McAfee Chief Scientist: Cybersecurity Challenges Ahead
Heading into 2022, cybersecurity teams will need to up their game as both the volume and sophistication of attacks continue to increase. In fact, in terms of zero-day vulnerabilities being exploited, 2021 is notable for being one of the worst on record. Within hours of disclosure, vulnerabilities are being exploited and attacks launched at a rate that is now applying a lot of pressure to patch management processes that, within most organizations, are inconsistent at best.
Raj Samani, chief scientist and fellow at McAfee Enterprise, said combatting the next generation of cybersecurity threats will require a shift in tools, tactics and processes that collectively enables cybersecurity teams to track and monitor behaviors across an integrated IT environment.
While it’s always preferable to thwart attacks, Samani said the sheer volume of increasingly sophisticated attacks means cybersecurity teams are going to have to assume malware is already lurking somewhere in what has become a highly distributed IT environment. The challenge is finding a way to detect that malware either before it is activated or as soon as it starts communicating with the command-and-control servers that cybercriminals have created to launch and then manage their attacks, added Samani.
Cybercriminals are also increasingly targeting application programming interfaces (APIs) and container software artifacts that are the core of next-generation cloud-native applications running on platforms such as Kubernetes, noted Samani. Many of the APIs being deployed are easily misconfigured by developers that tend to have little cybersecurity expertise. Cybercriminals, conversely, are becoming more adept at scanning for misconfigured APIs that, for example, lead to an open port through which data can be exfiltrated.
In addition, Samani noted that cybercriminals affiliated with nation-states are starting to weaponize social media in ways that make it easier to target specific professionals within an organization.
More troubling still, it appears more cybercriminal gangs are starting to build their own infrastructure rather than rely on existing ransomware-as-a-service platforms. Cybersecurity teams should expect to see more self-reliant cybercrime groups emerge in 2022 in the wake of the Colonial Pipeline attack that caused some cybercrime forums hosted by ransomware service providers to ban cybercriminals from advertising their capabilities. Many of the cybercriminals that relied on those services will build their own platforms if they have the ability.
The cybersecurity threat landscape is, of course, always evolving. The challenge is the pace of change within IT environments has increased to the point where the attack surface that needs to be defended has also increased exponentially. In addition to cloud platforms, more workloads are starting to be deployed on edge computing platforms. Many of those workloads make extensive use of artifacts based on containers that need to be secured differently than traditional monolithic applications running on a hypervisor.
In response to the attacks being launched, there’s little doubt about the need for additional levels of automation augmented by machine learning algorithms and other forms of artificial intelligence (AI). However, none of those technologies will eliminate the need for cybersecurity professionals. Instead, the goal will be to enable those cybersecurity teams to do a lot more at a time when the cybersecurity skills shortage remains as acute as ever.