Cyber Predictions 2022 | K2 Integrity
Where We Stand
This year kicks off against the backdrop of the security flaw found in Log4j, a system-logging code library widely used in applications and services across the Internet. In the aftermath of this crisis, a new set of cybersecurity problems for technical and security teams have emerged. While it’s still too soon to tell just how much damage it has done (or will continue to do), it’s clear that the Log4j vulnerability has the potential to become the most significant threat seen on the Internet for years.
This is due to three reasons:
- Its pervasiveness—Log4j is widely used by developers and bundled in various vendor products.
- Its ease of exploitation—compromising a vulnerable system is often easy but patching the vulnerability is complex.
- Its severity—once a system is compromised the attacker has total control to run whatever malicious code they choose.
Patching vulnerable systems has always been challenging for IT teams under pressure to maintain uptime. This struggle persists and is becoming more difficult. With Log4j, the challenge is finding what is at risk. This is particularly difficult for small to medium-sized enterprises (SMEs), who may not have dedicated IT resources to keep on top of the patching cycle or the capabilities to respond to zero-day exploits.
It is estimated that 60% of small companies go out of business within six months of a cyber-attack1.
This is likely to lead to further outsourcing of cyber services to managed security services providers (MSSPs); when selecting such security partners, businesses will need to exercise caution to ensure that the chosen partner fits their needs and has the experience appropriate to their environment.
To plug security gaps, organizations will continue to increase their spend on information security and risk management technologies and services, as they continue to deal with remote working and cloud security risks. A recent Gartner survey2 reports that 61% of organizations view cybersecurity as their top priority for new spending, with a further Gartner study3 reporting that 88% of boards now view cybersecurity as a business risk, rather than a technology risk. Communicating a return on…