Taking a different direction with the world of technology predictions, CEO and Co-Founder Kyle Hanslovan (Huntress), says that too often people provide lists things they wish would happen in 2022 that probably will not happen.
Hanslovan seeks to take a more nuanced approach as to what really needs to change in the cyber community and specifically for small businesses. In relation to this, Hanslovan has provided Digital Journal with five so-termed “Hot Takes” for 2022.
HOT TAKE #1: IT departments will enable auto-updates on the basis of risk-versus-reward
According to Hanslovan: “Anyone in the cyber community has seen the internet go up in arms when a patch causes a problem. But what about all those times when patches work seamlessly? This hyper-focus on bad patches makes auto-updating seem like the devil, when in reality patches are released every day that not only work seamlessly, but help keep your critical assets under lock and key. But let’s say you’re still cautious and decide you want to test the patch before you download it.”
Hanslovan adds: “Most businesses, large or small, don’t have the technology to accurately test the patches, so they choose time as their greatest validator. “Let’s see if the internet freaks out once this patch is released. If not, we’re good!” That type of thinking leaves a dangerous door open. Patches are often carefully constructed to fix vulnerabilities you might not even know exist. So while you’re waiting, you’re sitting there on a silver platter, vulnerable to any attack that a patch could have fought off. Don’t believe the hype – auto-updating is far more likely to keep you safe than it is to harm your network.”
HOT TAKE #2: SMB IT/Security teams will mature their security operations and adopt enterprise metrics
Hanslovan amusingly notes: “Snark aside, we really hope this one actually happens…though it sadly seems unlikely. There is a myriad of different acronyms we could talk about here, but Mean Time to Detect and Mean Time to Respond (MTTD and MTTR) are two phrases we hear a lot at the enterprise level and almost never at the MSP level – and there’s a reason for that. These things are hard to measure. It’s unlikely that a small company is going to get hit with a cyberattack and automatically jump to “let’s spend thousands of dollars on getting the technology and data we need in order to gather forensics on how long this attacker has been in our network.” Why? Because it’s frankly a distraction from their top priority, which is taking immediate action to work towards recovery. The most realistic course of action for 2022 is to take steps in the right direction.”
HOT TAKE #3: In 2022 people will use unique, strong passwords with 2FA across all applications
The reliance upon the password is changing, says Hanslovan: “Okay, the snark is back: password reuse is dead and everyone’s going to make complicated passwords. YEAH RIGHT. This one has been on the list for years in one capacity or another. The one thing that has changed in the past couple of years is the addition of two-factor authentication, and that’s a good thing. We are starting to see a lot of vendors require things like 2FA, but it’s not going to be widespread enough in 2022 to make credentials bulletproof.”
HOT TAKE #4: Technical folks will learn the differences between security offerings (AV, NGAV, EDR)
Hanslovan hopes for a clearer understanding of security, noting: “This one falls on vendors and practitioners alike. Let’s start with vendors: it’s not easy to understand what a product actually does when the SKU is changed every year. For example, Microsoft renames its Azure products all the time and no one can be expected to keep up with the name changes and relearn which products do what. Here’s a solution: come up with better names for your products that actually convey what the products do.”
He adds: “For practitioners, take the time to learn what you’re investing in and what you’re telling others to invest in. If you purchase a product from one vendor assuming that it has everything, you’re going to be majorly screwed when it comes time for audit season. You need to know what you’re signing up for.!”
HOT TAKE #5: MSPs will shift toward more mature and secure remote management solutions
Short and to the point from Hanslovan: “Good luck! Let us know where you find them.”