Experts’ Responses: Cyber Security Predictions 2022

As we are about to charge into 2022, it’s time to ask: so what will happen next year with cybersecurity? We reached out to industry leaders and experts with diverse backgrounds to find out what is the most important cybersecurity predictions for 2022, and below we are detailing the experts’ responses as we are receiving.

Notify of
29 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Daniel dos Santos
Daniel dos Santos , Research Manager
InfoSec Expert
December 21, 2021 2:22 pm

<p>After the huge impact of the <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">SolarWinds</a> and <a href=\"–the-supply-chain-strikes-again/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">Kaseya</a> attacks this year, we will see more frequent and severe supply chain attacks on service providers in 2022. Malicious actors will use this approach as a stepping stone to quickly gain access to and disrupt millions of customers simultaneously. This may include attacks initiated by private criminal entities or by nation states.<u></u><u></u></p>
<p> <u></u><u></u>In a race against time, security researchers and software vendors will continue to look for widespread vulnerabilities affecting fundamental software supply-chain components in the hope to fix them before they can be exploited by bad actors. Beyond the main targets of TCP/IP stacks and RTOSes in 2020 and 2021 respectively, next year could see an enlarged focus on common implementations of application-layer protocols as well as industry-specific SDKs, such as for IoT connectivity, wireless protocol stacks, and libraries used in OT devices. </p>
<p>Organisations will need to adapt quickly to the expansion of cybersecurity threats in 2022, especially when it comes to protecting critical OT infrastructure. As hybrid work has clearly become the norm across industries and more OT devices connect to corporate networks each day, IT and OT security leaders will need to consolidate teams, policies, tools, and reporting to both protect their organisations and to comply with the inevitable flood of new regulations coming down the pike.</p>

Last edited 6 months ago by Daniel dos Santos
Philip Gradwell
Philip Gradwell , Chief Economist
InfoSec Expert
December 21, 2021 2:28 pm

<p>Covid accelerated crypto, like it accelerated all digital trends, so crypto in 2022 will be shaped by the progression of the pandemic. With Omicron, it seems we are entering a ‘risk-off’ cycle, but in a world where economics and finance have been totally transformed by unprecedented monetary expansion since March 2020. So crypto demand from risk-sensitive investors will likely decrease, while it will likely increase from investors who think we are in a new monetary paradigm and so believe that new monetary technology is a good bet. Into this mix we should add retail investors. Many have made gains on their assets but may now be facing financial pressures, from new restrictions, inflation, to the end of government support programmes. The temptation to cash in those gains will be high. </p>
<p>Bitcoin will see a new wave of buyers. Institutional investors have been watching bitcoin closely in 2021, given its all time highs. If my conversations are anything to go by, many have gone further: building strategies and selecting service providers. Now they are raising funds with a crypto allocation, which could be deployed in 2022 – especially if ESG concerns can be met. The big question is whether the institutions that entered in Q4 of 2020 and Q1 2021- the majority of recent, new institutional buyers – decide to sell to this next wave. If so, then the price pressure will be muted as new demand is balanced by their sales. But if everyone continues to hold, then price pressure could increase significantly given the supply of bitcoin that is readily available to buy is at historical lows.</p>
<p>The race is on to be the app store for crypto. In 2021, consumer’s options to buy crypto were greater than ever before, as fintechs competed with crypto exchanges. But also in 2021, DeFi and NFTs demonstrated that more can be done with crypto than just investing. However, these use cases are only available outside of the main consumer services. A major lesson of Web 2.0 was that consumers love platforms, and I don’t think that is going to change for Web 3.0. Currently there is no crypto platform that owns the customer relationship and aggregates suppliers. I predict that in 2022, many companies will race to build this platform, with Coinbase in the lead as it integrates DeFi and NFTs. </p>

Last edited 6 months ago by Philip Gradwell
Craig Lurey
Craig Lurey , Co-Founder & CTO
InfoSec Expert
December 21, 2021 2:34 pm

<p>2021 isn’t even over, and yet we’ve seen a record number of cyberattacks and data breaches. We expect this to escalate in 2022 with the permanent shift to a remote workforce for many organizations. There are growing concerns around data leaks as employees remotely access corporate data and infrastructure from company-issued and personal devices like laptops and mobile phones. These devices and employees are, unfortunately, prime targets for data leakage and device infection. Additionally, the expanded usage of cloud-based services and data storage also expands the footprint and potential sources of data leaks, whether accidental or through 3rd party breaches.</p>
<p>The most important thing business leaders can do when it comes to remote work vulnerabilities is to develop strong access management protocols. This means establishing a zero-trust framework as a non-negotiable component of any security implementation. Additionally, the 3rd party cloud providers used by companies must be scrutinized for their data protection methodology and overall security culture.</p>

Last edited 6 months ago by Craig Lurey
David Maidment
David Maidment , Senior Director Secure Device Ecosystem
InfoSec Expert
December 21, 2021 2:41 pm

<p>As the growing number of IoT devices has soared, the ecosystem has uncovered a number of security challenges in the bid to make devices more secure, while adhering to the maturing regulatory landscape. In the last three years, an ecosystem of over 50 partners have collaborated around PSA Certified in order to provide a common framework around IoT security, which is critical to our connected future. Having a program that encourages broad adherence to regulations and that drives a common language in the growing ecosystem is vital. </p>
<p>In 2022, we expect perceptions of IoT security to shift from it being a cost to a necessary value. With laws, regulations and baseline requirements changing the way we see security, there’s a growing recognition of the importance of best-practice security and the risks of inaction. Third-party evaluation and certification frameworks will continue to play an increasingly central role in driving consistency across markets and to building trust and assurance in connected devices. </p>
<p>This coming year, we anticipate that the ecosystem will take proactive IoT measures to protect devices based on the Root of Trust. Moving away from siloed approaches to hardware security, leveraging cross-industry collaboration and embracing a secure-by-design culture will act as a catalyst for trusted IoT deployment at scale.</p>

Last edited 6 months ago by David Maidment
Ian McShane
Ian McShane , Field CTO
InfoSec Expert
December 21, 2021 2:47 pm

<p>We’re currently stuck in a culture of ‘the here and now’ around ransomware. The National Cybersecurity Centre’s (NCSC) latest report on the UK’s ‘hacking epidemic’ suggests ransomware is an established threat the government is finally waking up to. Soon though, they will realise this is just the start of a bigger cybersecurity challenge UK businesses will face heading into 2022. </p>
<p>One discussion currently being overlooked is the ever-more complex and evolving threat landscape businesses need to prepare for next year. While ransomware is here to stay, soon it will be recognised there is a bigger issue at play here – the entry point. Often technology is considered to be the first line of defence, but the first line of defence is actually users. Right now, people don’t consider standard technology and users part of the greater supply chain because it does not feel like a security issue. The fact is simply using email is a supply chain concern. </p>
<p>Companies will therefore learn they’ll need to shift their security mindset. Instead of focusing on what to do reactively after being attacked, they will learn how to predict and bolster their security posture by using data science to model scenarios that can highlight any potential weaknesses in the supply chain. This, though, will only come in tandem with greater transparency and we’ll need to decriminalise and destigmatise the “scarlet letter” that comes with disclosure. Rewarding businesses for proper security behaviour and giving them more visibility into how incidents are handled will encourage them to be more security-conscious, and means they’ll be in a much better position to combat the evolving cyber threats coming their way next year.</p>

Last edited 6 months ago by Ian McShane
Thomas LaRock
Thomas LaRock , Head Geek
InfoSec Expert
December 21, 2021 2:52 pm

<p>Securing the enterprise in 2022 by normalizing risk aversion: Cybercrime has reached a new peak with the onslaught of ransomware attacks and data breaches in the last several months. The 2021 SolarWinds IT Trends Report details how organizations experienced medium exposure to enterprise IT risk over the past year. Although the survey respondents felt their existing risk mitigation and management policies/procedures were sufficient, it’s absolutely critical for organizations and tech pros to adopt a mentality where even “medium” risk exposure is unacceptable.</p>
<p>We expect to see two trends emerge in 2022 in response to the evolving threat landscape. As the rate of attacks continues to accelerate in lockstep with hackers’ attack methodologies and schemes developing at scale, more tech professionals and organizations will look to cloud service providers, managed service providers (MSPs) and managed security service providers (MSSPs), and other third-party security tools (like those offered by Microsoft 365® subscriptions) to supplement their own IT policies and keep pace with the new, more effective security measures.</p>
<p>Tech pros and the IT community at large will better secure the enterprise by normalizing a sense of risk aversion—that is, moving from simply accepting the current exposure to a mindset where any level of risk exposure is unacceptable. This means beginning to evaluate and implement the principles of a secure enterprise, starting first and foremost with understanding security compromises will happen as cyber hackers deploy more sophisticated attacks. Tech pros should also implement detection, monitoring, alerts, and response along the kill chain and engage in red team/tabletop exercises to measure effectiveness.</p>

Last edited 6 months ago by Thomas LaRock
Guy Podjarny
Guy Podjarny , Co-Founder & President
InfoSec Expert
December 21, 2021 2:55 pm

<p>2021 proved that supply chains are more susceptible than ever to cyber attacks. The risk is growing largely because of the increasing reliance on proprietary and open source code and is compounded by the speed and complexity of modern apps, as well as the increasing sophistication of potential intruders. In 2022 we’d expect to see this trend continue, with geopolitical tensions still high and COVID continuing to drive businesses to become digital and embrace cloud faster.</p>
<p>However, there are things developers can do to mitigate further risk. They need to identify and fix weaknesses in the components they use, and invest in strong security hygiene practices. Security teams should embrace a DevSecOps approach, focusing on helping the people doing the work make secure decisions and investing in breaking silos and increasing automation. </p>
<p>While developers can’t stop people from attempting to hack and exploit their systems, they can stop them from succeeding. Putting security at the heart of the development process is the only way to achieve that at scale.</p>

Last edited 6 months ago by Guy Podjarny
Craig Ramsay
Craig Ramsay , Senior Solution Architect
InfoSec Expert
December 21, 2021 7:58 pm

<p><span data-contrast=\"none\">Intelligent unification will be a major trend in 2022 in the Identity Management space – in other words, a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, and the contexts through which they have the access will be crucial in reducing identity related risk. By breaking down these siloes and sharing information across these boundaries adapting to new identity challenges as they arise will become easier.</span><span data-ccp-props=\"{}\"> </span></p>
<p><span data-ccp-props=\"{}\"> </span></p>
<p><span data-contrast=\"none\">The sharp uptick in cloud adoption and SaaS offerings will continue across the board, which will make it easier for organizations to increase the services they’re consuming. With this trend in mind, any solution providing Identity Management and/or Identity Governance capabilities must provide versatile configurability to integrate and scale with the future and changing needs of businesses. Combining this configurable flexibility with increased identity analytics means we will start to see intelligent unified governance platforms that enable huge reductions in manual effort in implementing, managing, and interacting with Identity Management processes.</span><span data-ccp-props=\"{}\"> </span></p>
<p><span data-ccp-props=\"{}\"> </span></p>
<p><span data-contrast=\"none\">This shift to more and more autonomy in these processes is another trend I envisage growing throughout 2022. Right now, Identity Management is stuck in a hybrid of manual and semi-autonomous actions. Whilst there will always be a need for some level of human decision making when it comes to the most critical applications and sensitive data, a unified approach to identity will greatly reduce manual effort. This will be realized through increased automation and intelligent decision support where automation is not suitable.*</span></p>

Last edited 6 months ago by Craig Ramsay
Jonathan Reiber
Jonathan Reiber , Senior Director of Cybersecurity Strategy and Policy
InfoSec Expert
December 21, 2021 10:43 pm

<li>Over the coming year, trends indicate an increased focus on cybersecurity prioritization at the organizational and national level to improve cybersecurity effectiveness </li>
<li>Over the course of 2022, MITRE ATT&amp;CK will continue its movement from a niche tool used by experts to become a foundational element of cybersecurity management with increasing resonance in the C-suite</li>
<li>The connection between healthcare services and technology will continue to tighten, elevating risks in the healthcare sector — particularly from ransomware – driving further investments in telehealth functions, like mobile technology, and enterprise cybersecurity</li>
<li>Trends indicate increasing pressure to regulate the spread of disinformation on social media, including with practical recommendations for amending Section 230 of the Communications Decency Act</li>
<li>The crackdown on spyware and hacking tools will continue and could lead to a consequent development of spyware capabilities on the global black market. On the defensive side, trendlines indicate a growth in mobile device cybersecurity solutions </li>

Last edited 6 months ago by Jonathan Reiber
James Condon
James Condon , Director of Threat Research
InfoSec Expert
December 21, 2021 10:48 pm

<p><strong>The first prediction for 2022, is Linx and Cloud infrastructure are going to be emerging targets of malware and ransomware attacks.</strong> <br />Whether carried out with malicious intent or not, insider threats open the door for threat actors to gain access to critical information. Over the past year, there has been a sharp increase in demand for direct access to business environments in the underground markets and as a result, we’ve seen an uptick in hackers targeting employees directly or through posts on hacking forums in hopes of recruiting them for insider efforts. </p>

Last edited 6 months ago by James Condon
Greg Foss
Greg Foss , Senior Cybersecurity Strategist
InfoSec Expert
December 21, 2021 10:51 pm

<p dir=\"ltr\">Whether carried out with malicious intent or not, insider threats open the door for threat actors to gain access to critical information. Over the past year, there has been a sharp increase in demand for direct access to business environments in the underground markets and as a result, we’ve seen an uptick in hackers targeting employees directly or through posts on hacking forums in hopes of recruiting them for insider efforts. </p>

Last edited 6 months ago by Greg Foss
Andy Green
Andy Green , CISO
InfoSec Expert
December 21, 2021 10:54 pm

<p><strong>ZTA and SASE models will gain significant traction to support hybrid working</strong></p>
<p>2021 was expected to be the year when we all returned to normal working practices and business as usual, but as we saw just last week, the Prime Minister’s Plan B mandates that we continuing to work from home where possible. Therefore the disruption to traditional working practices continues and the trend towards greater decentralisation it set to continue into 2022.</p>
<p>What does this mean for security? Two of the key security models that will meet the new hybrid working paradigm and consequently will see significant traction in 2022 are Zero-Trust Architectures (ZTA) and Secure Access Service Edge (SASE). Zero-Trust Architectures are designed to focus security on per-request access decisions and is particularly well suited to architectures that have significant cloud services. SASE takes this further and incorporates next-generation networking capabilities including SD-WAN. We predict that many organisations will realise the benefits of moving security controls and countermeasures out of legacy data centres and into the cloud and this will lead to consolidation of these technologies into cloud-native security portfolios comprising of Secure Web Gateways (SWG), Firewall as a Service (FWaaS), Identity as a Service (IDaaS) and Cloud Assess Security Broker (CASB), for example.</p>
<p><strong>Agility will be key to countering zero-day exploits and ransomware attacks</strong></p>
<p>Next year will see cyber attacks continue to evolve. Supply Chain attacks will continue to be a key attack path of choice for malicious groups. Hybrid working has also increased the potential attack surface as new applications are being used for conducting business such as cloud apps and collaboration platforms. This combined with the proliferation of hacking tools may lead to an increase in the number of exploits (including zero-day exploits) used to compromise systems. 2021 saw almost double the number of zero-day exploits compared to 2020, and the highest number ever on record.</p>
<p>Another trend that is almost certain to continue is the evolution and prevalence of ransomware attacks. 2021 saw exponential growth in ransomware and this is set to continue well into 2022. Multi-staged attack chains will become more prevalent in the delivery of ransomware, for example phishing attacks, leading to malware loaders, to secondary loaders and information stealers and onto ransomware. (i.e. Phishing – Emotet – Trickbot – Ryuk). In the face of this increased number of infections and ransoms, we can expect to see cyber insurance premiums continue to surge – we saw increases of over 50% last year as insurers seek to keep pace with the claims.</p>
<p>Overall, the key maxim in security for 2022 will be agility. Ensuring agile security strategies are in place that allow for your organisation to adapt and respond to the uncertain year ahead will be paramount.</p>

Last edited 6 months ago by Andy Green
Tom Hegel
Tom Hegel , Security Researcher
InfoSec Expert
December 21, 2021 10:56 pm

<p dir=\"ltr\"><b>Nation-state attackers will target the security community.</b></p>
<p><span id=\"m_402242283179215984m_-3965150076704466498gmail-docs-internal-guid-1e5e8b89-7fff-29b3-c264-33ce4ed32eb8\">In 2021 we saw some initial attempts from nation-state hackers who targeted vulnerability researchers in an effort to acquire their zero-days. While the attacks were not successful, this is a trend that we predict will continue into 2022. Cybercriminals are recognising the value of the information, vulnerabilities, tools and threat intel coming from private sector security companies. As a result, there will be increased value placed on offensive research products and they will become more of a target for attackers.</span></p>

Last edited 6 months ago by Tom Hegel
Eyal Elyashiv
InfoSec Expert
December 21, 2021 11:03 pm

<p><span style=\"font-weight: 400;\">Businesses and governments are in a vulnerable state, with cyberattacks proliferating every industry and at greater speed, scale and sophistication, organizations need to make bold moves to succeed in this fight. Cybercriminals are opportunistic and capitalized during the pandemic when critical infrastructure had to move operations online nearly overnight. Organizations need to utilize protection capabilities to bridge the gap that was created in the rapid transition to the cloud during Covid. Attackers, terrorist groups and political activists are going to be using advance technological capabilities to progress their agendas and carry out more sophisticated and widespread attacks when business and the global economy was in survival mode. In the coming year, we’ll see more of this taking place, cybercrime is an iterative process; just as our solutions and technologies get smarter, so do the very criminals who seek to take down corporations and governments for ransom.</span></p>
<p><span style=\"font-weight: 400;\">Just like organizations are using AI to cut through the noise and provide predictive rules, curating intelligence beyond what the human brain is capable of, cybercriminals are also taking advantage of this technology. AI can be found on both sides of the coin, arming these opportunistic bad actors, providing them the intelligence to study and target organizations through things like random memory attacks, identifying specific vulnerabilities, exposing weaknesses, and launching custom attacks that go undetected due to no actual misconfiguration. Organizations need to fight machines with machines, to overcome, outsmart, and dead end these attackers.\"</span></p>

Last edited 6 months ago by Eyal Elyashiv
Oliver Cronk
Oliver Cronk , Chief IT Architect, EMEA
InfoSec Expert
December 22, 2021 12:32 pm

<p dir=\"ltr\">Supply chain attacks are not as frequent as others however they have the potential to cause exponentially more harm. This was evidenced in the 2020 SolarWinds hack and 2021\’s<a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\"> codecov</a> and <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">NPM project</a> attacks. The “one-to-many” opportunity afforded by a successful supply chain compromise makes it an attractive option and worthy of attackers\’ time and resources. For this reason we believe that 2022 will see more attacks against software supply chains by both criminal and nation state actors.</p>

Last edited 6 months ago by Oliver Cronk
Joseph Carson
Joseph Carson , Chief Security Scientist & Advisory CISO
InfoSec Expert
December 22, 2021 12:46 pm

<li>The Brink of a Cyberwar – Countries Collaborate to Strike Back</li>
<li>Identity is the New Perimeter and Access is the New Security</li>
<li>Hacking E-Sports – Hacking Becomes a Mainstream Sport</li>
<li>Zero Trust Becomes the Baseline – Future-Proofing Security Risks</li>
<li>Cryptocurrency to Get Regulated – The Crypto Heartbeat</li>

Last edited 6 months ago by Joseph Carson
Kevin Hanes
Kevin Hanes , CEO
InfoSec Expert
December 22, 2021 1:01 pm

<li>Ransomware attacks will continue to increase and someone finally pays the full price for meeting demands.</li>
<li>The line between cybercrime and nation-state attacks will continue to blur.</li>
<li>The cybersecurity workforce shortage and skills gap won’t improve.</li>
<li>OT environments will be subject to the cyber “perfect storm.”</li>
<li>COVID’s impact on phishing attacks and WFH security is more bark than bite.</li>

Last edited 6 months ago by Kevin Hanes
Ian Jennings
Ian Jennings , Managing Director
InfoSec Expert
December 22, 2021 4:54 pm

<p>One of the biggest, and most serious, cyberthreats that companies face today is from ransomware. To illustrate the point, PwC UK claims that its threat intelligence team has tracked more ransomware incidents globally up to September this year than for the whole of 2020. In 2022, despite security teams’ best efforts to mitigate this threat, the cybercriminals will inevitably remain one step ahead and the scale of attacks will increase and become ever more sophisticated.</p>

Last edited 6 months ago by Ian Jennings
Simon Whitburn
Simon Whitburn , General Manager and Vice President of International Busines
InfoSec Expert
December 22, 2021 5:03 pm

<p><strong>Artificial Intelligence (AI) will transform legal GRC by helping to sharpen the focus and direction of investigations.</strong></p>
<p>Advanced computer processing techniques, together with Natural Language Processing (NLP) and deep learning will be used in other disciplines that come under the legal GRC banner, such as digital forensics. These processes typically share many of the same evidence processing and review stages as used in e-discovery. </p>
<p>In the forensics process, AI is currently being used for tasks such as image labelling to eliminate time spent on repetitive tasks but we expect it to give rise to truly smart technology during 2022. The emergence of a ‘virtual partner’ who can work alongside the investigator promises to transform working practices. The virtual partner’s role will go beyond simply expediting tasks, to reveal contextual insights across the data. It will even be able to guide the investigation, helping to significantly reduce workloads and shorten time to resolution. </p>

Last edited 6 months ago by Simon Whitburn
Jason du Preez
Jason du Preez , CEO and Co-founder
InfoSec Expert
December 22, 2021 5:36 pm

<p><strong>Data protection shifts beyond what is legal to what is ethical </strong></p>
<p>Execution focus for 2022 will remain on how to efficiently deliver self-service access to data, navigating the increasingly complex web of regulatory and legal requirements including data sovereignty, data protection and industry specific regulations. Through use of modern data provisioning tools, more data will be available for decision making and innovation in a way that ensures consumer trust. At the same time, board rooms will give more thought to the ethical considerations around data use – how do we ensure the sins of the past are not propagated by AI at massive scale, how do we ensure data is not inappropriately weaponized to drive unbalanced outcomes and how do we safeguard civil liberties under threat through mass surveillance? Ethical considerations are inextricably tied to culture, and so while there will be no single solution to these challenges, work must be done to ensure we have a common framework of understanding and the right checks and balances are embedded.</p>
<p>We have seen hype over big data, the promise of AI, and the need for privacy. The pandemic has accelerated our paths here and forced some key realizations:   <br />If we want to realize the value of data we need discipline and control. We need to think carefully about the data we need, the cost to appropriate, store and protect it and balance this with the potential upside. A policy driven approach to the controls we put on data use will become the norm.</p>
<p>Value creation happens at the point of consumption. For data to realize a return, we need to get it efficiently into the hands of analysts and data scientists and time to data is a key metric here. More business intelligence and data science teams will carry targets aligned to commercial success.</p>
<p>Organizations that value data, will value privacy. The idea that data protection needs to be intrinsic to systems and consistently applied at all points of consumption will go mainstream.</p>

Last edited 6 months ago by Jason du Preez
Mike Puglia
Mike Puglia , Chief Strategy Officer
InfoSec Expert
December 23, 2021 11:28 am

<li><strong>Cloud-Based Threats -</strong> Due to the evolving threat landscape and the prevalence of remote and hybrid work environments, security will continue to be top-of-mind for organisations. MSPs must take on more of an advisory role than in the past to ensure their clients are adequately protected while enhancing their technology stack and security strategies</li>
<li><strong>Remote Work Security with Digital Nomads -</strong> Organisations must be able to completely manage and support the user and their devices remotely – including patching, anti-virus/anti-malware, and live assistance and they must implement a robust identity management system supporting user policies across devices and SaaS applications</li>
<li><strong>A battle for talent with skill shortages -</strong> Automation will play a key role in an increasingly tight labour market. MSPs must maximise productivity by automating manual processes like patching and reporting, allowing technicians to focus on higher-level tasks that move the business forward, improving retention in an IT market with very low unemployment</li>

Last edited 6 months ago by Mike Puglia
Simon Mullis
Simon Mullis , Chief Technology Officer
InfoSec Expert
December 23, 2021 11:30 am

<p>One of the greatest threats of 2022 will be right under security teams’ noses: malicious activity hidden within encrypted traffic on their network. The unilateral shift towards end-to-end encryption has given rise to cybercriminals using these concealed channels to lurk undetected and silently communicate and coordinate their attacks. In the first three quarters of 2021 alone, threats over encrypted channels increased by <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\"> 314% on the previous year</a>. To avoid falling foul of cybercriminals hiding in encrypted traffic, organisations will need to completely change their approach from decryption towards behavioural analysis for detection. Because if organisations continue using the same failing detection techniques to uncover malicious activity on their network, the rate of attack using encrypted traffic will continue to grow at this rate or higher.</p>

Last edited 6 months ago by Simon Mullis
Lavi Lazarovitz
Lavi Lazarovitz , Director of Security Research
InfoSec Expert
December 23, 2021 11:31 am

<p><strong>Brand New Spots Will Help Attackers Hide in Plain Sight</strong></p>
<p>As if it’s not already tricky enough, security is going to get even more complicated thanks to new hiding places introduced by cloud, virtualization and container technologies.</p>
<p>For instance, as micro virtualization becomes increasingly popular, threat actors can isolate malware in these virtual systems while keeping it hidden from host-based security controls.</p>
<p>While these new attack techniques haven’t been seen much in the wild…at least not yet, financially motivated and nation state threat actors have been observed testing systems <a href=\"\" data-saferedirecturl=\"\"> such as Windows Subsystem for Linux (WSL)</a> — a subsystem that secures credential and authentication processes — as they look for new ways to compromise endpoint machines.</p>
<p>By running ransomware within a Linux infrastructure, for example, Endpoint Detection and Response (EDR) and other host-based endpoint security tools cannot typically identify the malicious activity, making it possible for attackers to encrypt or exfiltrate data with ease — all while hiding in plain sight.</p>

Last edited 6 months ago by Lavi Lazarovitz
Heather Gantt-Evans
Heather Gantt-Evans , Chief Information Security Officer (CISO)
InfoSec Expert
December 24, 2021 8:22 pm

<p>Ransomware is going to continue to evolve. </p>
<p>We are now seeing ransomware converging with hacktivism, where companies are being hit with ransomware just due to the hacker\’s perceptions of a businesses\’ values, industry, or actions. In these situations, the hackers are not even requesting a ransom or offering to decrypt the data. We also see that ransomware gangs now have the funds to purchase zero-day vulnerabilities that previously were only accessible to nation states.  </p>
<p>“In 2022, Ransomware-as-a-Service will continue to make ransomware more accessible to a wider range of attackers, while also paying company insiders to deploy ransomware at their place of employment. Nation states are going to continue to invest heavily in compromising identities and using \"live off the land\" attacks that are very difficult to detect because they do not use malware but instead use native operating system features to carry out their attacks.</p>

Last edited 6 months ago by Heather Gantt-Evans
Mihir Shah
Mihir Shah , CEO
InfoSec Expert
December 30, 2021 1:12 pm

<li>Cybercriminals and ransomware are evolving: from hitting only single organizations and/or individuals to attacking MSPs, where they could target multiple organizations with one fell swoop (e.g., Kaseya ransomware attack perpetrated by the REvil group).</li>
<li>Cyber insurance became increasingly critical: and it wasn’t just for large enterprises anymore. Small and medium sized enterprises invested, many for the very first time. Yet, confusion and frustration over what it does and does not cover continues.</li>
<li>Enterprises recognized the need to protect themselves against a ransomware-related class action lawsuit: and began preparations for a worst-case scenario. Enterprises also increased their focus on data protection, particularly PII, as well as their ability to demonstrate that every possible precaution was taken to prevent and recover from an attack</li>

Last edited 6 months ago by Mihir Shah
Theresa Payton
InfoSec Expert
December 30, 2021 1:18 pm

<ul dir=\"ltr\">
<li><strong>Say hello to the evolution of Ransomware</strong>. 2021 has been a banner year for Ransomware. Whether it was the Colonial Pipeline, Kaseya, Twitch attack or the multiple ransomware attacks that went unreported this year, cybercriminals have very successfully been able to employ these attacks for a lucrative payoff – and in 2022 it will only get worse. In 2022, Ransomware will successfully hit a cloud service provider that houses business systems. They will lock up both the backup and the operations making it very hard not to pay the ransom. We saw how the AWS outages last month were able to cripple businesses, and we can be sure that bad actors took notice as well.</li>
<li><strong>2022 is the advent of accelerated and unabashed hacking</strong>. In 2022, I predict that cyber operatives will successfully hit a mid-market financial institution — and in their wake, they will disclose they stole a significant amount of money. When the disclosure is public, AI-powered chatbots, mimicking human behaviors on social media, will create global sentiment issues about the stability of banks by posting misinformation online and sharing news stories that appear legitimate. As the posts gain momentum, real people engage, creating confusion about the stability of the markets. Because of this, market models — powered by artificial intelligence that surfs the Web looking for leading indicators — quickly become overwhelmed with the negative press and process \"sell\" orders for the financial sector writ large, causing people to panic and withdraw funds and/or flood the system with requests causing a mini Black Swan event. </li>
<li><strong>Extended Reality (XR) Will Experience Its First Major Hack</strong>. In 2022, we will begin to see XR — which includes AR, VR and MR — used to conduct global gatherings without travel, hug the sick and the lonely remotely, train children in a way that\’s more emotionally supportive while remote, and more. XR thrives on collecting every detail about you to ensure it can deliver a superior experience. XR surpasses AI mining your digital tracks; it also records your emotional reactions as you interact with XR. The combination of detailed and personal data mixed with your unique emotions to an experience is valuable to 3rd party marketers, employers, potential life mates, and yes to cyber operatives with nefarious intent and the Nation States. A central XR platform will be hacked, and the consequences for future identity theft and social engineering will be beyond comprehension and beyond cybersecurity\’s ability to provide a counterattack. </li>
<li><strong>AI Drives Misinformation Campaigns Without Human Intervention</strong>. In 2021, artificial intelligence programs trained by cyber operatives will look for trending topics, social media sentiments, and news headlines. The AI programs will write social media posts, news articles, blog posts and more. Using algorithms to monitor effectiveness and engagement, AI will launch misinformation campaigns designed to promote or attack a trending topic or hashtag without human intervention. </li>

Last edited 6 months ago by Theresa Payton
Willem Hendrickx
Willem Hendrickx , SVP International
InfoSec Expert
January 5, 2022 10:46 am

<p><strong>Cloud Security</strong> </p>
<p>Ransomware will shift to exfiltrating and encrypting cloud data. While this has sometimes happened by attacking third-party processors of data (see recent example of Labour Party member data being ransomed in the UK), 2022 will be the year where data which is on the customer’s side of the “shared responsibility” model undergoes direct attack by one or more ransomware gangs</p>
<p>We’re also going to see an increase in the frequency of public take-down of ransomware gangs; increased formal oversight over Information Security due to the prevalence of ransomware attacks, and the woeful under preparedness of many public sector entities to address the threat. Finally, we’ll see a relative reduction in ransomware outcomes versus data loss or exfiltration outcomes, as Human Operated Ransomware is detected and stopped before it goes nuclear.</p>
<p><strong>Security professional shortage / growing demand for MDR services and automation</strong> </p>
<p>While managed security services will continue to grow in volume, a non-trivial subset of organizations will meet talent shortfalls with automation, orchestration, and analyst-augmenting A.I — they’ll recognize that outsourcing business context to an external entity can be exceptionally difficult, and a few well-equipped and supported internal resources can be more effective than an army of external resources.</p>
<p>MFA (multi-factor authentication) is being enforced by some of the major tech giants including Microsoft and Google. This is in large part because attackers continue to have success stealing credentials and bypassing basic authentication, however, while MFA is a step that everyone should take — criminals continue to prove that it’s not enough to keep them out. In some cases, criminals are even using bots to help them work around MFA and this will continue to be an uphill battle for organizations. As a result, we’ll see more organizations turn to AI-driven security tools to help stop attacks that make their way past MFA.</p>

Last edited 6 months ago by Willem Hendrickx
Steve Luke
Steve Luke , Director of Content, MITRE ATT&CK Defender
InfoSec Expert
January 14, 2022 9:16 pm

<p dir=\"ltr\"><strong>1. Increased cloud migration leaves gaps in cyber jurisdiction.</strong></p>
<p dir=\"ltr\">The industry has already witnessed a great migration to the cloud over the past couple of years, and that’s going to continue considering all of its benefits. However, this also means that cloud providers such as Amazon and Google will need to partner with smaller organizations and their respective SOCs. This separation between visibility and authority will leave gaps in which adversaries can live. Similar to how criminals often head for state lines after committing a crime, there could easily be confusion and an authority grey area in the cloud cyber realm as well.</p>
<p dir=\"ltr\"><strong>2. Defenders need to impose most costs on malicious cyber actors</strong></p>
<p dir=\"ltr\">Ultimately, cybersecurity is just a means to an end for both attackers and defenders, for example, producing a product or service without having to endure the cost and time associated with R&amp;D. Currently the cheapest, easiest, and lowest risk approach is often cyber. Considering that nation-states aren’t going to ever stop trying, the only way to really fight back is to hit them where it really counts: their wallets. A threat-informed defense, including threat hunting and adversary emulation, has high potential to make cyber-attacks cost more than they’re worth for the adversary.</p>
<p dir=\"ltr\"><strong>3. Purple teaming becomes a highly sought after defensive cyber strategy.</strong></p>
<p dir=\"ltr\">Current cybersecurity approaches of defense in depth and basic cyber hygiene are great foundational strategies for organizations to implement in order to strengthen their cybersecurity posture. However, the list of things to block or patch is growing exponentially, making these methods difficult to keep up with. That being said, in order for attackers to develop a brand new tool or technique from square one requires a large, technically-focused team to conduct extensive research and testing to find a new approach, take the time to train their teams on how to use it properly, and then finally deploy it. If defenders can effectively defend against existing techniques, in addition to practicing good cyber hygiene, they’ll impose more cost on malicious actors. This is where purple teaming comes in as a robust and repeatable approach that also is a collaborative effort across the cyber community. Purple teaming helps defenders understand and more effectively identify and prevent those malicious techniques.</p>
<p dir=\"ltr\">Purple teaming is a collaborative effort between adversary emulation and threat hunting. Adversary emulation simulates realistic malicious techniques with the purpose of evaluating and helping improve defenses. In a purple teaming event, cyber defenders gain valuable insight about what realistic malicious techniques will look like in their network and how they are impacted by existing defenses. In collaboration with the adversary emulation, defenders can design, test, and tune new defenses iteratively and confidently improve at a quick pace.</p>

Last edited 5 months ago by Steve Luke
Andy Robertson
Andy Robertson , Head of Enterprise & Cyber Security
InfoSec Expert
January 21, 2022 12:57 pm

<li>Trust will be maintained by Zero Trust Architecture in the hybrid working world </li>
<li>IT and OT cyber security will both be the CISOs concern </li>
<li>True Business Continuity will require greater levels of collaboration and real-time insights</li>
<li>The strongest form of defence … will come from being attacked (particularly where one of the most critical vulnerabilities to watch out for in the years to come is the open source software Log4j)</li>
<li>Turning the tide on security alert fatigue</li>

Last edited 5 months ago by Andy Robertson
Information Security Buzz
Would love your thoughts, please comment.x