Ransomware will continue to be the largest security issue in 2022. The security problem isn’t going to go away. As long as there’s money at the end of it, whether it is someone stealing IP or money, they will always find a way to get it. Those are the sentiments of cyber security people predicting into 2022.
Working from home will always be a security challenge, says Mike Campfield, VP of Global Security Programs, ExtraHop. He says: “Enterprise remote infrastructure security has definitely improved over the last few years during the pandemic. However, when you have devices outside of a controlled environment, even the physical security of things becomes more problematic. Once you leave the four walls of a physical building, it is more challenging to manage and secure things like passwords, biometrics.”
Mike Sentonas, CTO, CrowdStrike warns of an “extortion economy”. He says: “This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold. However, in 2022, we expect to see the extortion/exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion.
“We’re seeing an entire underground economy being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and find other ways to gain access to the data to sell for a profit anyway.
“In today’s world, if you get hit by ransomware, you can expect to get hit by double extortion. And, ransomware actors will continue to innovate and evolve to find new ways to monetise their victims.”
Fraudsters are impersonating brands and asking people to participate in fake surveys or giveaways, says Steven Hope, CEO and co-founder of Authlogics. He says: “The success of these types of scams is worrying but unsurprising. There is still a lack of education and awareness around impersonation scams, so many individuals don’t know the warning signs to look out for. Scammers love leveraging the Christmas period, as many people let their guard down and let their excitement for the holidays get the better of them, especially when it comes to freebies or what seems like a fantastic deal. Individuals should be particularly wary when receiving emails or calls from supposed brand reps or stores; more so if these are asking for money or very specific information.”
To adapt to hybrid working, more companies will drive to adopt the Zero Trust security model, predicts Zoom CISO Jason Lee. “Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the Zero Trust approach to security. I believe that companies need these tools to make sure their employees can get work done as safely as possible from wherever they are – commuting, traveling, or working from home — and that all of their endpoints are secured with continual checks.”
The passwordless log-in experience has had a slower adoption rate than anticipated due to the ubiquity of passwords, but as is understood across the industry, the latter is not as secure as other sign-in methods, says Stuart Dobbie, SVP of Innovation, Callsign. “In 2022 we can expect the desire for a common user experience across mobile and desktop to be the factor that catalyses passwordless adoption.”