Monday, January 17, 2022

2021 year in review – IT under attack

Had Charles Dickens been alive today, his famous work might have started with “It was the worst of times, and some other stuff was just disappointing.”

That’s what it seemed like as we did our classic editorial end of year recap for 2021. This year we surveyed our editorial group but we also invited a group of our readers to meet with us and validate our analysis. This was part of our new year’s resolution from 2020 – to engage more deeply with our readers and ensure that we were providing not just engaging, but more relevant content. We have put in place a process that allows us to take your feedback on all articles we publish, and many of you have shared your comments. We read each and every one.

These in person sessions allow us, at least virtually, to talk directly to our readers and hear what they have to say. Clearly, our year end group agreed – 2021 was a tough year for IT.

We also discussed the key technology themes/developments/stories of 2021 and we’d like to share those with all our readers. Here they are – at least as we see them. We’d love to have your opinion. You can share that with us at the end of the article; select the check mark for agreement or the X for disagreement. In either case, you’ll be asked if you also want to send your comments directly to our editorial team.

Ready? Here’s our analysis of the themes of 2021. If it’s too much to handle in one sitting, you can come back and jump straight to a section by clicking on its name in the table of contents.

Contents:
  1. Cybersecurity, privacy and compliance
  2. Workforce transformation and the Great Resignation
  3. Cloud outages and failures
  4. Supply chains choke
  5. Social media falls from grace
  6. Overexposure
IT under attack – cybersecurity, privacy and compliance

It’s no surprise that cybersecurity was the biggest news theme of 2021. Issues of security , privacy and compliance have been news for many years. But if prior years featured attacks and skirmishes, this year turned to all out war, with IT on the front lines.

Ransomware has been a special threat for years now. Malware that encrypts your data and demands an untraceable ransom in bitcoin is an evil, albeit creative synergy. Ransomware is also unique in that it is a business, and an exceptionally profitable one. The perpetrators are a well organized and professional set of cybercriminals. They are well funded and have more than technical resources – they have marketing, promotion and a perversely efficient “customer service”. A friend of mine who was at the time CIO of a large developer once quipped that the help desk that assists companies to learn to pay ransoms in bitcoin was better than anything he’d seen in corporate IT. This combination of factors has led to explosive growth.

As ransomware threats have grown, companies developed greater defences. Fundamental to this is better and highly tested backups, often with one version stored in read only format and unconnected to any systems or networks. To mitigate the need to pay ransom to recover encrypted data, white knights developed and posted decryption keys. We even saw the emergence of paid negotiators who were engaged to try to minimize ransom amounts.

In response, the ransomware crooks evolved. They developed new approaches such as “steal and reveal”, where they stole data before encrypting it and threatened to reveal it if not paid the ransom. Oftentimes they made good on their threats. If this failed to work, some added new threats like distributed denial of service attacks (DDoS) that rocked the internet with the attack volumes.

2021 brought a huge expansion and ramp up of these attacks. This massively expanded distribution featured what some might call a channel or franchise strategy. The cyber gangs provided the threat and infrastructure, but rented this out to let others deliver the attacks.

The attacks spread everywhere, taking down companies of all sizes, all industries and all sectors. They also went after targets that previously would have been unheard of or perhaps untouchable – hospitals, clinics and other critical infrastructure.

With this widespread threat, popular media picked up the story. Not a day went by without a new attack. Businesses were shut for weeks and even months. Costs were in the hundreds of millions of dollars. Cyber insurance premiums skyrocketed.

This struck fear into boards of directors, many of whom had previously seemed mildly oblivious to security threats. Suddenly cybersecurity was an existential threat to their businesses. Even legislators, who are often technically clueless, have been jarred to attention.

Yet, although ransomware was the poster child of 2021, it was only one of many threats. Phishing, social engineering, DDoS attacks proliferated as well.

But another insidious threat hit in 2021 which attacked what we could call the soft underbelly of IT. The so-called supply chain threat saw trusted suppliers of software and foundation libraries become targets. These attacks spread widely and hit every level of business and government. From Solar Winds to the year-end Log4j exploits, new threats spread across a massive number of applications and infrastructures. It left exasperated IT staff shaken – not knowing what or who to trust.

This is why 2021, in our opinion, is the year of IT under attack.

Privacy & compliance – business takes the hit

Since the prime threat in the new cyberwars is the theft and publication of private data, it’s not surprising to see an impact in the areas of privacy and compliance.

Once again, this is not a new story. Consumers have long been lax in giving up their data and privacy for free entertainment. According to a year end Washington Post poll, 82 per cent of them say the resultant ads are “annoying” and 74 per cent say they are “invasive” and 7 out of 10 people polled thought their phones were listening to them. Yet few, if any, were prepared to give up access to social media or mobile devices.

This has left governments struggling to figure out how to protect the public. While many different jurisdictions have announced and implemented regulation and legislation, the gold standard has been the European Union developed General Data Protection Regulation (GDPR). This set of regulations, with its strong process requirements, sent shock waves around the world as companies and even countries started to up their game to keep up.

GDPR proved to be an impetus for regulators in other jurisdictions, as countries across the world sought to update their own privacy legislation. If an entity as large and diverse as Europe could come to an agreement on standards, certainly other jurisdictions could as well.

Not necessarily. US reaction reflected the current political stalemate that has paralyzed its own federal government, leaving states like California and others to draft their own legislation. Ironically, Canada, the country where the concept of Privacy By Design was invented by former Ontario privacy commissioner Ann Cavoukian, has also failed to advance. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) legislation remains in serious need of an update and the Canadian government, in a minority parliament, has not been able to get a new bill passed.

There is a legitimate debate about whether regulation as stringent as GDPR is warranted, or good for business. But inconsistent or patchwork legislation and regulation create the only thing that business fears more than regulation – uncertainty.

Compliance 

The current patchwork and the climate of fear have created the worst of all situations. Rather than complying with clear standards, companies are trying to force suppliers to meet their own interpretation of regulations and best practices. Legal departments in serious CYA mode are issuing a raft of privacy and security certification documents, each one, in the absence of a standard, unique.

The result? As one CIO of a major Canadian company said recently, “I have one full-time person just dealing with these certifications from our customers.” In the current resource-strapped enterprise environment, we can sympathize, but what of the smaller companies who are struggling to be competitive in a COVID-19 world and can’t afford that extra resource?

Workforce transformation and the Great Resignation

2021 was the second year of work from home (WFH). Having tested the limits of the jobs that can be done remotely, businesses still managed to cope and some even reported increases in productivity. As the months went on, even the staunchest advocates of return to the office had to accept the “new normal”. We began to see large numbers of employees who indicated that they may not return to the office at all; 76 per cent of workers do not want to return to the office full-time according to Future Forum report from October of 2021.  An ITBusiness story noted that for tech workers, that figure was closer to 90 per cent.

Further, an Ipsos Reid poll from June of 2021 noted that close to 30 per cent of workers would quit if forced to return to the office.

In our second year, we saw the cracks appear. While the initial reporting on WFH indicated increased productivity, stress, isolation, and burnout threaten to erase those gains and perhaps drive productivity to lower levels. As one CIO remarked, “we may have developed the tools to work remotely, but we haven’t developed the culture.”

As the never-ending pandemic moved on, many employees began to question what they wanted from work. We began what has been termed “the great resignation”; employees were leaving their jobs in record numbers. No longer limited by geography and fueled by a labour shortage, employees were changing jobs for more money after years of stagnant wages. Some changed careers entirely, others simply exited the workforce. At a point when many older workers were extending their careers, a new “Silver Tsunami” of retirements has resulted in a mass exodus of experienced workers.

While this is a challenge for any group, the problem is particularly acute in IT. The IT resource market, already overheated, has become even more difficult, with turnover at an all-time high. With roughly a quarter of IT workers being Baby Boomers, the Silver Tsunami is a full-blown crisis.

And it gets worse. Last year, many companies were finding that they couldn’t recruit in highly skilled areas such as security staff. Too few qualified candidates led to salaries being raised to a point where budgets were stretched and existing salary scales were woefully inadequate, even at the highest ranges. Recently, a colleague confided that he has had a vacancy for a sysadmin for more than 5 months. Others have spoken of bidding wars for new talent that has increased salaries by 50 per cent or more.

Related:

Report reveals Canadian software developers dissatisfied with current salary | IT World Canada News

Yet even those who are willing and able to pay top salaries are not able to find the people they need.

Cloud outages and failures

It is ironic that the origins of the Internet came from experiments in how a communications network could survive a nuclear attack, and over the years, it has been the subject of many doomsday predictions. None of these digital Armageddons ever occurred.

Today, what we call the cloud has become a key part of our infrastructure and an essential component of the architecture of IT. We have noticed that discussions of the cloud are no longer simply about remote servers. They are sophisticated discussions of how the cloud fits into complex IT ecosystems. Having achieved almost universal acceptance and high levels of adoption, could it be that the cloud has finally shown its cracks and vulnerabilities?

This is the year that we all learned that a globally linked, Internet-dependent IT amounted to a single point of failure. We learned that DNS issues or even a relatively simple implementation mistake could take down not a single company, but a huge number of companies with global size and reach. We discovered that in an agile world where implementations happen daily and even hourly, the potential for error grows exponentially. As we write this, three large cloud provider data centre outages have occurred in the past two weeks – and those are just the ones that made the news.

Those cloud outages have reinforced how dependent we all are on uninterrupted and ubiquitous computing services. They also exposed how interdependent businesses and networks are. A cloud outage doesn’t just cause one company to go down – it takes down a large number of companies and their dependent suppliers.

Despite the fact that many of the big failures of the year which paralyzed cloud-dependent companies for hours and even days were not the result of a cyberattack but more often “carbon based” – human error – many companies are reassessing their cloud strategy. To be clear, this isn’t a retreat from the cloud, but it is a hard look at how to mitigate failures of what was previously thought as too big to fail.

Supply chains choke

Our world has been transformed into an internationally integrated and “just in time” supply chain. In 2021 we discovered the vulnerabilities this created. A single point of failure could cause large problems, even paralyze companies and entire industries.

The North American supply chain was already under the gun as the pandemic rolled on. IT was hit by a double whammy of increased fuel costs and a shortage of truck drivers. The pandemic closed borders, which interrupted integrated manufacturing in automotive and other key industries. These led to shortages and increased prices.

Then the global supply chain also demonstrated its vulnerability. A ship got stuck in a canal across the globe and worldwide supplies of critical goods, parts, and components were instantly halted. Because many were stuck on ships trapped in the canal backup, containers required elsewhere to ship goods were not available. Unexpected and unintended consequences turned interruptions into crises.

We also saw vulnerabilities appear in production. The consolidation of semiconductor manufacturing offshore meant that when one supplier had issues, it would lead to huge shortages of the chips that power the infrastructure of our digital economy. We needed new large-scale computers as well as PCs, monitors, phones, and other devices to equip a new work-from-home economy. Auto manufacturers lacked the chips that now are essential in cars. Appliance manufacturers faced similar issues. As of year-end, our podcast, Hashtag Trending, reported that memory chips were being scalped for as much as 5 times their original cost.

Thus one point of failure caused problems that rippled through companies, industries and economies. From a single fracture point, a shortage of key components held up growth and stalled progress. We learned that in addition to “just in time”, we might need another plan – “just in case”.

Social media falls from grace

In 2020 we became aware of how deeply social media had become part of our information fabric. In 2021 the impact of the spread of disinformation by social media became an enormous threat. A rumour that the US election had been stolen came close to bringing down a major western democracy. A third of the US population refused to take a vaccine which objective science shows decreases risk of illness and vastly diminishes risk of death. They chose instead to believe conspiracy theories from social media. People who claimed that the vaccine would allow Bill Gates to track them posted videos from their cell phones –  ironically, devices that could actually allow them to be tracked.

In 2021 we all learned that social media was not just an unwitting channel leveraged by some bad actors. It was not simply madness of the mob; media leaks and whistleblowers pointed out to us that this malevolence was a feature not a bug. The business model of social media led it to profit from the misuse of personal information. The algorithms that drove consumption favoured disinformation and antisocial behaviours, and they knowingly turned a blind eye as what their own studies acknowledged came true – young women were tragically victimized.

Facebook’s name change to Meta was just a final indication that social media platforms had not only come under scrutiny, there was a growing backlash against these giants, one not limited to Facebook. US politicians, many of whom are technologically illiterate, were expressing concern and even lashing out at not just social media, but the entire tech industry.

Related:

Overexposure 

Some things that made news in 2021 might be described by quoting another famous author, William Shakespeare, when he wrote: “full of sound and fury, signifying nothing.” Nothing might be a little extreme, but everything on this list got a lot of attention but delivered very little in terms of concrete results.

5G or not 5G?

The story of 5G seemed to be about everything BUT real-world stories of 5G actually in use. Protests and vandalism with burned cell towers (few, if any, that were 5G) spread from Europe to towers in Quebec. 5G became a political football as governments threatened to push Chinese players like Huawei out of their 5G networks. The year ended with someone marketing a device that you could wear around your neck that was supposed to block the harmful effects of 5G. One small problem – the device was radioactive.

The one bright spot was in marketing and phone sales. 5G phones were all the rage — although actual services were few and far between. Reasonable market observers were left with a question: will 5G finally realize its promise, or is it just an overhyped evolution of mobile infrastructure like LTE, which one analyst described as “marketing speak” for “not quite 4G”.

Windows 11

Windows 11 was perhaps the most publicized rollout since Windows 95 emerged with the Rolling Stones playing “Start Me Up”. For a rollout of this size, it was well managed and had an army of beta testers, making the final release relatively solid, although puzzlingly lacking some features from Windows 10. The biggest controversy centred around whether Windows 11 would actually run on even relatively recently purchased computers.

Related:

Do you really need to buy a TPM for Windows 11? | IT World Canada News

Windows 11 at a glance: Rounded corners, Snap upgrades, benefits for developers | IT World Canada News

Get ready for Windows 11 with these tips | IT World Canada News

Windows 11 release date announced; no Android app support at launch | IT World Canada News

Could it be that new software that leads to required hardware upgrades is no longer an accepted norm? We learned this year that 70 to 80 per cent of the carbon footprint of a new machine happens before the user gets the device, and comes from manufacturing and distribution. Will we question cost in environmental as well as budgetary terms? Time will tell. But even for those immune to these concerns, worldwide component shortages and lengthened delivery times make huge upgrades difficult.

A second controversy emerged about whether Microsoft would use Windows to try to increase the market share of their new chromium-based browser. Windows 11 made it more difficult to have anything but Microsoft Edge as your default browser. Will Microsoft try to put up barriers to other developers and software options? Again, time will tell.

Blockchain – missed potential?

Blockchain hit the stage with great potential to revolutionize ideas about trust, security and contracts in this digital age. Secure transactions by global consensus was the promise.

What we actually got in 2021 was quite the opposite. The year was full of stories of new global currency speculation which sounded more and more like the tech bubble of 2003 or the mortgage securities bubble that led to the financial collapse of 2008.

Around the new Teams and Zoom digital water coolers, the chat was about crypto-currency values and who had bought what, at what price. Speculators rode a roller coaster of ups and downs with every tweet from Elon Musk.

Get rich quick schemes went beyond speculation as social media influencers promoted the virtues of cryptocurrency mining to unsuspecting individuals who were highly unlikely to see real returns from their hardware and purchases.

Non-fungible tokens (NFT) initiated bidding crazes for “guaranteed original” versions of just about anything. Tim Berners Lee sold a copy of the original source code for the World Wide Web for over 5 million dollars. Jack Dorsey’s first tweet sold for 2.9 million dollars.

Irony kept her place as the patron saint of 2021. Blockchain technology was envisioned as a way to protect and secure us all, yet in 2021, cryptocurrency networks were hacked and fraudulent schemes allowed crooks to steal millions from investors. A made-up currency, Dogecoin, took off, even with Elon Musk exposing it as a joke on an episode of Saturday Night Live.

All of this paled in comparison to the real negative side of blockchain. It enabled newly organized cybercrime groups that brought us the scourge of 2021 – ransomware. Without blockchain and the cryptocurrencies it supports, ransomware would be deprived of one of the key elements of its explosive growth: the means to deliver large, secure, and often untraceable payments.

2021 left us with a key question. Is there a real and enduring enterprise case for blockchain? Probably yes, post-2021. In Canada, the CIO Strategy Council started by Jim Balsillie ended the year with an announcement of standards for blockchain in agriculture. Ultimately it may be the work of quiet and dedicated volunteers, initiated and sustained by the Council and often with little fanfare, that will finally determine if blockchain will live up to its promise.

Quantum leap?

Quantum computing promised unheard-of calculating power by breaking the fundamental restrictions of modern computation. The transistor and its silicon representations that gave us modern computing were about to be supplanted by something that went beyond the zeros and ones of binary computation.

Few understand how quantum computing actually works, but that didn’t stop us from imagining a new quantum future. Computers would be so powerful that they would break even complex encryption routines; nothing would be secure.

We were fascinated in 2021 by the announcements of new computers which represented quantum leaps (pun intended) in processing. Yet despite those advances, much more needs to be done before there is an actual commercial and practical quantum computer.

Does that mean that companies should ignore this development? That might not be a good idea. A burgeoning quantum-computing ecosystem and emerging business use cases promise to create significant value for industries—if executives prepare now.

Related:

Quantum computing use cases–what you need to know | McKinsey

Metaverse

2021 left us all with three key questions. Will the pandemic ever be over? What will work look like in 12 months? And, finally – “what the hell is the metaverse?”

A term borrowed from science fiction and popularized by movies like The Matrix entered our vocabulary in 2021. It started with attempts to develop more engaging digital meetings. It ended with an announcement by Mark Zuckerberg that his company, Meta (the company formerly known as Facebook) was going to build a new metaverse on the foundations of the social media giant that he built.

What is a metaverse? There is no universally accepted definition. It will undoubtedly be some kind of virtual or augmented reality that creates a place where humans can interact and possibly collaborate in a newly defined digital space. Whether that space is singular or composed of many different spaces, only one thing is certain – those who “own” or control the metaverse will have a commercial property that will dwarf the value of Facebook, Google and perhaps all of our digital giants.

This is why Zuckerberg was so eager to jump from the battered reputation of Facebook to this new cyberworld, even though it is years from any practical realization. And with all due respect to Zuckerberg, he might not want to spike the football avatar just yet. There is no doubt that Facebook is a monolithic force, but the stakes are too high for other giants to roll over and let Zuckerberg claim victory.

There are real and practical barriers to building this metaverse, whatever form it takes. According to Intel – and they should know – the amount of computing power required will be as much as 10X the power we have today.

Yet, even though it is only an idea at this point, we cannot ignore it. No matter how jaded we might be, no matter how much we might think that this is a huge danger to humanity, no matter how many obstacles we place in its way, history tells us that the metaverse will be built. By whom and by when, we simply don’t know. But it will be built.

The good news is that as we move towards the metaverse, we will see developments in digital meetings and augmented reality as key steps. Tech that we discarded, like the Google glass, will resurface, albeit with greater utility. The need for more interactive meetings may prove to be the real driver of progress, particularly if COVID-19’s Omicron variant and others continue to keep us from live meetings. Likewise, digital twinning – creating 3D simulations that we can interact with – will also be a compelling step forward.

While we won’t be living the reality of a full experience digital world, we will undoubtedly take steps forward in the coming year. Expect an abundance of things that are defined as the metaverse. It will be overhyped at a level we have not yet seen, but despite that, it’s still an idea that is most likely, unstoppable. Just don’t expect a clear definition in the near future.

Related:

Oppo unveils Air Glass, its vision for the future of smart glasses – CNET

Google is building a new augmented reality device and operating system | Ars Technica

Summary

That’s our view of 2021. We’d love to have your comments. Give us a check if you liked it, an X if you didn’t but please, take a moment to tell us your opinions and thoughts.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Jim Love
Jim Lovehttp://www.changethegame.ca
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

After being all-digital last year, the Consumer Electronics Show is back in Las Vegas for 2022. Find all the latest news and announcements from the showroom floor at CES 2022.

Related Tech News