Undoubtedly, the accelerated digital transformation caused by the pandemic has left organisations increasingly vulnerable to cyberattacks. In fact, Deloitte reports that 72 per cent of respondents in their Global 2021 Future of Cyber Survey experienced between one and ten cyber incidents and breaches in 2021 alone.
Attackers have continued to evolve and innovate how they deliver attacks, and the threat landscape is constantly changing, making it a challenge for cybersecurity teams to stay one step ahead. Here, some industry insights into the cybersecurity landscape in 2022.
Which technologies will pose a threat?
Dimitrie Dorgan, Senior Fraud Risk Manager, Onfido, predicts an increased use in AI technology from fraudsters: “Our 2022 Identity Fraud Report found a rise in sophisticated fraud over the last 12 months. For example, synthetic data attacks fuelled by breaches are becoming more commonplace, involving merging real and fake information. For the first time, we are also starting to see deepfakes used by fraudsters, which use artificial intelligence (AI) to generate fake videos that replace the original person’s face or voice with someone else’s. This trick is also sometimes referred to as synthetic video or synthetic voice fraud, with some AI software capable of cloning voices or transposing faces. It can be used to navigate a bank’s facial or voice recognition security, for example.”
Lavi Lazarovitz, Senior Director of Security Research, CyberArk, anticipates brand new spots will help attackers hide in plain sight: “As if it’s not already tricky enough, security is going to get even more complicated thanks to new hiding places introduced by cloud, virtualisation and container technologies.
“For instance, as micro virtualisation becomes increasingly popular, threat actors can isolate malware in these virtual systems while keeping it hidden from host-based security controls. While these new attack techniques haven’t been seen much in the wild…at least not yet, financially motivated and nation-state threat actors have been observed testing systems such as Windows Subsystem for Linux (WSL) — a subsystem that secures credential and authentication processes — as they look for new ways to compromise endpoint machines.”
Where will the threat come from?
James Alliband, Senior Security Strategist at VMware, predicts that copycat cyberattacks on critical industries will disrupt lives: “We are seeing cybercriminals adopt a style of attacks that seek to cause disruption to human lives. The attack on Colonial Pipeline that triggered a fuel shortage along the US East Coast, ranging to the attack on Ireland’s healthcare system that effectively shut down the entire country’s hospitals, are only the beginning. There will be copycats as we see bad actors target critical industries such as energy, healthcare and finance with the intent to cause panic while cashing in on a ransom payment. The results of a successful attack can be expensive and dangerous, ranging from cancelled hospital surgeries and rerouted ambulances to people waiting hours at a gas station for fuel. This will be an area that is of real interest to nation-states looking to cause disruption abroad.”
Simon Mullis, Chief Technology Officer, Venari Security, predicts the biggest threat will be hidden within plain sight: “One of the greatest threats of 2022 will be right under security teams’ noses: malicious activity hidden within encrypted traffic on their network.
“The unilateral shift towards end-to-end encryption over recent years, means that data encryption in transit is becoming more and more prevalent, with a very high proportion of Internet traffic now encrypted by default. This helps mitigate the risk of enterprise data loss, making it harder for security professionals to understand what traffic and data flow through their networks. New forms of encryption – such as TLS (Transport Layer Security) 1.3 – make it harder still. Decryption of TLS 1.3 is more difficult and expensive, making it nigh impossible to effectively detect and stop potentially nefarious activity.
“To avoid falling foul of cybercriminals lurking on their networks in encrypted traffic, organisations will need to completely change their approach from decryption towards behavioural analysis for detection. In the first three quarters of 2021 alone, threats over encrypted channels increased by 314pc on the previous year. And if organisations continue using the same failing detection techniques to uncover malicious activity on their network, the rate of attack using encrypted traffic will continue to grow at this rate or higher.”
Sander Vinberg, Threat Research Evangelist at F5, predicts further attacks on personal networks: “It’s no secret that ransomware has wreaked havoc over the last year or two. As part of the 2021 Application Protection Report, F5 Labs opined that it was more useful to think of ransomware not as a form of denial-of-service, but as a monetisation strategy—an alternative to enriching stolen data for later use in digital fraud.
“Looking at ransomware this way clarifies what kind of organisations make a viable target: all of them. Specifically, every organisation that isn’t an even juicier target via some other vector (such as Magecart) is a viable target for ransomware, because the attacker doesn’t have to figure out how to monetise the stolen data, they just sell it back to the victim. We also understand that a key element of ransomware is carefully choosing a price. The attacker maximises their profit without provoking resistance from their victims or retribution from law enforcement or governments.
“Given these characteristics, it is only a matter of time before somebody starts targeting the extremely wealthy on their networks. These targets have the means to pay the ransom, and their information systems are often as complex as those of small enterprises. We already know that many ultra-high-net-worth individuals (UHNWIs) have things to hide about their finances, so it also follows that at least some of them would be circumspect about bringing in law enforcement in the event of an attack. For all of these reasons, I think 2022 will be the year that this vector will target rich individuals, in addition to organisations more generally.”
Erez Yalon, Senior Director of Security, Checkmarx, thinks 2022 will see an increase in successful attacks via the supply chain: “The influx of supply chain attacks is something we’ve been seeing for over a year now, as attackers increasingly target chinks in the supply chain security armour. From SolarWinds, to Colonial Pipeline, to the Codecov supply-chain attack, the attacks have been significant. And, while organisations and governments have become aware of the threat a compromised supply chain can pose to their operations, they still can’t seem to properly defend against it – a trend that is set to continue into 2022.
“Next year we can expect many more successful supply chain attacks. To mitigate this, organisations and security teams must cover the basics and implement a zero-trust approach. A strategic Information Security model, zero-trust is the process of trusting nothing at face value, whether it’s inside or outside a network perimeter. By working on the premise that everything and everyone trying to access or connect to an organisation’s system is malicious, businesses can mitigate the risk of both attacks and vulnerabilities slipping through the cracks throughout a supply chain.”
What will help mitigate these threats?
James Weaver, Director Product Marketing, Cradlepoint, sees using 5G technology to simplify managing and securing an expanded network: “Securing network devices on the network edge is becoming more critical for businesses of all types, from coffee shops to first responders and remote workers. Wi-Fi has become the norm and guests and employees alike expect it wherever they go. However, spread across multiple locations, this expanded network can be incredibly difficult for IT teams to manage and secure.
“This is where 5G will help. Along with native security advancements that come with 5G, higher performance and lower latency provide the head room to run more advanced security diagnostics. Cloud-based security services becomes a practical reality from larger sites to small but numerous IoT connections. For IoT, this allows for a smaller form factor, and less processing requirements on the device. By deploying these new 5G technologies, businesses will be more flexible and dynamic, whilst still allowing cybersecurity teams to secure these large, distributed networks.”
Dale Meredith, Author, Pluralsight, believes the answer lies in the combination of people, skills and automation: “First off, since there is more than one way for cybercriminals to attack, there will need to be more than one way for security professionals to stop them. Therefore, it is essential that people be skilled in several areas and not just on one skill. This includes skills such as penetration testing (ability to find vulnerabilities and fix or address them), social engineering (the art of luring people into giving out important information or taking part in activities that could put their security at risk), and malware analysis (identifying the type of malware and its purpose).
Second, because many cyberattacks can be automated, more advanced automation will need to be done. This means that those responsible for cybersecurity may need to be a part of building and maintaining these automated systems and using them. I’d also lean a bit in here for AI. Hackers are beginning to use AI to fight against AI defences. So a good understanding of the AI structure being used within an organisation would be helpful too.”
Jonathan Smee, Cybersecurity Technical Coach, Grayce, highlights the need for greater collaboration between teams: “As businesses move to digital modes of working, they subsequently increase the attack vectors that hackers can exploit to breach organisations systems. So, as firms continue to ride the wave of digitalisation well into 2022, companies should actively include members of ones’ Information Security team for project engagement, where appropriate. Firms should not only look to include more budget in their cybersecurity in 2022, but they would also benefit greatly from adopting a DevSecOps team that involves the InfoSec function end-to-end to identify these digitisation risks.”
