When the US Justice Department announced in November that it had arrested and charged a hacker suspected of taking part in the Kaseya cyber-attack, it was just the latest salvo by the US to tackle the ransomware flurry that took on a new level of danger in 2021.
Kaseya, the IT management software firm, was struck by hackers in July in a supply chain ransomware attack. The company said that only a small sliver of its clients was affected but many of these clients are managed service providers, meaning a downstream of effects on smaller businesses that use these providers. The attack held similar hallmarks to the SolarWinds attack.
However, Kaseya was just one of many victims in 2021 where ransomware reached new heights, pursuing more ambitious and daring targets.
The banner attack of 2021 that sent shivers down the spine of every IT manager and security team member this year was the ransomware attack on the Colonial gas pipeline.
The attack on Colonial’s systems in May forced the energy company to disable some of its operations. This disrupted the flow of petroleum from Texas to New Jersey through its 5,500-mile pipeline. It was the much-feared physical impact of a cyberattack.
Kevin Haley, director of product management for security response at Broadcom, told IDG Connect that these major attacks in 2021 showed just how bad ransomware can get.
“What are the top three things or trends of the year and I think there are three, it's ransomware, ransomware and ransomware,” he said, adding that poor patching and lax measures at some companies, which leave systems vulnerable, continue to drive the proliferation of ransomware attacks.
“Success always drives the market. Everybody wants to copy somebody that's been successful. It's true in the real world and it's also true in the criminal cyber world,” Haley said.
IT talent hunt
IT teams investing in more robust cybersecurity tools to prevent or address malware will be a key trend in 2022 but finding the right people will be key too. This fits into a broader issue of the hunt for tech talent.
It was an issue that existed long before the pandemic but has accelerated since then and the mass shift to remote working has opened a new dynamic in this talent crunch.
Buddy Brewer, global vice president and general manager of New Relic, the application performance monitoring company, said that companies need to be attuned to new trends in the IT space in order to find the best talent. The company acquired the start-ups CodeStream and Pixie Labs in the last 12 months to bolster its own teams.
“Speaking personally from my own experience, I can't think of a time where it's been a more competitive market for talent than right now. On the other hand, I think one of the silver linings that came out of the pandemic was that we got really good at remote work,” Brewer said.
The companies that have focused on getting better at remote work will be in a better position to weather these storms, he said.
“It helps with talent acquisition. It also helps with diversity. We can look across the entire globe for talent.”
Adoption of new tech
New areas in tech development and monitoring will take on a greater importance, according to New Relic. It recently published a report on observability, which refers to high level overviews of software – sometimes referred to as “software monitoring on steroids”.
It found 91% of developers recognise observability is critical to software’s lifecycle but it’s still largely overlooked and there’s a “huge gap” in adoption.
Per the report, only 26% of respondents have a mature observability practice with many respondents saying they suffer from a lack of resources and the requisite skills.
Observability will become much more important because software development is more unpredictable than ever, Brewer explained.
“The problems that are going to happen in software tomorrow, odds are they're going to be brand new problems that no one's ever seen before, and so it necessitates a lot of change. It necessitates a change in the way you think about the problem, and it necessitates a change in the tools that you use to try and tackle that problem too,” he said.
“We're on a mission to make observability a data driven daily habit across the entire software lifecycle, specifically for software developers.”
5G future
Every year brings fresh claims of this being a big year for 5G roll-outs. In 2021, that roll-out met its fair share of challenges but it continues on.
“5G is the next generation of network obviously and it is not just an upgrade of 4G, it is a brand new network built from the ground up,” Theresa Lanowitz, head of cybersecurity evangelism at AT&T Business, a division of the telecoms giant.
“With 5G what you get is lower latency, higher bandwidth and from a cybersecurity perspective, we have to be concerned about connecting the data, the applications, the end points and so on in protecting what you're connecting. You're connecting data, applications, endpoints and you have to be concerned about protecting those,” Lanowitz said.
She added that in its latest survey, AT&T Cybersecurity found only 9% of survey participants said that they are really confident in their security posture in a 5G world.
This hasn’t stopped adoption of 5G, she said, with the line of business in organisations pushing that adoption but security needs to be front of mind in that adoption too.
“The line of business side of the house is really focused on working with the cybersecurity teams to make sure that security is front and centre in everything they build. That's really a shift over what we have seen in the past several years,” she said.
Lanowitz expects to see organisations break down many of the silos that have traditionally existed in companies where the CISO and security personnel have limited interactions with other departments. Security teams need to interact full time with everyone.
“One of the predictions we have for 2022 is that we're going to see these silos fracture even more, where we're going to have the CISO really being somebody who works across the whole business,” Lanowitz added.
This isn’t just a matter of securing assets linked to 5G adoption but also key in addressing the wider vulnerability of an organisation especially in a world where ransomware looms large.
“The CISO will now play a bigger and more important role in the organisation as an adviser to the board, trusted member of the c-suite as well as working cross functionally in the organisation.”