Security Experts:

Prediction Season: What's in Store for Cybersecurity in 2022?

The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives. 

Today’s dynamic threatscape requires that we adjust to the ever-expanding attack surface. It doesn’t matter where data resides, or who is ultimately trying to access it — humans or machines. What matters most is that we minimize the risk of data exfiltration. Period.

Consider the following threats that are on the horizon in 2022 and start preparing for them now:

Compromised Identities Continue to Fuel the Cyberattack Engine

Since the introduction of computers, usernames and passwords have been the primary method used for access control and authentication. However, as post-mortem analysis of most data breaches reveals, compromised credentials have become the primary point of attack for today’s cyber adversaries. In fact, a study by the Identity Defined Security Alliance (IDSA) reveals that credential-based data breaches are both ubiquitous (94% of survey respondents experienced an identity-related attack) and highly preventable (99%). 

Nonetheless, many organizations are still lacking key identity-related security controls and the few forward-thinking companies that have started applying proper access controls are typically focusing on human users. This flies in the face of reality. With digital transformation initiatives that span DevOps, cloud transformation, Internet of Things (IoT), etc., the sheer number of non-human identities far outweighs human users.

In turn, expect compromised identities to continue to fuel cyberattacks in 2022, with an increasing portion being non-human accounts. These alleviate the need for cyber adversaries to “hack” in – instead they can log in using weak, stolen, or phished credentials. To find out how to go beyond static passwords and what the future of authentication needs to look like, check out “Non-Human Identities: The New Blindspot in Cybersecurity”.

Ransomware Attacks Evolve to Multifaceted Extortion Schemes

Holding someone or something for ransom is a simple yet effective strategy that has been used by criminals for thousands of years. Today, cybercriminals are exploiting these ancient techniques using modern technologies. Ransomware is most commonly delivered via spam emails or spear-phishing emails that target specific individuals and seed legitimate websites with malicious code. Targeted attacks might affect fewer organizations but have a much higher success rate. Upon infection, ransomware often has a devastating impact since encrypting and blocking access to sensitive data can shut down business operations.  

Recently, there has been an uptick in ransomware that targets the firmware of devices directly. In the past, ransomware often focused on the master boot record to gain control over devices and prevent them from booting properly. The newer variants either manipulate firmware to disable data backup capabilities or corrupt the firmware itself. 2022 will see a further increase in this attack tactic.

Over the past year, we have also seen the emergence of a new trend whereby ransomware attacks not only encrypt an organization’s systems, but also exfiltrate data and threaten to release it publicly if the ransom is not paid. This trend is part of the evolution of ransomware attacks and is expected to balloon significantly in 2022, as it often guarantees a larger payout.

To learn more about the basic steps you can take to increase your organization’s cyber resilience against ransomware attacks, check out "Defending Against the Latest Ransomware Surge”.

Pay Attention to the Supply Chain Threats

Based on the media hype surrounding the SolarWinds attack, it might appear that a supply chain attack that leverages a backdoor, is a newly emerging attack tactic. However, cyber adversaries have long focused on exploiting third-party related control failures. Data breaches at Adobe, Target, Home Depot, and Neiman Marcus are a few examples, in which hackers have mounted targeted attacks against an organization's supply chain. One of the most damaging and memorable supply chain attacks to date remains the RSA SecureID token breach. Using stolen data about the company’s SecurID authentication system, criminals were able to compromise RSA customers including Lockheed Martin that relied on SecureID tokens to protect their most sensitive data and networks.

As companies improved their defenses against direct network attacks, hackers shifted their focus to the weakest link by exploiting the supply chain to gain backdoor access to IT systems. Supply chain attackers take advantage of a lack of monitoring within an organization’s environment. Thus, it’s unlikely we’ve seen the last major data breach that exploits supply chain vulnerabilities. More is expected in 2022. 

To protect themselves, organizations should change the way they manage their supply chain risks by monitoring downstream IT security risks. To find out more, read “Shields Up: How to Tackle Supply Chain Risk Hazards”.

The Work from Anywhere Era Creates New Threats

Since it’s clear that remote/hybrid work is here to stay, IT security practitioners must figure out how to enable a secure and resilient work from anywhere environment to minimize their future risk exposure. The challenges organizations face in this context in 2022 are related to the following areas:

• The Ultimate Dilemma: Visibility and Control - As employees operate in this new work from anywhere environment, alternating between campus and off-campus networks, IT will be challenged with maintaining consistent visibility and control, which in turn affects their ability to support and resolve user issues. 

• The Growing Need for Application Persistence - Security breaches can occur because of simple user errors. In some cases, vendors inadvertently facilitate that by issuing products with insecure default configurations, putting the onus on the customer to harden them.

• User Experience will Drive Employee Satisfaction and Attrition - Users expect consistent and good quality experiences no matter where they are. For example, they don’t want to have to switch off their VPN, re-authenticate, and log in to a separate interface with a separate password each time they come into a corporate office. Ultimately, users want their technology to work, and they don’t care what happens in the backend if they can reliably and consistently access the resources they need. 

In 2022, organizations need to take a hard look at their long-term strategy to support this new work from anywhere era. Ultimately, they have to balance the need for security, visibility, and control, as well as high availability with a positive end user experience. Emerging technologies that deal with endpoint resilience as well as secure and continuous network access are a good foundation when adapting to the new work environment. To explore more, read “The Impact of the Pandemic on Today’s Approach to Cybersecurity”.

Conclusion

While it might be overwhelming to look at the four critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure. In the end, it all comes down to addressing the most imminent threats facing your organization.

view counter
Torsten George is currently a cyber security evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).