Editor’s note: This is the final in a weeklong ISACA Now blog series looking ahead to top priorities in 2022 for practitioners in digital trust fields. See previous posts from the series here.
Regardless of where somebody specializes in the IT field – whether an audit, risk, privacy, governance or security practitioner – the impact of emerging technology is becoming increasingly relevant.
As we look toward 2022, the evolution of emerging technology will play a prominent role for an array of technology professionals and their organizations, particularly given the wide-ranging implications of emerging technology on the threat landscape. Below are three key emerging technology-related priorities that should be top-of-mind for professionals as we look toward 2022:
Priority #1: Beware of More (Unsupervised) Machine Learning in the Attack Vector
In 2022, expect attackers to use unsupervised machine learning to attack in an unmanned way. Algorithms will be self-capable of deciding the best course of action for an attack, scanning a network, looking for the right vulnerability in an environment, choosing when to deploy the attack … in a way, it’s Sun Tzu’s ‘The Art of War’ with a cyber perspective.
These types of attacks will bring a “democratized” way of attacking and will enable economies of scale in attacks.
Unfortunately, algorithms and automation are brought into the attack vector and cybercriminals can use these techniques to enable non-human intervention attacks. Besides, different criminal organizations can “democratize” attacks by lending tools and scripts to groups of smaller sizes so these ones attack one specific region of the world or industry … and they share profits. This can only be done by leveraging orchestration and automation through the use of unsupervised machine learning that learns by observation rather than by actually training.
Priority #2: Address Identity
Identity powers everything, and in this IoT epoch, it will be critical to address the needs of entities, machines and things requesting to be “someone in the network.” This will fuel the whole user and entity behavior analytics (UEBA) dimension in which a machine, a script, a “thing,” will declare an identity in the network and, consequently, rights, entitlements and accesses.
Practitioners will also need to control how a machine can impersonate another entity.
When we combine this IoT (Internet of Things) with IoB (Internet of Behaviors), it brings an interesting angle that has to do with collective psychology, analytics, patterns, abnormal activity, etc. This will give birth to another type of IoT: the Internet of Threats (or the Internet of Trouble).
Priority #3: Harden and Fortify Applications Before Being Deployed in the Cloud
There is little question that because of computing power and potential anonymity, the cloud will increasingly be weaponized, raising the prominence of the concept of dark or black clouds.
A long time coming, the critical practice of hardening applications before they are deployed in the cloud will become even more relevant in 2022. Apps will need to be sanctioned and approved before being deployed and used.
There is also an important connection in the DevSecOps world, resulting in more automations and associated risks. This may create a world of two or three speeds when it comes to using apps, especially in the cloud.
Preparing for the Emerging Tech Landscape
Virtually all of us who work in the IT and security realm today have become emerging technology professionals. The emergence and increased implementations of AI, cloud services, the IoT and much more are recalibrating our roles and posing new complications while simultaneously creating new opportunities for innovation.
By being continuous learners and seeking out available resources from ISACA and other learning organizations, we can be prepared for whatever twists the emerging tech landscape has in store in 2022 and beyond.