The cybersecurity industry experienced an utter chaos over 2021: the highest ever numbers of ransomware attacks, SolarWinds’ supply-chain havoc and endless breaches. All of it would have sounded too wild for real life a short year ago.
What, then, lies ahead? Threatpost talked to industry experts and developed this list of the five top trends to watch in 2022. So here you are.
Growing Government Influence in Cybersecurity
SolarWinds, the Colonial Pipeline attack, spyware and privacy concerns are the focus of global governments, and experts widely agree the year ahead will be full of new regulations and investments.
In the months leading up to the 2020 elections, governments were focused on the spread of disinformation to influence election outcomes, but other urgent national security demands emerged in the wake of massive cyberattacks on critical infrastructure. These immediate cyberthreats will continue to dominate government focus throughout 2022, researchers predicted.
Jonathan Reiber, senior director of cybersecurity strategy and policy at AttackIQ, explained that the federal government is currently working to identify where it can most effectively deploy resources to shore up defenses against cyberattacks.
“As the federal government adopts the practice, more private organizations will follow suit, building higher walls around high-value assets,” Reider said.
Both state and national laws protecting consumer privacy are expected in 2022 by Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP). He explained, that the trendlines for privacy that formed in 2021 would accelerate and bring new risks and complexity for organizations. More national laws will be passed, more state laws will be passed and more enforcement will occur, according to him.
People are still going to be people in 2022 and they’re still, largely, going to do the easiest thing, regardless of its impact to the organization’s security posture. And that’s something cybercriminals will continue to count on to make their social-engineering scams work.
Stairwell’s Mike Wiacek states that social engineering will continue to work pretty dang well in 2022. According to him, social engineering is one of the most difficult security issues to address because no compliance, governance or risk-management action can address the fact that people are imperfect and susceptible to being duped.Over the course of their workday, otherwise serious people can be incredibly careless and that’s not likely to change anytime soon.
Did John really pick up a USB flash drive in the parking lot and plug it into his corporate workstation? Did Sally just click on a link in an email for a free Rolex? Cybersecurity is a problem for which everyone is responsible, but few comprehend how much harm their individual actions may cause.
In addition to widely recommended user training, Wiacek suggests cybersecurity professionals change their internal communications approach in 2022. He believes that security teams need to engage with their coworkers directly and be easily accessible. Most security teams have a reputation for saying ‘no.’ They need to have a reputation for saying ‘yes’ instead. Building a strong security culture requires relationships, trust and strong passion for customer experience — even if that customer is John in accounting.
Rather than the old, tired “gamification” approach to awareness training, a message that can be digested in small bites, more like social media, is a more effective approach. Getting folks the tips and guidance they need in a familiar medium, like humorous videos, is a great first step to building trust with your coworkers. Anything you put in front of them should look and feel just like the content they’re choosing to consume on apps like Facebook, TikTok, Instagram, YouTube, etc.
Ian McShane, field CTO at Arctic Wolf explains that in 2022 the industry will start to shift the way it looks at ransomware, realizing it’s not the ransomware itself that’s the problem, it’s the entry point. We will shift from a greater focus on what to do after the attack and focus on how to predict and protect the first line of attack, using data science to model scenarios that can highlight the potential weaknesses in the supply chain.
And the number of supply-chain ransomware attacks isn’t likely to abate over the next 12 months either, according to Deepen Desai, CISO and vice president of security research and operations at Zscaler. Supply-chain ransomware is a particular concern due to the ability for a single breach to impact hundreds or thousands of end companies. Desai says that tech companies experienced a 2,300 percent increase in attacks in 2021, and any relief is not foreseen in 2022.
Experts also believe that it is necessary to decriminalize and destigmatize the ‘scarlet letter’ that comes with disclosure. Rewarding users for proper security behavior and giving them more visibility into how incidents are handled will encourage them to be more security conscious. It’s those everyday users who most regularly interact with common supply-chain attack vectors.
Email will be increasingly targeted in 2022 with targeted, high-quality spear-phishing attempts, and will require a change in defense tactics, according to Troy Gill, senior manager of threat intelligence with Zix | App River. Spear-phishing attacks, which involve cybercriminals personalizing emails to fit a smaller group of individuals than traditional tactics, and appear more authentic, are not going anywhere. As the rise in personalized phishing gives way to new customization tactics in 2022, organizations will respond by prioritizing building more specificity into their email defenses.
Ransomware-as-a-service (RaaS) has helped make digital extortion a booming business, and 2022 is likely to be another banner year for ransomware threat actors.
Unfortunately, in 2022, the RaaS model will see continued growth as it has proven to be an incredibly efficient vehicle for maximizing profits. While the growth trajectory is staying the same, the primary target of ransomware attacks will not. Government involvement in defense of critical infrastructure will motivate ransomware groups to target small and medium-sized businesses (SMBs) to draw less attention than larger, high-profile targets. With government and big companies pouring cash into cybersecurity, underfunded and understaffed SMBs are prime targets for ransomware groups.
Better Coordination in Cybersecurity Industry
As we have seen with the evolution of malware-as-a-service and phishing-as-a-service, threat actors are willing to join forces for mutual success. That is why in 2022, we will see cybercriminals form even more robust working relationships to facilitate their continued success.
When it comes to the cybersecurity community, there is more work to be done to shore up the entire ecosystem, according to Ian McShane. That means larger companies sharing tools and talent with SMBs without resources to protect themselves alone, among other actions.
To his mind, the industry needs to work to democratize security, particularly as the talent gap and retention continue to stretch teams thin. Digital transformation and technology expansion has created a massive opportunity for attackers and securing the entire supply chain is the only way to protect all of us.