Experts’ Responses: Cyber Security Predictions 2022

By   muhammad malik
Chief Editor , Information Security Buzz | Dec 21, 2021 04:17 am PST

As we are about to charge into 2022, it’s time to ask: so what will happen next year with cybersecurity? We reached out to industry leaders and experts with diverse backgrounds to find out what is the most important cybersecurity predictions for 2022, and below we are detailing the experts’ responses as we are receiving.

Notify of
29 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Andy Robertson
Andy Robertson , Head of Enterprise & Cyber Security
January 21, 2022 12:57 pm

<li>Trust will be maintained by Zero Trust Architecture in the hybrid working world </li>
<li>IT and OT cyber security will both be the CISOs concern </li>
<li>True Business Continuity will require greater levels of collaboration and real-time insights</li>
<li>The strongest form of defence … will come from being attacked (particularly where one of the most critical vulnerabilities to watch out for in the years to come is the open source software Log4j)</li>
<li>Turning the tide on security alert fatigue</li>

Last edited 2 years ago by Andy Robertson
Steve Luke
Steve Luke , Director of Content, MITRE ATT&CK Defender
January 14, 2022 9:16 pm

<p dir=\"ltr\"><strong>1. Increased cloud migration leaves gaps in cyber jurisdiction.</strong></p>
<p dir=\"ltr\">The industry has already witnessed a great migration to the cloud over the past couple of years, and that’s going to continue considering all of its benefits. However, this also means that cloud providers such as Amazon and Google will need to partner with smaller organizations and their respective SOCs. This separation between visibility and authority will leave gaps in which adversaries can live. Similar to how criminals often head for state lines after committing a crime, there could easily be confusion and an authority grey area in the cloud cyber realm as well.</p>
<p dir=\"ltr\"><strong>2. Defenders need to impose most costs on malicious cyber actors</strong></p>
<p dir=\"ltr\">Ultimately, cybersecurity is just a means to an end for both attackers and defenders, for example, producing a product or service without having to endure the cost and time associated with R&amp;D. Currently the cheapest, easiest, and lowest risk approach is often cyber. Considering that nation-states aren’t going to ever stop trying, the only way to really fight back is to hit them where it really counts: their wallets. A threat-informed defense, including threat hunting and adversary emulation, has high potential to make cyber-attacks cost more than they’re worth for the adversary.</p>
<p dir=\"ltr\"><strong>3. Purple teaming becomes a highly sought after defensive cyber strategy.</strong></p>
<p dir=\"ltr\">Current cybersecurity approaches of defense in depth and basic cyber hygiene are great foundational strategies for organizations to implement in order to strengthen their cybersecurity posture. However, the list of things to block or patch is growing exponentially, making these methods difficult to keep up with. That being said, in order for attackers to develop a brand new tool or technique from square one requires a large, technically-focused team to conduct extensive research and testing to find a new approach, take the time to train their teams on how to use it properly, and then finally deploy it. If defenders can effectively defend against existing techniques, in addition to practicing good cyber hygiene, they’ll impose more cost on malicious actors. This is where purple teaming comes in as a robust and repeatable approach that also is a collaborative effort across the cyber community. Purple teaming helps defenders understand and more effectively identify and prevent those malicious techniques.</p>
<p dir=\"ltr\">Purple teaming is a collaborative effort between adversary emulation and threat hunting. Adversary emulation simulates realistic malicious techniques with the purpose of evaluating and helping improve defenses. In a purple teaming event, cyber defenders gain valuable insight about what realistic malicious techniques will look like in their network and how they are impacted by existing defenses. In collaboration with the adversary emulation, defenders can design, test, and tune new defenses iteratively and confidently improve at a quick pace.</p>

Last edited 2 years ago by Steve Luke
Willem Hendrickx
Willem Hendrickx , SVP International
January 5, 2022 10:46 am

<p><strong>Cloud Security</strong> </p>
<p>Ransomware will shift to exfiltrating and encrypting cloud data. While this has sometimes happened by attacking third-party processors of data (see recent example of Labour Party member data being ransomed in the UK), 2022 will be the year where data which is on the customer’s side of the “shared responsibility” model undergoes direct attack by one or more ransomware gangs</p>
<p>We’re also going to see an increase in the frequency of public take-down of ransomware gangs; increased formal oversight over Information Security due to the prevalence of ransomware attacks, and the woeful under preparedness of many public sector entities to address the threat. Finally, we’ll see a relative reduction in ransomware outcomes versus data loss or exfiltration outcomes, as Human Operated Ransomware is detected and stopped before it goes nuclear.</p>
<p><strong>Security professional shortage / growing demand for MDR services and automation</strong> </p>
<p>While managed security services will continue to grow in volume, a non-trivial subset of organizations will meet talent shortfalls with automation, orchestration, and analyst-augmenting A.I — they’ll recognize that outsourcing business context to an external entity can be exceptionally difficult, and a few well-equipped and supported internal resources can be more effective than an army of external resources.</p>
<p>MFA (multi-factor authentication) is being enforced by some of the major tech giants including Microsoft and Google. This is in large part because attackers continue to have success stealing credentials and bypassing basic authentication, however, while MFA is a step that everyone should take — criminals continue to prove that it’s not enough to keep them out. In some cases, criminals are even using bots to help them work around MFA and this will continue to be an uphill battle for organizations. As a result, we’ll see more organizations turn to AI-driven security tools to help stop attacks that make their way past MFA.</p>

Last edited 2 years ago by Willem Hendrickx
Theresa Payton
December 30, 2021 1:18 pm

<ul dir=\"ltr\">
<li><strong>Say hello to the evolution of Ransomware</strong>. 2021 has been a banner year for Ransomware. Whether it was the Colonial Pipeline, Kaseya, Twitch attack or the multiple ransomware attacks that went unreported this year, cybercriminals have very successfully been able to employ these attacks for a lucrative payoff – and in 2022 it will only get worse. In 2022, Ransomware will successfully hit a cloud service provider that houses business systems. They will lock up both the backup and the operations making it very hard not to pay the ransom. We saw how the AWS outages last month were able to cripple businesses, and we can be sure that bad actors took notice as well.</li>
<li><strong>2022 is the advent of accelerated and unabashed hacking</strong>. In 2022, I predict that cyber operatives will successfully hit a mid-market financial institution — and in their wake, they will disclose they stole a significant amount of money. When the disclosure is public, AI-powered chatbots, mimicking human behaviors on social media, will create global sentiment issues about the stability of banks by posting misinformation online and sharing news stories that appear legitimate. As the posts gain momentum, real people engage, creating confusion about the stability of the markets. Because of this, market models — powered by artificial intelligence that surfs the Web looking for leading indicators — quickly become overwhelmed with the negative press and process \"sell\" orders for the financial sector writ large, causing people to panic and withdraw funds and/or flood the system with requests causing a mini Black Swan event. </li>
<li><strong>Extended Reality (XR) Will Experience Its First Major Hack</strong>. In 2022, we will begin to see XR — which includes AR, VR and MR — used to conduct global gatherings without travel, hug the sick and the lonely remotely, train children in a way that\’s more emotionally supportive while remote, and more. XR thrives on collecting every detail about you to ensure it can deliver a superior experience. XR surpasses AI mining your digital tracks; it also records your emotional reactions as you interact with XR. The combination of detailed and personal data mixed with your unique emotions to an experience is valuable to 3rd party marketers, employers, potential life mates, and yes to cyber operatives with nefarious intent and the Nation States. A central XR platform will be hacked, and the consequences for future identity theft and social engineering will be beyond comprehension and beyond cybersecurity\’s ability to provide a counterattack. </li>
<li><strong>AI Drives Misinformation Campaigns Without Human Intervention</strong>. In 2021, artificial intelligence programs trained by cyber operatives will look for trending topics, social media sentiments, and news headlines. The AI programs will write social media posts, news articles, blog posts and more. Using algorithms to monitor effectiveness and engagement, AI will launch misinformation campaigns designed to promote or attack a trending topic or hashtag without human intervention. </li>

Last edited 2 years ago by Theresa Payton
Mihir Shah
Mihir Shah , CEO
December 30, 2021 1:12 pm

<li>Cybercriminals and ransomware are evolving: from hitting only single organizations and/or individuals to attacking MSPs, where they could target multiple organizations with one fell swoop (e.g., Kaseya ransomware attack perpetrated by the REvil group).</li>
<li>Cyber insurance became increasingly critical: and it wasn’t just for large enterprises anymore. Small and medium sized enterprises invested, many for the very first time. Yet, confusion and frustration over what it does and does not cover continues.</li>
<li>Enterprises recognized the need to protect themselves against a ransomware-related class action lawsuit: and began preparations for a worst-case scenario. Enterprises also increased their focus on data protection, particularly PII, as well as their ability to demonstrate that every possible precaution was taken to prevent and recover from an attack</li>

Last edited 2 years ago by Mihir Shah

Recent Posts

Would love your thoughts, please comment.x