While most approaches to cybersecurity remain stuck in the past — using rules, signatures, and other historically defined understandings of threat — best practice these days is to keep your focus forward, preparing for the unknown and the unpredictable. In that spirit, Darktrace anticipates what 2022 will bring, both in terms of the threat landscape and for evolutions in defensive technologies.
1. Explainability Improves the Relationship Between Humans and AI
While artificial intelligence (AI) has revolutionized cyber defense by detecting the attacks humans can't see and even taking autonomous action to neutralize threats, it is still important to keep the human in the loop. Focusing on augmenting the human with AI is just as important as the cutting-edge mathematics that drive AI.
The relationship between humans and AI can be improved with explainable artificial intelligence (XAI). In cybersecurity, this means delivering the insights of AI to the security team on a silver platter — that is, in human-readable language and clear diagrams rather than abstruse code. This involves methods such as natural language processing (NLP), AI-driven investigations, and AI-recommended remediating actions.
Ultimately, the aim is not just to reduce time to detection, but also to use AI to reduce time to meaning. XAI helps achieve this by shining a light into the "black box" of sophisticated AI security technologies, effectively enhancing human understanding rather than merely alerting them to threatening behavior.
2. Ransomware Increases in Volume and Variety
The year 2021 saw ransomware triple in the US and double in the UK. The US Department of Homeland Security confirmed that ransomware is a major threat to national security. The significant disruption that ransomware inflicts upon businesses and critical infrastructure was made clear last year, with major attacks against JBS Foods and the Colonial Pipeline, to name just two.
Unfortunately, ransomware is not going away anytime soon. Not only will the number of ransomware attacks likely increase, but a wider variety of paths will open to attackers. For example, cloud service, backup, and archiving providers will provide a path for ransomware threat actors to effectively encrypt data and spread laterally.
Organizations must shift their focus toward fighting ransomware once it gets into their systems, rather than simply bolstering perimeter protections. This means turning to technologies that actively learn bespoke environments, make micro-decisions, and launch proportional responses to contain the attacks before damage is done.
3. Supply Chain Attacks Dig in Their Heels
From Solarwinds, Kaseya, and GitLab to Log4j, supply chain attacks are here to stay. The software supply chain, in particular — including developers, platforms, and providers — gives attackers a means of evading perimeter defenses entirely by first compromising trusted third-party suppliers. This allows attackers to infiltrate governments, businesses, and critical infrastructure.
Attackers will continue to poison the software supply chain, compromising source code that is proprietary, repositories used by developers, and libraries of open source code. They will also use email attacks to leverage the trust of reputable organizations, as was seen with the recent FBI hoax email blast.
When attackers start to embed themselves into the development process from its onset, organizations will essentially be eating poisoned fruit. Therefore, subtle signs of attacks need to be identified at their earliest stages and tracked alongside their escalation throughout an enterprise. These capabilities can be readily achieved with AI technology.
4. Defenders Proactively Simulate Attacks With AI Innovations
Detection, investigation, and response to cyberattacks have all been revolutionized by AI innovations. In 2022, we will see attack simulations and proactive security also transformed by novel AI technologies.
AI will empower organizations to take a proactive and predictive approach to cybersecurity. Modeling attack paths, simulating adversaries, and red teaming continuously have all been enabled by recent advances in AI. This means that organizations can anticipate likely threat situations and minimize risk by implementing safety measures and controls. In this way, emerging technologies will allow organizations to shift from protection and prevention to proactive defense, using AI to sniff out vulnerabilities, undertake controlled attacks, and put their defenses to the test.
5. Insider Threats Abound With the 'Great Resignation'
The much-discussed Great Resignation will undoubtedly lead to a higher number of insider threats as employees either intentionally or unintentionally take sensitive information along to their new jobs. The Great Resignation also indicates an increasing number of disgruntled employees who are more likely to be recruited to intentionally undertake insider threat by cybercriminal syndicates or nation-states.
To combat this, organizations need technology that understands behavior across their sprawling digital environments, from cloud and software as a service (SaaS) to users and their endpoints. When an employee acts in a highly unusual fashion, this technology can take autonomous action to prevent them from doing something malicious, whether or not they intend to.