Are you preparing to get in the ring and fight for your 2022 security budget? Business security is important, and allocating the right resources to safeguard against potential threats is a key defense.
Learn how to save money and secure assets. Where can you start?
Wednesday, October 27, 2021 at 12:00 PM, hear from the following security professionals as they discuss their experiences approving and securing budget:
- Julie Cullivan, seasoned security executive and former CIO
- Andrew Obadiaru, Cobalt CISO
- Dan Tyrrell, Manager of Professional Services at Cobalt
- Caroline Wong, Cobalt CSO
Join us for Winning the Security Budget Fight: How to Get Funding Every Time for a live, interactive panel discussion with security experts to ensure you are ready to knock out your upcoming budget battle.
And — as a sneak peek, read about emerging trends in the cybersecurity space from the perspective of panelist Dan Tyrrell:
1. What do you think the prevalent threats will be in 2022? Supply chain attacks will continue to be a problem moving into 2022 and beyond. The Solarwinds attack was eye-opening to many information security professionals, and, I am sure, attackers alike. The ability to have a one-to-many breach scenario is too enticing for attackers to pass up.
2. Do you think certain industries will be more targeted than others? If yes, why? I feel like supply chain attacks, as previously mentioned, will continue to focus on large software companies that provide critical services to thousands of companies. Outside of supply chain attacks, I believe that healthcare providers will continue to be targeted. Specifically with ransomware. When lives are on the line there is a higher chance that the attackers will get paid from something like a ransomware campaign. Additionally, critical infrastructure will continue to be a target for nation-states.
3. Do you expect to see changes in how teams prevent or test for vulnerabilities? I have seen a greater emphasis, and rigor, placed on what companies expect from their critical suppliers when it comes to security controls. Additionally, I have seen a lot of companies ramp up their vulnerability detection and patching programs. These enhancements are focused on both frequency and depth of testing. Companies want to pentest more and engage in advanced exercises like red team engagements. I have also seen a shift towards companies testing their true attack surface, versus what is required for regulatory and compliance purposes (ex. A medical device manufacturer having their embedded systems tested in addition to their networks, apps, APIs, and infrastructure).
4. Do you expect any changes in the security tool landscape? Absolutely. New tools are coming out on a regular basis trying to solve problems that are otherwise cumbersome to solve. We see the emergence and adoption of XDR, Zero Trust, and more. That trend will continue, both adoption and the releases in new security tools to solve old security challenges.
5. Do you think ransomware will continue to be such a threat? And if so, how can companies combat it effectively? Yes. It will continue, but be more targeted. It is generally accepted that there are a few key controls you can put into place to limit the impact of ransomware. Controls like regular backups, failover, and recovery testing, EDR, pentesting, etc. All of these controls help close a gap in security and help reduce the likelihood and impact of ransomware. The problem is that a lot of companies are not doing these things, or feel like they could not be a target for ransomware groups. The stronger the overall security posture of an organization, the less likely a ransomware attack is to hit them. The more resilient an organization is, the less impact a ransomware attack will have.
6. Is there anything else you would like to share? It’s hard to say for sure, but I am actually optimistic that 2022 will be a better year for security. I feel like the story of 2020 and 2021 was companies scaling back their spending due to the pandemic. Many companies, especially the ones I talk with, are back to full capacity with their budgets; if not spending more aggressively going into 2022 and beyond.
Dan Tyrrell is an information security and technology expert with extensive experience in both areas: 14 years in IT and 6 years in InfoSec. He's led numerous teams from the ground up in the software industry, and is currently building out the Professional Services function at Cobalt, aiming to help customers maximize the value of their pentests and strengthen their overall security programs.