This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, offers some insights and commentary on 5G adoption, cyber disruption, and ransomware.
The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021—a 62% year-over-year increase. As a result, it is no surprise that security leaders continue to find themselves spread thin as they look to understand these threats, prevent cyber-attacks, and provide their teams with the latest technologies.
To focus their efforts effectively, security leaders must be prepared for what might come next. Looking ahead, there are prominent industry shifts security leaders must be aware of to meet their cyber objectives. Considering these shifts and their ongoing impact will be crucial as the cyber landscape evolves.
The adoption of 5G will drive the use of edge computing even further
While information security was the focus in previous years and CISOs were the norm, we’re moving to a new cybersecurity world. In this era, the role of the CISO expands to a CSO (Chief Security Officer) with the advent of 5G networks and edge computing.
The edge is in many locations—a smart city, a farm, a car, a home, an operating room, a wearable, or a medical device implanted in the body. We are seeing a new generation of computing with new networks, new architectures, new use cases, new applications/applets, and of course, new security requirements and risks.
While 5G adoption accelerated in 2021, in 2022, we will see 5G go from new technology to a business enabler. With the impact of 5G on new ecosystems, devices, applications, and use cases ranging from automatic mobile device charging to streaming, 5G will also benefit from the adoption of edge computing due to the convenience it brings. We’re moving away from the traditional infosecurity approach to securing edge computing. With this shift to the edge, we will see more data from more devices, which will lead to the need for more robust data security.
Ransomware will be the most feared adversary.
The year 2021 was the year the adversary refined its business model. With the shift to hybrid work, we have witnessed increased security vulnerabilities leading to unique attacks on networks and applications. In 2022, ransomware will continue to be a significant threat. While ransomware attacks are more understood and more real due to the attacks executed in 2021, 2022 will see them continue to be a considerable threat. Ransomware gangs have refined their business models through Ransomware-as-a-Service, available on the Dark Web with full tech support. Additionally, ransomware gangs are more aggressive in negotiations by doubling down with DDoS attacks to bring their targets to the negotiating table. If proper cybersecurity hygiene isn’t followed, the further convergence of IT and OT may cause more security issues and a rise in ransomware attacks.
While many employees are bringing their cyber skills and learnings from the workplace into their home environment, in 2022, we will see more cyber hygiene education. This awareness and education will help instill good habits and further understand what people should and shouldn’t click on, download, or explore.
Cyber disruption will differ across industries—threat intelligence will remain a common solution.
Organizations in finance, healthcare, manufacturing, energy and utilities, and the public sector will all grow their cybersecurity investments in 2022. Manufacturing, in particular, is a prime area for disruption with the increase in the number of IoT devices added during the pandemic to protect their global supply chain and support the convergence of IT and OT.
While healthcare has been elusive in cybersecurity, many individual medical practices will standardize and secure processes in their facilities, especially as more edge use cases become prevalent. Understanding how to secure these new applets and devices is critical.
All industries should use threat intelligence to collect information and make data-driven decisions to prevent attacks and identify cyber threats. Automated threat intelligence can reduce human error, show quicker pattern matching, and deliver results faster while preventing catastrophic disruptions, lowering costs from breaches, reducing the chance of data being stolen, and increasing collaboration amongst IT, security, and development teams. This will help make organizations more resilient and remain operational during and after a cyber-attack.
Securing applications in a software-defined world will be critical for protection.
The transition to remote work has accelerated the software-defined (SD) world. In this world, the business and its customers are digital, and security is at the core of the business. It has been said that every company is a software company. If the applications that make up the digital experience are not built with a security-first approach, vulnerabilities will make it to production and ultimately be problematic for the business from a revenue, trust, or general security standpoint. The applications or applets (we are no longer writing monolithic back-office applications) of 2022 will need to be more compact, purpose-driven, and built with security in mind. While many organizations in 2021 invested in application security and data security, application security will continue to be a primary area of investment in 2022.
The ongoing threat of ransomware and attacks across industries demands attention from security leaders to protect their organizations. Fully comprehending the latest technologies like 5G networks, edge computing, and software-defined architectures will help organizations better prepare for the next threat against their security posture.