Every year, the cybersecurity sector publishes articles on what we can expect to see in the course of the year. This article, published originally in InfoSec on August 8, 2022 by Ali Hadley looks at the predictions Kudelski Security CEO, Andrew Howard, made at the beginning of 2022 in a podcast with Infosec. As we move to the last quarter of the year, we ask how much has changed and what will carry over as the top cybersecurity trends for 2023.
New strains of COVID. Humanitarian crises. A staggering influx of cybercrime. 2022 has brought us a whirlwind of headline-making events, all of which impact the current and future state of cybersecurity.
Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security and our recent Cyber Work Podcast guest.
Prediction #1: The security of encrypted data is at stake
For years, quantum computing has been a hot topic among cybersecurity professionals. As the technology gets increasingly sophisticated, concerns about the safety of encrypted data continue to grow. But Andrew says it’s not an immediate threat yet.
“Most cryptography today is based on hard math, typically around number factorization,” he explains. “A quantum computer, if large enough and in existence, can theoretically crack these factorial-based algorithms very quickly, such that all current encryption could be at risk.”
Though future forms may threaten anything encrypted with current algorithms, Andrew says this type of quantum computer doesn’t exist right now. It’s still theoretical.
Instead of trading out all of their cryptography, Andrew advises his clients to start thinking about their action plans. “The real concern is what’s going to happen to the data you’re creating today,” he says. For now, a general idea of how you’ll access and store your encrypted and decrypted data is a good place to start.
Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security and our recent Cyber Work Podcast guest. Download our corporate brochure.
Prediction #2: Supply chain security jobs will grow in demand
While big enterprises are more secure than ever before, industries in the operational technology environment (e.g., vehicle manufacturers and other production plants) are paving the way for a new horizon in security.
Manufacturing is a long-established practice, but it has long been avoided from a cybersecurity perspective, partially because it’s disconnected from the internet and partially because making updates means significant uptime requirements, slowing the entire process.
Then came IoT.
Simply summarized as a network of connected devices, IoT is the technology that allows your phone and thermostat to talk to each other. Adopted to help streamline logistics, IoT has made supply chain operations more cost-effective and efficient but also more susceptible to cyberattacks.
Because manufacturers rely on third-party software to manage these devices, they can’t directly control their data or who can access it. Now, instead of stealing just one customer’s information, cybercriminals can directly target these software providers and gain access to thousands of customers’ data. And the risk only increases as more companies complete their digital transformations.
So, what does this mean for the future—and for you?
As the new frontier in product security, there will be growing opportunities for cybercriminals and cyber pros alike. While traditional IT knowledge will be essential, Andrew says, “There will be an equally large need [for talent] on the manufacturing side of the equation as well, because it’s not just your laptop anymore. It’s all your IoT devices, it’s your thermostats, and it’s also nuclear plants.” If you have an interest in both, “there’s opportunity,” Andrew says.
Prediction #3: Ransomware attacks will triple
It’s no secret that ransomware is a highly profitable technique used by cybercriminals. In 2021, these attacks affected 37% of all businesses, costing the world $20 billion in damages. As companies continue to grow and tactics evolve, that number will likely skyrocket to $265 billion by 2031.
Because it is the “money-making tool of choice,” Andrew reminds his clients that ransomware isn’t going anywhere, any time soon. If anything, attacks will only get more sophisticated and consequently more difficult to identify and prevent.
“One of our predictions for the start of 2022 is that ransomware will double, if not triple,” Andrew says. “For the time being, this is the threat of choice. If companies haven’t gotten their act together around this topic, it is time to get your act together.”
Because ransomware requires human error to wreak havoc (i.e., opening a malicious link in an email), employee education is the best way to prevent an attack. But, the groundwork doesn’t stop there. While awareness can keep threats from infiltrating your organization, Andrew recommends a holistic approach to prevent major damage.
“There’s no silver bullet,” Andrew stresses. “It’s going to require backup solutions. We would recommend an incident response retainer with a firm that can respond,” he says. “There are some straightforward things that can be done to limit your risks, like deploying some kind of endpoint technology tool. But it’s not one thing.”
Prediction #4: Remote work will get riskier
While securing remote systems was the #1 priority at the start of the pandemic, Andrew says employee trust is now “the most pervasive issue.”
“Lots of companies have employees that they’ve never seen in person, employees that might have a more transactional relationship with their employer,” Andrew explains. “I think this is where cybersecurity issues are being generated.”
As work shifts out of the office and into our homes, it’s getting harder to keep track of employees, which creates a slew of issues ranging from lack of trust to burnout. These new challenges create friction and a lack of transparency, which can increase the risk of data breaches, whether intentional or caused by an innocent mistake.
Regardless of motive, the isolated work environment isn’t changing any time soon, so Andrew stresses the importance of prevention and vigilance.
In addition to reviewing admin permissions to ensure that only the right people have rights to your infrastructure, you can also implement an insider threat program.
Designed to help detect and deter opportunistic attacks, these programs gather data on security processes and protocols and on users who may have privileged access to your organization.
Advice for up-and-coming professionals
As cybersecurity continues to evolve, employers are looking for sharp, proactive problem-solvers to help them work faster, better and smarter. That’s why programming will become a highly sought-after skill in the years to come. “The security leaders of tomorrow are software developers today,” says Andrew.
While companies make their great migrations to the cloud, they need a cyber pro who knows how to analyze data and automate security processes. If you focus on any one additional skill before applying for jobs, Andrew suggests studying scripting tools such as Pearl and Python.
To learn more about the future of cybersecurity, listen to the Cyber Work Podcast, Predictions for cybersecurity in 2022, with Andrew Howard.