As 2021 draws to an end, it’s safe to say it was an eventful year from a cybersecurity perspective. Ransomware became the go-to for cybercriminal gangs and insecure databases still plagued organisations. So, what’s on the horizon for 2022? More of the same or will hackers turn their attentions elsewhere? We asked some security experts for their thoughts:
Ransomware groups aren’t retiring, they’re re-branding, said Wade Lance, Field CTO at Illusive
“Don’t believe the hype. REvil and BlackMatter are not “shutting down” due to external pressure from the government and law enforcement agencies. We’ve seen these groups disappear and then pop back up a few months later, sometimes with a new name. Before BlackMatter it was DarkSide. It’s like Soundgarden breaking up, only to come back with some adjustments as Audioslave, then going solo as Chris Cornell. These transformations for ransomware groups will become the source of new attacks. This isn’t just re-branding, it’s re-architecting. There will be new methods of initial attack and penetration, and enhanced approaches to move laterally in the network. There will be new methods of operation to avoid arrest and infrastructure takedown. And there will be loosely affiliated networks of solo operators that pick and choose who they work with through a robust cybercrime underground, just like rotating new drummers through a band. In 2022 we expect to see more aggressive and complex ransomware efforts.”
And Lior Div, CEO at Cybereason believes to continue to combat ransomware, we need to focus on RansomOps:
“What we see today is not that simple. We now have ransomware cartels—like REvil, Conti, DarkSide, and others—and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain. There is too much focus on the ransomware executable, or how to recover once an organization’s servers and data are already encrypted. That’s like fighting terrorism by focusing only on the explosive device or waiting to hear the “boom” to know where to focus resources. RansomOps take a low and slow approach—infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in the network for days, or even weeks. It’s important to understand how RansomOps work and be able to recognize Indicators of Behavior (IOBs) that enable you to detect and stop the threat actor before the point of “detonation” when the data is actually encrypted, and a ransom demand is made.”
Boris Cipot, senior security engineer at Synopsys thinks it could be smart “things” that leave us vulnerable without the proper security at development level: “Smartphones and smart watches were just the start of a whole new range of wearable technologies; soon enough, technologies such as smart glasses will enter the market, too,” he said. “On one hand, this provides users with greater freedom. On the other hand, it also means having to trust another entity with one’s privacy. Knowing what devices are capable of and what data is being shared will incite a whole new level of concern. These technological advances will, unfortunately, be a breeding ground for cyber criminals if we do not do our jobs in software and hardware development right. As AI technology continues to evolve, and as smarter algorithms are used to detect vulnerabilities in software and services, cybercriminals will also be leveraging these developments for their own malicious purposes. Moreover, they can often take advantage and exploit known vulnerabilities that are simply not mitigated in a timely manner.”
Sundaram Lakshmanan, CTO of SASE products at Lookout agrees that supply chain could create further issues in the future:
“One area organisations need to continue to watch out for in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end users to collect and process data. The reality is that these apps constantly communicate with different entities and systems like software-update infrastructure and with each other — interactions that are often not monitored.”
John Goodacre, Director of UKRI’s Digital Security by Design and Professor of computer architectures at the University of Manchester, sees security by design as the way forward:
“Covid has changed working patterns and the increase in working from home is making centralised security irrelevant. New solutions will be required to protect homeworkers. creating an awareness and demand for “Secure by default” and “Secure by design” cyber security methodologies. New solutions will be required to protect workers, as trust in computing will be questioned with an increase in attacks.”
Joe Garber, CMO at One Identity believes identity sprawl will cause problems in 2022:
“Cyber incidents are a regular occurrence in part due to organisations having to manage more identities within the business than ever before. In fact, according to recent research, the amount of identities that organisations have to contend with have more than doubled, including internal, third party and customer identities. This, combined with the fragmented way that many organizations manage access rights, can create inconsistencies, gaps and worst of all, expand the attack surface for cybercriminals looking to steal credentials to gain a foothold within the organisation. Therefore, tackling ‘identity sprawl’ will likely be a focus for 2022, with companies looking to unify their identity security practices to attain a 360 degree view of all their identities, to plug these significant gaps and to increase their overall cyber resiliency.”
Trevor Morgan, product manager at comforte AG thinks cloud is still where it’s at:
“We never tire of putting cloud on any list of things to watch for in the coming year, and this upcoming year is no different. Despite common misconceptions, most organizations are still trying to ensure that their cloud strategy is mature and is working for the organization. Moving beyond simple public services and SaaS offerings into more sophisticated hybrid cloud architectures is something that most organizations are now seriously considering. However, hybrid cloud environments bring with them a lot of concerns, from adjusting workflows and business applications to data security. In cybersecurity, we will see more data breaches involving cloud resources, but we will also see more solutions that help enterprises leverage the best of what cloud has to offer while also providing more adequate data privacy and data security.”
Jordan Redd, senior sales director, MSSP at AT&T Cybersecurity says companies should address security architecture complexities in 2022:
“Complexities are mounting as architectures evolve to support a hybrid workforce. Added to this, securing new business initiatives in edge computing continues to drive new security requirements. And while attack surfaces are growing, cybercriminals have turned to highly evasive, more lucrative strategies to exploit and profit from network vulnerabilities. Against this backdrop, using a legacy approach to threat detection and response will no longer suffice. Security teams struggle with too many alerts from various point solutions, too much data, and not enough context. This is even more challenging with limited staff and expertise. A new approach to threat detection and response, Extended Detection and Response (XDR) has emerged to deeply integrate best-in-class technologies as well as existing investments made by customers. An XDR approach takes combined data from the entire security stack to help give security analysts more context into threats and enable them to make better remediation decisions more quickly. For MSSPs, this streamlined approach incorporates automation, orchestration, machine learning and threat intelligence to provide early-stage, more predictive identification of current and evolving threats.”
Simon Roe, product manager at Outpost24 said it’s organisations’ external-facing assets that will be weak spots in 2022:
“As organisations adopt more digital technologies to enhance business operations and customer experience, their external facing perimeter is expanding at an alarming rate. It’s a fine balancing act but if left unchecked – unauthorised IT, outdated software and unprotected assets will continue to put your company at further risk of exploitation. We’ve seen clear examples of these attacks in 2021 and this will continue into 2022 and beyond unless security teams start to build attack surface management into their wider security program. The outside-in approach enables organisations to get ahead of their security exposure against the most common entry points and highlight areas that require immediate attention for risk assessment.”
Jamie Akhtar, CEO of Cybersmart is hopeful that what the UK government is doing now will have a positive impact in 2022:
“We’re seeing the UK government taking a more proactive approach to consumer and SME cybersecurity. A great example of this is the Product Security and Telecommunications Infrastructure Bill (PSTI) recently introduced to parliament. This bill proposes a new law requiring manufacturers, importers and distributors of digital tech which connects to the internet or other products to ensure they meet tough new cyber security standards – with heavy fines for those who fail to comply. On top of this, it’s also looking increasingly likely that Cyber Essentials certification will become mandatory in more industries and settings. And this drive to push businesses into being more cyber secure isn’t just a UK phenomenon. We’re also seeing countries like Australia get on board.”
Armis’ European cyber risk officer, Andy Norton, thinks regulations like NIST will have a big impact on OT/IT converged environments:
“Governmental regulations are advancing. Cyber breaches are the digital pandemic, like Covid-19, they have advanced a rapid shift towards more remote operations. This transferal in combination with innovative technology and process introduction puts OT operations at further risk; and it is not clear whether these changes have taken advantage of the guidance on secure design and risk assessment from the ISA/IEC 62443, NERC CIP, NIST 800-53, ISO 270001, ISA/IEC 62443, TSA Pipeline, DHS CFATS, or ISA S99 series of standards. All these specifications point to NIST, a standardised Cyber Security Framework (CSF). Asset operators and cyber security functions need to start shaping their desired target state by determining what the most critical assets are that need maximum protection. To help neutralise threats, critical infrastructure asset operators should apply a comprehensive risk framework to implement and address vulnerabilities to OT/IT convergence. This includes “security by design”, defense in depth, and zero trust to counter cyber threats.”