10 Emerging Cybersecurity Trends To Watch In 2022
A variety of new cybersecurity threats, technologies and business models have emerged as the COVID-19 pandemic dragged into its second year and criminal gangs became more brazen than ever before.
More Brazen Than Ever Before
A flurry of new threats, technologies and business models have emerged in the cybersecurity space as the COVID-19 pandemic dragged into its second year and cybercriminals became more brazen. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), and XDR (extended detection and response) to ensure remote users and their data are protected.
Adversaries have taken advantage of a lack of risks and repercussions by targeting customers in the victim’s supply chain and doing the bidding of their government sponsors through nation-state attacks. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while the nation grapples with the implications of a crippling attack on critical infrastructure.
Private equity firms opened their wallets wider than ever before for cybersecurity companies in 2021, spending $41.3 billion to scoop up more than 19,200 employees from seven legacy firms and late-stage startups. Outside investment has also trickled down to early- and mid-stage startups in fast-growing areas of cybersecurity such as application security, cloud security, and OT security.
Keep reading to learn what CRN thinks the 10 biggest cybersecurity trends of 2022 will be.
Application Security
Lots of cash has flown into the application security market over the past year to help prevent data or code within applications from being stolen or hijacked. Application security encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed, according to VMware.
Salt Security raised $70 million to boost runtime protection and security earlier in the development lifecycle, and Illumio raised $225 million to make its products more operationally friendly for MSSPs. Snyk raised $530 million to enhance the functionality of its Developer Security Platform, while Invicti Security received a $625 million investment from Summit Partners to drive more product automation.
Established players have sought to break into the application security market via acquisition, with JFrog buying security startup Vdoo for $300 million to secure the full software lifecycle through DevSecOps. Then in September, Akamai bought Guardicore for $600 million to cut threat surface and risk exposure by limiting user access to only applications that are authorized to communicate with one another.
Authentication Abuse
CrowdStrike has become one of Microsoft’s most vocal security critics, with Kurtz blasting “systemic weaknesses in the Windows authentication architecture” for exacerbating the impact of the SolarWinds hack during written and oral testimony before the U.S. Senate in February. Shortcomings in how Microsoft authenticates credentials have been replicated in the cloud, furthering customer pain, he said.
“In other technologies, you can’t necessarily just steal passwords and use those encrypted passwords to authenticate to something,” Kurtz told CRN in July. “But in the Microsoft world, you literally can steal an encrypted password, without even decrypting it, and pass that hash to another Microsoft system and access the system as if you knew what the password was.”
Russian hackers also developed a backdoor that exfiltrates sensitive information from compromised Microsoft Active Directory Federation Services (AD FS) servers. “What I cannot get is why customers still do not protect their AD FS keys in an HSM - if they still use AD FS. This was a key vector during the SolarWinds attack and the actor behind it is still chasing these keys,” said Microsoft’s Roger Halbheer.
Cloud Security
Cloud security has been one of the industry’s fastest-growing sectors, with vendors doubling down on technologies, policies, controls, and services that protect cloud data, applications, and infrastructure from threats. Palo Alto Networks has established itself as the dominant player with its Prisma Cloud platform, but other vendors are attempting to gain a foothold via acquisition or massive funding rounds.
Orca Security kicked things off in October, raising $340 million on a $1.8 billion valuation to enhance its detection capabilities and grow the size of its channel community. That same month, Wiz raised $250 million on a $6 billion valuation to extend its support beyond AWS, Azure and GCP. Then in November, Lacework raised $1.3 billion on a $8.3 billion valuation to pursue acquisitions and work with the channel.
Other vendors have entered the cloud security space via acquisition, with Fidelis Cybersecurity buying CloudPassage in May to improve at detecting and responding to threats. Then in September, Tenable bought Accurics for $160 million to remediate policy violations and breach paths and F5 purchased Threat Stack for $68 million to enhance visibility across application infrastructure and workloads.
Extended Detection And Response (XDR)
Extended detection and response (XDR) centralizes security data by combining security information and event management (SIEM); security orchestration, automation, and response (SOAR), network traffic analysis (NTA), and endpoint detection and response (EDR). Obtaining visibility across networks, cloud and endpoint and correlating threat intelligence across security products boosts detection and response.
Longtime industry players have strengthened their XDR muscle via acquisition over the past year, with Barracuda buying Skout Cybersecurity to give MSPs the technology and manpower needed to respond to cyberthreats, Sophos purchasing Braintrace to get visibility into suspicious network traffic patterns, and IBM agreed to purchase ReaQta to automatically identify and manage threats on the endpoint.
Outside money has flown into companies focused on detection and response, with Arctic Wolf raising $150 million in July to grow its presence in the orchestration, remediation, deception, and cloud security spaces by making between several acquisitions over the next year. Similarly, Cybereason in July raised $275 million to double its headcount and pursue acquisitions in the XDR and cloud security markets.
Nation-State Attacks
Nation-state attacks are malicious cyberattacks that originate from a particular country and are an attempt to further that country’s interests, according to Microsoft. Such attacks are fueled by geopolitical competition and a desire to gain an advantage over other nations, such as by stealing intellectual property for economic benefit or supporting traditional espionage.
Russia has been particularly aggressive over the past year, with Microsoft revealing that the Russian foreign intelligence service (SVR) had targeted more than 140 IT resellers and service providers and compromised as many as 14. More recently, the Ukrainian government has been hit by a destructive malware operation that’s disguised to look like ransomware but lacks a recovery mechanism.
Outside of Russia, Iranian hackers have exploited Fortinet and Microsoft Exchange ProxyShell flaws to gain initial access to systems in advance of follow-on attacks like ransomware. And in July, the Biden administration formally accused hackers affiliated with China’s Ministry of State Security (MSS) of exploiting Microsoft Exchange Server vulnerabilities in a massive cyberattack.
OT and ICS Security
Safeguarding critical infrastructure became a higher priority in the wake of the Colonial Pipeline ransomware attack. Much of that investment has focused on Operational Technology (OT) security, which is commonly used to protect Industrial Systems and networks from attacks, as well as protecting Industrial Control Systems (ICS), which are used to control and monitor industrial processes.
Dragos in October closed a $200 million round to drive secure intelligence sharing and expand its vertical and geographic presence. A month later, Armis closed a $300 million round to accelerate platform development, fund go-to-market initiatives and support future M&A. And Claroty raised $400 million in December to expand its capabilities beyond industrial and manufacturing and into healthcare.
Claroty used the proceeds from its funding round to purchase Medigate, enabling the company to offer robust security to hospitals and life sciences firms spanning both industrial systems and medical devices. And Microsoft bought ReFirm Labs to allow device builders and customers to discover, protect and assess device risk at the firmware and network levels as well as patch devices via a cloud offering.
Private Equity Acquisitions
Private equity goliaths spent $41.3 billion on major cybersecurity acquisitions in 2021, scooping up more than 19,200 employees from an assortment of legacy firms and late-stage startups. In the largest cybersecurity acquisition in history, a group of private equity and investment firms led by Advent and Permira agreed in November to take consumer cybersecurity giant McAfee private for $14 billion.
Email security has found itself in the center of the private equity crosshairs, with Thoma Bravo buying Proofpoint for $12.3 billion in August in the second-largest cybersecurity deal of all time and Permira agreeing in December to buy Mimecast for $5.8 billion. Elsewhere, Bain Capital and Crosspoint Capital teamed up in June to purchase network detection and response vendor ExtraHop for $900 million.
A pair of private equity firms have focused on consolidating rival firms with overlapping capabilities, with Symphony Technology Group (STG) buying McAfee Enterprise for $4 billion and FireEye for $1.2 billion and bringing their XDR capabilities together to form Trellix. And in the identity space, TPG Capital bought Thycotic for $1.4 billion and Centrify for $900 million and combined the two organizations.
Ransomware Attacks
Victims of the 10 biggest cyber and ransomware attacks of 2021 were hit with ransom demands totaling nearly $320 million, and reportedly paid the ransom in at least four cases. Four of the largest ransomware victims are in the technology space, while the remaining span verticals from financial services, healthcare, and automobile manufacturing to food production, oil and gas, and chemical.
Four of the biggest ransomware attacks were carried out by REvil, two were executed by Darkside, while Conti, DoppelPaymer, LockBit, and Phoenix were responsible for one massive attack each. Three of the victims are based in the United States, two are in Ireland, two are in Taiwan, with one victim in Brazil, Germany, and South Korea, respectively.
Vicious ransomware infections hobbled six of the world’s 50 largest solution providers since 2020—Accenture, Cognizant, CompuCom, Conduent, DXC Technology and Tyler Technologies. The six channel behemoths that succumbed to ransomware since 2020 have combined revenue of $91.14 billion and a joint market cap of $296.07 billion.
Secure Access Service Edge (SASE)
A Secure Access Service Edge (SASE) architecture combines a software-defined wide area network (SD-WAN) or other WAN with multiple security capabilities, securing an organization’s network traffic as the sum of those functions. SASE is both secure and direct, meaning that traffic from users’ devices is inspected at a nearby point of presence and sent to its destination from there, according to Zscaler.
SASE provides a fast, seamless user experience by having security enforced close to what needs securing. By defining security as a core part of the connectivity model and not a separate function, SASE ensures that all connections are inspected and secured, no matter where users are connecting, what apps they are accessing, or what kind of encryption is in use, according to Zscaler.
Funding in this space has been robust, with Netskope raising $300 million in July to aggressively expand both its platform and go-to-market to meet the strong demand for its SASE architecture. And McAfee Enterprise plans to stand up its Secure Service Edge (SSE) unit – which has cloud access security broker, secure web gateway, and zero trust network access assets – as a separate business with its own CEO.
Supply Chain Security
The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with Russian foreign intelligence service (SVR) hackers compromising nine elite U.S. government agencies and roughly 100 prominent private sector companies through a malicious Orion update.
More recently, the REvil gang exploited a flaw in Kaseya’s on-premise VSA RMM tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers. And a critical vulnerability in Java logging package Log4j has sent shockwaves throughout the industry given how frequently that open-source library is used to develop enterprise software.
Industry players have turned to acquisitions to address the issue, with Aqua Security buying startup Argon in December to thwart third-party threats to the development environment and ensure the software supply chain is secure. Argon’s technology gives companies more control over who has access to their code and what code they’re allowed to input.