Cyber Security 2022 Prediction by
Wai Kit Cheah
Director, Security Practice at Lumen Technologies
Predicted about #Bot Risk #Cloud Security #Cryptocurrency #Cyber Attacks #Cyber Security Awareness #Cyber Security Jobs #Cyber Security Monitoring #Data Breach #Data Security #IT Budget #OT Security #Ransomware Attacks #Software Vulnerabilities & Misconfigurations #Third Party Risk Management #Zero Trust Architecture
Balancing IT Spend with Evolving Threat Landscape: When companies struggle with managing their expenses, IT departments will often be neglected and likely targeted for cost reduction. Many executives could fail to realize that cybersecurity is not just about reinforcing the perimeter. There are zero-day exploits and critical vulnerabilities that could put our common enterprise applications, systems, and networks at risk. It will become common to see IT teams in an endless struggle to patch and remediate these risks. They will burn out. With a reduction in force and without investments in patch management tools, the probability of becoming vulnerable and exploited will be higher. Eventually, the weakest link will break.
Supply Chain Attacks: What started in 2020 will likely continue to intensify as threat actors go after vendors with poor cybersecurity controls. By breaching the security of the vendor and embedding malware into the vendor's digitally signed updates, threat actors will gain access to the vast number of clients of these vendors. Businesses will need to assess their third-party vendors for such risks and verify their vendors' cybersecurity controls.
Increase in Vishing & Social Engineering Scams: There are countries that are still in partial or complete lockdowns and have been so for almost the last two years. When we are forced to isolate, quarantine, and stay home, the next best alternative is to turn to social media. Many share their whereabouts, intimate personal details, and photos and do not take care to protect their accounts. These provide easy prey for scammers. I believe there will be an increase in the volume of vishing scams and social engineering scams in the future.
Ransomware Becomes the Next Pandemic: Ransomware continues to evolve with double tap attacks. Victims are extorted for data exfiltrated and locked systems. Large enterprises that can afford solutions such as Endpoint Detection and Response (EDR), email security gateways, and Multi-Factor Authentication (MFA) will have better protection. However, small and medium enterprises (SMEs), especially those businesses that were severely impacted by the Covid-19 pandemic, will face challenges in affording these solutions. These SMEs are the vulnerable ones and will be increasingly at risk.
Secure Access Service Edge (SASE): As companies transform their businesses through this pandemic cycle to evolve into a more digitized business model, cloud adoption will increase. Many of them are concerned about their ability to secure their cloud consumption, which will drive a growing adoption of Secure Access Service Edge (SASE) to secure cloud access and virtual workloads. However, it will not be an easy adoption, as it needs pre-requisites to be successful, such as an acceptable use policy, a clearly defined cloud usage policy, and other regulations. Enterprises should first develop a strong foundation and set of administrative controls before implementing any technology. After all, technology is merely one tenet of cybersecurity control.
Extended Detection and Response (XDR): Vendors will continue to market their technology as the next shining Extended Detection and Response (XDR) tool, which will provide a unified threat detection and incident response platform for multi-source signals correlation. But, the true XDR magic will probably take another couple of years to mature. More signals do not necessarily yield better efficacy; threat context is important for XDR to be effective. Otherwise, we will be just creating a larger "haystack" and spending a tremendous amount of time determining which strand of hay is the "needle."
Securing Cloud Adoption: As the saying goes, you are only as strong as your weakest link. Many businesses who jump onto the Cloud adoption bandwagon will fail to realize that it is essential to ensure that their configuration and controls of cloud services must be thoroughly considered and tested. The 3Ms (Misconfiguration, Mistakes, and Mismanagement) will continue to be a grave error of many and cause unauthorized data breaches. Businesses should consider benchmarking their Cloud configurations against practices such as CIS benchmarks.
Rise of Cryptojacking: Cryptocurrencies are nothing more than entries in a database, and cryptocurrency itself is not regulated. It is possible to turn computing resources into cryptocurrency coins through cryptocurrency mining. Cryptojacking is a scheme to use others' computer resources, without authorization, consent, or knowledge, to secretly mine cryptocurrency at the victim's expense. Therefore, it will become increasingly critical for enterprises to protect their network perimeter by continuously mitigating risks through disciplined remediation and patching, ensuring that they do not publicly expose cleartext protocols or RDP services.
Cyber Insurance Fallout: In my opinion, cyber insurance as a risk transfer strategy may fall out. Businesses under the illusion that cyber insurance is the answer to cyber threats will face a stark reality. Policy exclusions will expand, and premiums will likely rise as claims grow. Many businesses will realize that they will not be able to repurchase cyber insurance once they make a claim. Risk transfer will not mitigate cyber risks but will merely be an interim solution. It will be necessary for businesses to seriously consider outsourcing their cybersecurity protection, detection, and defense and improve their overall security posture.
With remote work, employees are no longer within the safety and confines of their corporate network. In a home environment, they would not be protected from malicious websites, drive-by downloads, malvertisements, as they would be in their corporate network behind security policies and protection layers. Chances are much higher that endpoints could inadvertently download a malicious malware or be infected with ransomware.
OT security is starting to be a concern especially to critical infrastructure operators, utilities, energies, heavy industries, large manufacturing, etc. We may not reach that danger point yet, but with the increasing digitization of the industries, potentially, this can be a national risk. Imagine the threat of a fire storm. Hijacked power plant, utilities grid, total black out. That may be a reality in 3 to 4 years’ time if people don’t start paying attention to securing their OT networks and infra.
In my opinion, in the past, many of the larger enterprises focus much on threat modeling, threat intelligence and analytics. Too much effort was spent on trying to understand the TTPs of bad actors out there. It is constantly evolving and changing. Often, that’s like trying to keep up with a bullet train going at 300km/h. What’s the alternative? I feel the alternatives is slowly moving towards a zero-trust architecture. This is probably in the near future.
Companies will start paying attention to cybersecurity awareness training. They will still find ways to conduct the training but will remain price-sensitive in spending. Some will just treat it as just a chore, a tick-in-the-box for compliance sake.
It will be harder to hire talent / skilled cybersecurity resources with the travel restrictions. Especially in smaller countries. Like in Singapore, we can only hire locally available candidates and you will see these people being poached every 6 months or so from one company to another. Many organizations will struggle to find the resources they need.
Bot risks will increase. Web based applications will be at risk, especially if they have not adopted security design principles. Many home-brewed or in-house built web or mobile applications does not have basic controls in place. No input validations, no sessions time-out, allowing multiple concurrent logins, susceptible to various forms of attacks. Easy pickings.
You will see increased ransom based or financially motivated cyber-crime. Nowadays, there are many cybercrimes syndicate offering tools and services for hire (sometimes with guaranteed results) where they take a certain percentage of the rewards. It makes it increasingly easier to partake in cyber-crime. Some examples includes ransom-based DDoS threats on verticals like gaming or stock exchanges, as well as very targeted BEC attacks.
Misconfigurations will continue to increase in magnitude. As companies get digitized and move into an online business model, adopt more cloud services, there will be more misconfigurations and mistakes made. Whether misconfigurations of cloud services, e.g. exposing an AWS s3 bucket to the whole wide world to see, or having an any-to-any default posture on firewalls, or exposing a database to the public. Partly human mistakes, partly stress, and also partly skills gap.
Some consider insider threats as malicious employees. I think there is more to it than just employees. With compromised networks, a bad actor could infiltrate into a companies’ network, install RAT, recon, move laterally, without being detected, especially if the security monitoring and posture of that organization is weak. In the dark forums, I believe there are compromised network access being sold for as low as few hundred dollars. Behavioral-based monitoring and analytics will have increasing focus and might even become an accepted mainstream security monitoring mandate.
With increasing penalties on data theft, and stricter PDPA / laws, executives and Board of Directors will pay more attention to data security. They might approve investment on DLP. But while the need for DLP may increase, I see a problem – DLP is just the technology part of the solution. To prevent data leakages requires a company to understand what data is it trying to protect. The solution is more of policies and processes than technology. If a company does not even have data classification and the right policies, does not understand what are they trying to protect, then buying a DLP solution is not going to help at all. Many companies today does not even know what are the critical data assets they collect, store, process and manage, and have no idea where these data resides. You can’t solve this gap by buying a software.
Many companies treat IT departments as a cost center. I’ve seen companies with more janitors and receptionists than IT personnel. Unfortunately, this translates to many unpatched systems and networks. As the IT teams scrambled to setup VPN for employees to work remotely, they often fail to validate if these VPN gateways are patched or have any critical vulnerabilities. Sometimes, these IT teams are inexperienced and are not aware of best practices. Many of these companies will have revenue and profit impact and in cutting costs, they will reduce spend. Some will do less in security, e.g. So, I predict that there will continue to be many more compromised networks and many more incidents of data breaches for most of 2021.
Working remotely changes the nature of how we operate. Our colleagues are no longer sitting next or near to us anymore. We can’t turn around and ask our colleague, ‘hey, did you request for the approval of this transaction or payment?’. This is not possible anymore. Many, if not most, instructions will be coming through emails and sometimes in unsanctioned social messenger or communication platforms. It is crucial to train employees to be aware of the signs of social engineering, phishing, vishing, and always verify requests especially if it is a request for fund transfer or approval of a payment or critical transaction. This requires a new behavior, a new way of working.
Other Predictions About #CyberSecurity
Security Analyst at CSW
As deepfake technology becomes increasingly sophisticated, it is likely to be used on a much wider scale by cybercriminals and fraudsters. The potential to dupe victims by accurately impersonating individuals through video or audio is extremely worrying. Using artificial intelligence (AI), cybercriminals or fraudsters use the deepfake technology to either impersonate a person's face, voice, or both to carry out scams, fraud, and social engineering attacks.
Security Analyst at CSW
Organizations transitioning to Windows 11/Server 2022 are goldmines for zero-day attacks. Especially, Windows 11's Android subsystem can act as the initial attack vector for threat actors. This, combined with the work-from-home situation, is a recipe for disaster.
Security Analyst at CSW
State-sponsored threat actors and crypto-savvy threat actors would be a new danger. The governmental and private sector organizations must adopt higher security standards to avoid this new dynamic.
Security Analyst at CSW
Cyber threats related to Metaverse can increase as it gives cybercriminals a new environment to use their old scams.
Security Analyst at CSW
It is an era where organizations are shifting from on-premises software to the cloud. Cloud services have been emerging with greater demand; it is recommended to enhance the security of cloud endpoints with advanced authentication and security information and event management (SIEM) deployments.
Prakash Ram Gopalakrishnan
Security Analyst at CSW
With more people preferring to continue working from home, an attack on any device connected to the home network can infect all devices on the network, thereby posing a threat to the organization's privacy and security.
Security Analyst at CSW
Continuous monitoring of updates and patches for third-party software integrations in the network is recommended. Security-related measures and comprehensive periodical analyses of an organization's network will be inevitable going forward, irrespective of how secure the organization's network infrastructure is built, as new threats and ransomware are evolving.
Cyber Security Expert and Forbes Contributor
Catalyzed by the Zero Trust strategy government mandate, Public Private Partnerships (PPP) will greatly expand throughout the cybersecurity ecosystem in 2022. Open collaboration, threat sharing, and cooperative research and development will help spur innovation and facilitate new cybersecurity solutions. PPP will be perceived good news for both industry and government by 2023.
Security Analyst at CSW
Supply chain attacks will be the primary weapon of choice in the ransomware threat arsenal. The year 2021 witnessed several types of malware distributed in supply chain attacks reconfigured as ransomware loaders. SolarWinds could merely have been the infancy of this form of assault.
Cyber Intelligence Consultant
The more established ransomware operators and gangs will continue to shift tactics again to evade detection. Ransomware gangs will likely continue to shy away from critical infrastructure targets to avoid making themselves a target of nation-state military and intelligence units.
Senior Vice President, Security Products at Ivanti
In 2022, we will consistently see ransomware moving up the technology stack. In particular, APIs are the future of hyper data transfer between systems, and ransomware is after data. It is not long before ransomware groups target APIs via misconfigurations in code.
Product and Cybersecurity Expert, Board and VC Advisor
The future will see the inclusion of trusted cybersecurity advisors in organizations’ boards of directors, either as independent technical experts or through sub-committee provisions to improve oversight of the cybersecurity posture of digital ecosystems, which businesses will thrive on.
Security Analyst at CSW
Patching vulnerabilities on demand will gain traction as a trend and an important skill for organizations with digital/physical attack surfaces, as vulnerabilities are being weaponized and cybersecurity leaders spotlight and take vigilance to protect from evolving cyber threats and attackers.
Chief Growth Officer, Privasec
With our world shifting into the virtual landscape, this can only mean that more information will be made even more available to the public, and it will be unsurprising for cybercrime to evolve and manifest in different creative forms.
CISO, Executive Advisor - EVOTEK
2021 will be the year of SOAR and investments in enhanced detection technologies including deception. I am cautiously optimistic that the improvements in security automation, the outstanding work in discovering zero-day vulnerabilities, and other software flaws will improve such that we'll see real reductions in dwell time. I also predict that cybersecurity as a topic for the board of directors will continue to be front-and-center - notably for public companies who are required by the SEC to provide accurate and complete disclosures related to their cyber risks. This focus will drive enhancements as to how organizations address patching and vulnerability management for their technology stacks. Sadly, we will also see the loss of life where OT or healthcare-related technologies are compromised, exposing new levels of liability for organizations in critical sectors.
Team Lead, CSW
Corporate networks or devices which can be connected by employees from outside, for example, the company's intranet or security infrastructure from coffee shops, restaurants, railway stations, hotels, and other public wifi access will be more open and prone to cyber-attacks.
Security Analyst - CSW
Spear phishing, password spraying, and exploiting internet-facing assets, are the most popular infection vector when it comes to nation-states actors' activity and will continue to dominate in 2021.
Technical Project Manager - CSW
Deep fakes will be the next threat on which cybersecurity has to act on.
Senior Director, Systems Engineering - Asia Pacific & Japan - ForeScout Technologies Inc.
Organizations will need to determine how they will adapt to this new world, now that it has become clear that working remotely is not only possible for many but, in some cases, preferred. This means that Zero Trust capabilities will be more important than ever as corporate laptops connect to home, coffee shop and hotel networks around the world, mingling corporate devices with riskier ones that are no longer controlled by enterprise cybersecurity teams.
CTO | Engineering, Technology & DevOps Leader
CISOs, IT and Product leadership of SaaS providers will explore Governance & Operational transformation while shifting-[Security]-left through automation, adopting SecDevOps methodologies, and imbibing a balanced Risk-Based Vulnerability Management philosophy to prepare themselves against increased product security incidents which are impacting millions of customers, not to mention corporate & government embarrassments and losses.
Global Board of Directors at OWASP & InfosecGirls
Prediction for next year is the companies are adopting and understanding the importance of security in the cloud, at the same time DevSecOps with chaos engineering is becoming an important thing with a pinch of automation and AI.
CSO - Evotek
I think the threat landscape will be similar to 2020 with a likelihood of an uptick in supply chain attacks, as well as in 3rd and 4th party risks. Additionally, I expect the trend in nation-state activity to increase dramatically in 2021.
CISO, Essar Oil (UK)
More Companies will be impacted by cyber threats, and many of them will start investing in Cyber Security. It will take another year though to improve their posture.
System/Software Engineer and Author
As recognition of the importance of resilience engineering increases, cybersecurity's contribution to resilience will become increasingly recognized. However, while cybersecurity is an essential part of resilience, it will become increasingly recognized that the adversities that can disrupt critical capabilities extend well beyond cybersecurity threats and attacks. Resilience also involves adversities associated with capacity, interoperability, longevity, robustness, safety, and survivability.
DevSecOps Enthusiast | CyberSecurity | CloudSecurity
Indian startups will start to look into the security maturity and data privacy concerns to avoid future data breaches.
Adv Rajas Pingle
International Cyber Law Expert | Cyber Crime Lawyer | Advocate | Professor | Privacy & Data Protection
Year 2020 has seen a considerable increase in data breaches and further upsurge is expected with the rise of unemployment across the globe due to the pandemic. In this context, the Indian Personal Data Protection Act which is to be enacted by 2021, will increase personal data consciousness among the masses, compel the corporates to take adequate measures to safeguard user data and increase cybersecurity to avoid hefty penalties. The silver lining in this is that the PDPA might act as a stimulus in reducing overall cyber security incidents in India.
Security Advocate, Public Speaker, Advisor, KnowBe4u
Consumers will see an increase in Whatsapp and SMS fraud. Not only will the number of scams increase, but cybercriminals will become bolder by asking for higher amounts of money and using more forceful and devious techniques to manipulate people into paying.
Founder & Managing Director Mnemonic Identity Solutions
“I would predict that 2021 will be the year that the global population will start to discover the real value of 'hard-to-forget', 'hard-to-break' and 'panic-proof' secret credentials for secure and sustainable digital identity."
Director, Cyber Security
We have seen that there is an increased adoption of SaaS and the pandemic has further propelled this adoption. Data protection, strong authentication and visibility into the SaaS configuration will be critical to the firms.Insider abuse to misconfiguration in SaaS can be equally disastrous. The enterprises will start building the controls from protection to visibility to remediation to have a more holistic approach when it comes to SaaS.
Founder and Chairman, The Santa Fe Group
In 2021 we will continue to see concerns about supply chain management and the management of risk when outsourcing. Location risk, geopolitical risks and reputational risk issues will be at the forefront along with cybersecurity risks, where adversaries will focus on the weakest link…the third and fourth party suppliers.
Prof John Walker
OSINT, Investigations and Cybersecurity Specialist
Successful Cyber Attacks will continue with more high-profile companies falling to compromise. Sadly, 2021 will not be the year we see real steps taken toward Cyber Resilience - but it will be the year in which we encounter a more serious mindset toward addressing the aspect of Cyber Security. We may have to wait for 2022 and beyond to see those thoughts formulate into tangible action.
Chief Information Security Officer at Gojek
I foresee in 2022 that China will increase the severity and frequency of cyber attacks against the US. I expect the delisting of Chinese companies in 2022 on NYSE/NASDAQ that will add to the global drama. The international relations between the superpowers has already deteriorated to a new low and will continue to fracture.
CTO & Founding Partner SecurityCurve
Passwords are a challenge, no one likes having to remember a lot of different ones and stolen passwords lead to account compromise. This is why I expect 2021 to see consumers adopting password wallets/managers that generate unique passwords for each account and then store them safely. Enterprises will continue to move towards “passwordless” strategies and both consumers and enterprises will implement MFA (multi-factor authentication) such as one-time use codes via text and biometrics to improve password-only security.
Founder & CEO Secure Blink
CISO & CSO are transitioning towards a durable cybersecurity solution in compliance with the zero-trust strategy, and SASE occupies right into that space substantially.
Director at Cyber Consultancy Services (CCS) Limited
Standards such as ISO27001 (information and data security) will become more important to smaller businesses, as their larger customers start to demand proof that they can look after any data or information shared with them. If you can't prove how secure you are (and have it independently verified) then you’re not secure!
Security Awareness Advocate, KnowBe4