Winston Churchill said, "Generals are always prepared to fight the last war."
He said this like it was a mistake.
But in cybersecurity, we must always be prepared to fight the last war, every last war - even as we're preparing for what comes next.
Because the cybersecurity equivalents of bows and arrows remain a threat. The OWASP Top Ten still has a lot in common with the list first released in 2003.
So my top prediction -- and the prediction of dozens of experts I contacted for this story -- is that we're going to keep seeing all the same threats we've been seeing all along. Just more of them, delivered faster, and with more automation and efficiency.
But what about the new stuff coming at us? If you're a data center cybersecurity manager, here are some emerging threats to watch out for.
Ramsomware gangs will go after IoT devices
In 2021, ransomware gangs went after critical infrastructure -- water treatment systems, food and agriculture plans, and the Colonial gas pipeline. Having been successful in this area, attackers will go after IoT devices next, experts say.
"These campaigns will attempt to take over everything from security cameras to diabetes monitors to point of sale devices, often by stealing machine identities," said Kevin Bocek, VP of security strategy and threat intelligence at Venafi. "And because IoT depends on machine identity, individual things don’t need to be targeted, just the service providing software updates and command-and-control. This will be the new face of ransomware in the enterprise IoT age."
Unfortunately, defending against IoT attacks is difficult, especially because many devices currently in use were not designed with security in mind.
"Updating software on devices is a time consuming process and in some cases not even possible because regular updates were not part of product design," said Thanassis Avgerinos, co-founder and VP of engineering at cybersecurity vendor ForAllSecure.
As the number of network devices explodes, these attacks become even more appealing, since they are low effort and high reward, he said. "Better upgrade processes and continuous security testing throughout the development lifecycle will help, but that is still a few steps away for several products."
As computing moves to the edge, so should security, said Wendy Frank, cyber 5G leader in the Cyber and Strategic Risk practice of Deloitte Risk and Financial Advisory.
And the security should be built not just into the devices themselves, but into the AI and machine learning apps running on these devices.
"Taking a cyber-aware approach will also be crucial as some organizations begin using 5G bandwidth, which will drive-up both the number of IoT devices in the world and attack surface sizes for IoT device users and producers," she added.
Ransomware gangs will go after cloud environments
Many companies have been moving their data centers to the cloud, where they have been -- relatively -- safe from ransomware.
But the attackers are sitting on giant war chests right now, and have plenty of resources to invest in developing new kinds of attacks.
And, the same way that bank robbers rob banks because that's where the money is, attackers will go after clouds because that's where the data and corporate systems are.
That means they'll move beyond Windows-based ransomware strategies, said Bill Swearingen, security strategist at IronNet.
They'll be targeting both cloud platforms and software-as-a-service environments, he said, with new Linux ransomware and cluster-based ransomware.
"The U.S. cybersecurity community will need to enhance its defense capabilities in cloud environments to effectively combat them," he said.
And simply relying on cloud vendors to take care of security issues is not a good strategy, said James Campbell, CEO and co-founder at Cado Security.
"Tools from the leading cloud security providers are no longer sufficient on their own to keep the cloud secure amidst the growing attack surface," he said. "It's becoming clearly evident that a layered approach is required."
"The platform providers have certain security responsibilities," said Campbell. But both Azurescape and OMIGOD demonstrate that cloud providers are not infallible, and organizations need to take additional security measures.
"In addition, organizations must take responsibility for setting alerts to be notified if vendor credentials are used for anything outside of normal operations," he said.
Attackers will start using AI to scale up dramatically
As long as attackers have to spend time inventing new attacks that bypass defense mechanisms, there will be a limit to how much they can scale their attacks.
But AI and machine learning tools are now widely available, and we've already seen indicators that adversaries have been experimenting with them to build new kinds of attacks.
In 2022, they will start to commercialize the next generation of smart attack tools, said Chuck Everette, director of cybersecurity advocacy at Deep Instinct.
"Common cyber criminals will have access to, and will be using, adversarial AI techniques to bypass and confuse traditional security solutions," he said.
The new tools will include sophisticated polymorphic and metamorphic components, he said, random code insertion, encryption and decryption routines, multi-packers, instruction permutation, code transformation, anti-debugging, virtual machines, and registry alteration. These threats will grow in sophistication at a break-neck pace, he said.
But defenders can use this technology as well.
"In 2022, we will see a surge of innovation as vendors apply machine learning to a range of persistent cybersecurity problems," said Josh Lospinoso, CEO and co-founder at cybersecurity vendor Shift5.
That includes phishing attacks, unusual network traffic, and business email compromises, he said.