Cybersecurity – How to Stay Ahead in 2022

Staying ahead with cybersecurity in 2022 is as great a priority as it has ever been. With new penalties in place for data breaches, security is critical to business survival. The challenges of the pandemic and resultant shift towards hybrid working have given security leaders much to consider as they adjust policies and protocols for this new environment.

To learn how to keep pace with increasingly advanced threats, we held a Twitter Q&A session hosted by one of our #KingstonCognate influencers, Prof. Sally Eaves. She was also joined by our community of experts, giving us some valuable insights and predictions for the coming year.

Evolving cyberthreat: The how, why and where

With the global switch to remote working and the rapid expansion of user devices for each network came a threat landscape that vastly widened overnight. In addition, cyberthreat expansion and the associated risk has the potential to exploit newfound vulnerabilities along myriad new attack vectors:

• Supply chain challenges
• Industry talent gaps
• Emerging technologies like IoT
• The abundance of available disinformation

Prof. Sally Eaves (@sallyeaves) also observes: “Cybersecurity as a service is rising too - for example $250 Attackers are for Hire Per Job (& Up!) Denial of Service circa $311 per month. The list goes on - the growth of the cybercrime economy is significant.”

Along with increasing threats, attack frequency and sophistication are also on the rise. But why the change? “Ransomware, identity theft, social engineering and critical infrastructure failures are cybercrimes suitable for the digital era as human behavior and interaction are increasingly influenced by technology” says Giuliano Liguori (@ingliguori).

Perhaps the most striking difference is that company size is no longer important. In the "good old days," big fish such as enterprise networks were the target. Now everybody is a potential victim.

In Bill Mew’s (@BillMew) view, “It is an ongoing cybersecurity arms race with both sides using AI and other advanced tech. As fast as the white hats use it to find and patch vulnerabilities, the black hats use it to find and exploit them”.

The role of endpoint cybersecurity

Securing endpoints plays a very important role in the cybersecurity health of any organization. As a starting point, a focus on data loss prevention is critical, looking at the data that exists locally with your employees. Encrypted USBs can be very effective here, helping ensure that sensitive data can be stored and transferred securely.

Roland Broch (@rolandbroch) recommends that “all endpoint devices should ideally correspond to a defined security level and comply with the company's compliance requirements.” Since an endpoint can be any device that connects with IT from outside its firewall, every point is a potential point for attack - and therefore needs to be secured and managed. Elena Carstoiu (@elenacarstoiu) highlights that this is especially critical “in a business world that allows BYOD at work with the very same devices one uses with random Wi-Fi networks and in various usage scenarios.” Endpoint detection and response (EDR) is a growing field, with endpoint security solutions in great demand, likely driven by the expansion of traditional centrally managed enterprise networks. However, when the cyber ‘weakest link’ is the user operating the endpoints, how do you get the balance right when it comes to control? “Lock it down too much and it is a barrier to productivity, leave it too open and it is a hacker’s invitation!” says Nigel Tozer (@NigelTozer).

So, what is the answer?

Kate Sukhanova thinks “encryption should be the default - but it must be combined with zero trust as it offers little defense against social engineering on its own.” New technology is also playing its part, with “operating systems such as Android and iOS now building in endpoint protections such as biometric ID, password management, together with support for multi-factor authentication” observes Rafael Bloom. Some endpoint protection platforms use sophisticated methods such as machine learning to automate investigations.

With all of this taken into account, is there a finish line? Perhaps not, according to Prof. Sally Eaves. who thinks there is a heightened risk that may continue to grow. “Alongside endpoint choice, flexible working and apps everywhere means once-traditional trust boundaries using perimeter security simply no longer exist.”

Endpoints are not “yours” anymore, with Bill Mew in agreement believing that “there is no silver bullet or absolute guarantee (even the NSA got hacked)”. He concludes instead that a combination of risk awareness, cyber hygiene and intelligent use of tech and methodologies like zero trust, SASE and EDR solutions will be your best bet in protecting your ever-evolving endpoint security landscape.

At Kingston Technology, we consider ourselves trusted advisors in the encrypted USB space. We know that planning the right solution requires an understanding of security goals. Our Kingston Ask an Expert team can help you mitigate risk with our encrypted USB solutions. Kingston Is With You, no matter what you do, working to support your business needs. While 2022 may be full of unexpected challenges and opportunities for organizations, we are confident that our solutions can support businesses in any of their technology challenges.

#KingstonIsWithYou