Let me begin by stating the obvious: The cyberattack surface is growing exponentially and diversely. Essentially, it’s a bigger shark and we’ve got the same small boat. The environments, platforms, services, regions and time zones that constitute modern enterprise operations and drive digital transformation for business continue to require increasing specialization and expertise beyond current in-house capabilities.
In part two of our 2022 cybersecurity predictions series, Devo Security Engineering Director Sebastien Tricaud explained Web3 and new security testing trends. While cybersecurity tools and approaches are certainly evolving quickly, so are cybercriminals. Here are my insights on cyberthreats and attacks we should expect to see more of this year.
In part one of our 2022 cybersecurity predictions series, Devo CSO Gunter Ollmann explained the rise of XDR, the detection-as-code and response-as-code movement, and the growing interest in security tools with built-in, on-demand expertise. In this second installment of our series, I share my take on how the cybersecurity landscape will evolve. Let’s dive into it.
There’s only one thing that’s certain in cybersecurity: The cyberthreat landscape is constantly changing, and the tools and solutions we have at our disposal to combat cybercrime must continue evolving if we are to stay ahead of — or at least keep up with — them. As 2021 winds down, the Devo security team is already looking ahead to the most pressing cybersecurity trends likely to appear in 2022. Here are my top three predictions for the new year.
The third annual Devo SOC Performance ReportTM shows that working in a security operations center continues to be painful. Based on an independent survey of more than 1,000 global cybersecurity professionals commissioned by Devo and conducted in September 2021, the report examines current SOC trends and challenges.
A critical vulnerability in the popular log4j library is currently being actively targeted on a broad global scale and possibly exploited based on advisories from multiple CERTs and vendors: CISA, Apache, etc. This Java library is integrated into many IT and DevOps tooling and workflows. On Dec 10, 2021, Apache released version 2.15.0, fixing CVE-2021-44228 (dubbed Log4Shell) an RCE with a maximum CVSSv3 score of 10.
The shift to the cloud has greatly accelerated during the past year, and with that shift most cybersecurity incidents now involve cloud infrastructure. According to the 2021 Verizon Data Breach Investigations Report, 73% of cybersecurity incidents involved cloud assets — a 27% increase from last year. The 2021 IBM Security X-Force Cloud Threat Landscape Report also found there are 30,000 cloud accounts potentially for sale on dark web marketplaces.
Over the past 12 months, the cyberthreat landscape has become much more tumultuous. A data breach analysis from the Identity Theft Resource Center (ITRC) found that the number of data breaches publicly reported so far this year has surpassed the total for 2020. That’s alarming. To combat this constant barrage of cyberattacks, you must equip your security team with the tools they need to match the pace of today’s data growth and cybercriminals’ relentlessness.
Operating an effective SOC requires overcoming a wide range of challenges. Often, security teams have too many disparate tools to manage, too many alerts to make sense of, and too many data sources that prevent the team from achieving full visibility. All these hurdles can make it difficult for your SOC analysts to identify and quickly respond to suspicious behavior and indicators of compromise.
Johannes Loeffler recently joined Devo as chief customer officer. He and his worldwide team are responsible for accelerating Devo’s efforts to provide customers with a seamless and superior customer experience. I joined Devo because I saw an amazing company with huge potential that is disrupting the logging and SIEM market. Devo’s solutions and services provide incredible value to our customers. And our customers are loyal to us, which is something money can’t buy.
