Cybersecurity Lessons from 2021 Push for Investing Trends in 2022 [Weekly Cybersecurity Brief]

As we get closer to 2022, we continue to examine the year we just experienced. Capping out 2021, we are looking at some of the major events and the lessons they taught and are still teaching, including the importance of investing in cybersecurity.  

In a year that was filled with large-scale cybersecurity incidents, one of the biggest has hit just as 2021 comes to a close. In last week’s Cybersecurity Brief, we covered the news of the Log4j flaw. Since then, detail and concern over the critical vulnerability has expanded. Log4j is a Java-based software that “is one of the most popular logging libraries used online, according to cybersecurity experts,” as Jennifer Korn at CNN explains. After discovering that there was this serious flaw, entities using the software, like Apple’s cloud computing service and the popular video game Minecraft, quickly acted to patch the issue. However, the number of organizations affected has only grown. CNN reports that it was recently concluded that more than 100 attempts to take advantage of the vulnerability were occurring per minute. This figure is likely because Log4j is open-source and free, plus it is widely utilized by some of the largest companies such as Apple, IBM, Oracle, Cisco, Google and Amazon. Experts worry that hacking cases will only continue to spread. According to Microsoft, there have already been exploitative tries from state-backed hackers from China, Iran, North Korea and Turkey. Jen Easterly, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), stated that this was “one of the most serious flaws” she has seen. In order to help with the situation, the CISA announced that it will launch a public website with updated information.

As Ina Fried writes for Axios, “…the current Log4j flaw shows just how vulnerable our digital systems are.” But, as we know, Log4j isn’t the only occurrence in 2021 that exposed our cybersecurity insecurities. The increase in nation-state hacks, ransomware threats, targets placed on governments and industries such as healthcare, cryptocurrency concerns and events like the Colonial Pipeline attack have all proven that cybersecurity needs to be a significant focus. There are examples that influencers and leaders are starting to pay the attention deserved. The Axios article points to the fact that Foreign Affairs recently devoted an issue to the topic and the J.P. Morgan International Council designated it as one of the foremost threats facing businesses and governments. As more solution-oriented decisions and legislation are proposed though, especially between those two parties, some are also calling for greater international agreements. And it’s no secret that a shortage of cybersecurity professionals still haunts the field.

In order to address such challenges, one of the most important actions in 2022 will be to further invest in cybersecurity. CSO has summarized the spending trends predicted to unfold in the new year. According to CSO’s 2021 Security Priorities Study, “44% of security leaders expect their budgets to increase in the upcoming 12 months,” which is a bit of an increase from last year’s 41%. The rise in cybersecurity threats alone is not the only driver of this investing growth. Surveys also found that pressure is coming from external communities like customers, partners and regulators as much as they are coming from the internal operative teams. The CSO study concluded that 49% listed compliance, regulations, or mandates as a determining factor for cybersecurity fund allocation. Of those funds, CSO identified “on-premises infrastructure and hardware,” “skilled staff” and “on-premises tools and software” as the leading areas for distribution. 

If you are interested in learning more about why organizations should enhance their cybersecurity investments, read my post on the “10 Great Benefits of Investing in Cybersecurity.”

Key Takeaways:

“The Log4j security flaw could impact the entire internet. Here’s what you should know” – Jennifer Korn, CNN

https://www.cnn.com/2021/12/15/tech/log4j-vulnerability/index.html

  • As detail over the Log4j flaw expands, CNN reports that it was recently concluded that more than 100 attempts to take advantage of the vulnerability were occurring per minute.
  • Experts worry that this number is likely to grow.
  • Jen Easterly, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), stated that this was “one of the most serious flaws” she has seen.

“2021 was the year cybersecurity became everyone’s problem” – Ina Fried, Axios

https://www.axios.com/2021-cybersecurity-ransomware-cyber-attack-91ccc592-b611-4825-8e0a-65e37d06a450.html

  • Throughout 2021, the increase in nation-state hacks, ransomware threats, targets placed on governments and industries such as healthcare, cryptocurrency concerns and events like the Colonial Pipeline attack have all proven that cybersecurity needs to be a significant focus.
  • As more solution-oriented decisions and legislation are proposed though, especially between those two parties, some are also calling for greater international agreements.
  • The cybersecurity talent shortage will also continue to be a challenge that needs to be further addressed.

“Cybersecurity spending trends for 2022: Investing in the future” – Mary K. Pratt, CSO

https://www.csoonline.com/article/3645091/cybersecurity-spending-trends-for-2022-investing-in-the-future.html

  • According to CSO’s 2021 Security Priorities Study, “44% of security leaders expect their budgets to increase in the upcoming 12 months,” which is a bit of an increase from last year’s 41%.
  • The CSO study concluded that 49% listed compliance, regulations, or mandates as a determining factor for cybersecurity fund allocation.
  • The leading areas for funds were “on-premises infrastructure and hardware,” “skilled staff” and “on-premises tools and software.”
Share

You Might Also Like...