will tread water and maintain their current cybersecurity maturity. I suspect many will see a decrease in their cybersecurity resiliency as new projects get put into production without proper security and existing procedures get ignored since there just isn’t enough time in the day to complete all the items on the to-do list. Since existing resources are overtaxed just maintaining the status quo, successful attacks will rise.”

“With the increase in U.S. government cybersecurity regulations and companies expanding their efforts with third-party risk management audits, confusion over conflicting compliance requirements will reign. This will be especially burdensome for global countries. Cybersecurity teams will have to spend even more time demonstrating compliance to multiple stakeholders taking critical time away from actually implementing stronger cybersecurity controls.”

“The increased exposure of threats and attacks, plus the high number of unfulfilled cybersecurity jobs, have brought more people into the talent pipeline. Universities and educational companies will see an influx of students who wish to become cybersecurity professionals. There also are more and more alternatives to standard degrees to grow your cybersecurity skills. While it will take time for these fresh recruits to have an impact, it bodes well for the future of the profession.”

Our Buyer’s Guide for SIEM helps you evaluate the best systems for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace, questions you need to ask your organization and your potential SIEM providers, and a Bottom Line Analysis for each vendor profile.

Download Link to SIEM Vendor Map

Share This

Related Posts