编者按: This is the final in a weeklong ISACA Now blog series looking ahead to top priorities in 2022 for practitioners in digital trust fields. 请参阅本系列之前的文章 在这里.
Regardless of w在这里 somebody specializes in the IT field – whether an audit, 风险, 隐私, governance or security practitioner – the impact of emerging technology is becoming increasingly relevant.
展望2022年, the evolution of emerging technology will play a prominent role for an array of technology professionals and their organizations, particularly given the wide-ranging implications of emerging technology on the threat landscape. Below are three key emerging technology-related priorities that should be top-of-mind for professionals as we look toward 2022:
Priority #1: Beware of More (Unsupervised) Machine Learning in the Attack Vector
In 2022, expect attackers to use unsupervised machine learning to attack in an unmanned way. Algorithms will be self-capable of deciding the best course of action for an attack, 扫描网络, looking for the right vulnerability in an environment, choosing when to deploy the attack … in a way, it’s Sun Tzu’s ‘The Art of War’ with a cyber perspective.
These types of attacks will bring a “democratized” way of attacking and will enable economies of scale in attacks.
不幸的是, algorithms and automation are brought into the attack vector and cybercriminals can use these techniques to enable non-human intervention attacks. 除了, different criminal organizations can “democratize” attacks by lending tools and scripts to groups of smaller sizes so these ones attack one specific region of the world or industry … and they share profits. This can only be done by leveraging orchestration and automation through the use of unsupervised machine learning that learns by observation rather than by actually training.
优先级#2:地址标识
身份决定一切, 在这个物联网时代, it will be critical to address the needs of entities, machines and things requesting to be “someone in the network.” This will fuel the whole user and entity behavior 分析 (UEBA) dimension in which a machine, 一个脚本, “一件事,” will declare an identity in the network and, 因此, 权利, 权利和访问.
Practitioners will also need to control how a machine can impersonate another entity.
When we combine this IoT (Internet of Things) with IoB (Internet of Behaviors), it brings an interesting angle that has to do with collective psychology, 分析, 模式, 异常活动, 等. This will give birth to another type of IoT: the Internet of Threats (or the Internet of Trouble).
优先# 3: Harden and Fortify Applications Before Being Deployed in the Cloud
T在这里 is little question that because of computing power and potential anonymity, 云将越来越被武器化, raising the prominence of the concept of dark or black clouds.
漫长的等待, the critical practice of hardening applications before they are deployed in the cloud will become even more relevant in 2022. Apps will need to be sanctioned and approved before being deployed and used.
T在这里 is also an important connection in the DevSecOps world, resulting in more automations and associated 风险s. This may create a world of two or three speeds when it comes to using apps, especially in the cloud.
为新兴科技领域做准备
Virtually all of us who work in the IT and security realm today have become emerging technology professionals. The emergence and increased implementations of AI, 云服务, the IoT and much more are recalibrating our roles and posing new complications while simultaneously creating new opportunities for innovation.
通过不断学习和 向ISACA寻求可用资源 以及其他学习型组织, we can be prepared for whatever twists the emerging tech landscape has in store in 2022 and beyond.
