Info Image

Yesterday’s Protection Tools are Tomorrow’s Exploits

Yesterday’s Protection Tools are Tomorrow’s Exploits Image Credit: SasinP/Bigstockphoto.com

As we wrap up this year and look to the future of 2022, here are some predictions for how the past two years will continue to shape the landscape of the networking industry. The impact of the COVID-19 pandemic and the permanent shifts in how people work and connect will continue to shape us and increase the demand for cybersecurity as we work to secure home and remote networks. Some surveys have shown 97 percent of the work force desire some form of remote work whether it is full-time remote or a hybrid model, and it is imperative that organizations embrace zero trust as a bedrock principle. And, as cloud-native application development swells, it is not just home networks that need a makeover, but also securing the development of microservices across distributed teams and platforms. Let’s break these thoughts out into some predictions for 2022.

#1: Software Defined Perimeters Will Be Needed More Than Ever

The reality is that COVID-19 is shifting from pandemic to endemic. We need to learn to live with it, which impacts travel, and how teams continue to work and engage with each other. Employers are already starting to embrace a permanent work from home or hybrid working model. It’s not just BYOD (Bring Your Own Device) anymore, it’s shifting to BYON (Bring Your Own Network). Software-defined perimeters are needed more than ever to connect people and services anywhere on the planet, and, spoiler alert, VPN doesn’t cut it anymore.

Individuals need to understand the concept that the Internet is now your corporate network, and you can’t just post a security guard by your front door to protect it. You need a zero-trust framework. Companies need to reevaluate secure remote access, and not just secure remote access into a company Intranet, but secure remote access from home to home for employees to meet and collaborate online. This is the future of working and companies need to consider how to secure their employees’ home networks, taking into account that these home networks are also transferring data from children and other people in the home, and this could compromise network security. The very concept of a corporate Intranet is being redefined and many question if this will even exist in the future. Organizations need to be cloud ready and examine peer-to-peer data transfer. Data never stays in one place so we can’t control the flow of it but we can use zero-trust network principles to disrupt the cyber kill chain before it starts. Software defined perimeters force users and services to authenticate first, before allowing any access, including user input fields that can be co-opted to wreak havoc. This prevents SQL injection, cross-site scripting, exploitation of VPN exposed services and a host of other attack vectors. Because of these superior properties, SDP adoption could double in the next year.

#2: Software Development Becoming Modularized Into Microservices

Software development is becoming modularized into what are called microservices. As a whole we are moving away from monoliths where web applications and websites aren’t being built on a single server rather, they are built on numerous servers. For example, if you visit a website the shopping cart may be pulled from one container, product information from another, the home page from another, meaning a single website’s data is pulled from multiple servers. Microservices usecontainers and distributed services to modularize development, utilizing API’s to stich the pieces together. Protecting cloud-based containers and Kubernetes clusters is now an imperative for DevOps folks. This is a huge area of unmet need that must be addressed.

With more of these organizations moving to cloud-based containers, the community is recognizing the differences between traditional and modern security in cloud native architectures, and seeing the value in modern, cloud native security. In fact, a recent report from the Cloud Native Computing Foundation revealed that 85 percent of respondents indicated that modernizing security is very important to their organization’s cloud native deployment, and no one indicated that it is not important.

#3: The Continued Rise in Ransomware Attacks

Ransomware has been on a tear in both frequency and impact. The average payment has gone from $115k to $570k in two and half years. I predict Bitcoin going to $100k and that the average ransom payment could hit $800k, which is why we need to move to passwordless Multi-Factor Authentication (MFA) to make it harder for people to get to your network and deploy ransomware attacks.

With the increase in ransomware and cyber-attacks on software supply chains, organizations need to implement layered defensive practices. A recent report from the Cloud Native Computing Foundation identified these needs highlighting several key principles for supply chain security including trust, automation, clarity and mutual authentication. We are suggesting it goes even further with zero-trust access, multi-factor passwordless authentication and microsegmentation.

#4: Yesterday’s Protection Tools are Tomorrow’s Exploits

Passwords protected users from account takeover over the past 50 years. But, now credential theft is the #1 attack vector. Over the past 25 years, VPNs allowed secure tunneling when away from the corporate perimeter. Today, VPN exploits are becoming more common and easy to use to compromise networks and deliver blistering breaches and attacks.

For 2022, organizations need to make it a priority to reexamine how remote employees work securely. Recognizing the continued work from home environment, groups need to prepare to move to the cloud for company Intranet access, securing home networks with zero-trust access and removing secrets that can be stolen. Expecting an increase in ransomware attacks, especially on supply chains, companies need to focus on software-defined perimeters, zero-trust and passwordless MFA to help prevent these attacks. These are just a few things we are watching and need to focus on as we enter 2022.

Author

Tom Sego is Co-founder and CEO of BlastWave, a leading provider of zero trust networking solutions that help companies simplify security, performance and manageability. Tom oversees operations for BlastWave’s ZTNA solution, BlastShield™, and focuses on cross-functional team leadership. Previously, Tom served as Senior Director of WW Sales Support at Apple.

PREVIOUS POST

OTT Monetization: How Service Providers Can Take Advantage of AVOD and Built-In CRM Technology

NEXT POST

2022: The Year of the Telco Cloud