Digital adoption has rapidly accelerated and as a result, the threat surface has also expanded. As we look ahead to 2022, there will be new and evolving cybersecurity challenges on the horizon for CISOs.
2022 is going to be a year of building greater resiliency and integrating this into all aspects of business operations. This will require organizations of all levels to review how they are responding to a larger scale of sophisticated threats. To build on the efforts of 2021, CISOs need to address how they can implement innovation into their business without making themselves more vulnerable to damaging attacks.
There are five big trends that I see defining the market in 2022 that security professionals should pay attention to:
1. The rise of the “assume-breach” mindset
Digital transformation has been a major priority for business over the last few years. More recently, part of this journey has included the adoption of a hybrid work approach. This is a trend that I see continuing into the coming year and beyond as more organizations explore “work from anywhere” scenarios.
A hybrid work approach could deliver increased levels of productivity for employers, however SOCs need to be aware of the vulnerabilities and security risks this will expose their employers to. Already, more European organizations have increased their zero trust budgets in 2021. Zero trust adoption will extend across even more private organizations and governments to counter the growing threat landscape.
Zero trust applies the principle of fundamentally not trusting anything on or off your network and deploys a “assume-breach” mindset. With more organizations unified in their approach to addressing cyber risks, the adoption of zero trust can provide greater visibility to improve an organization’s overall security posture.
2. Innovation and new risk in 5G
Over the next year, more organizations will be looking to invest in 5G technology to gain greater connectivity capabilities. 5G adoption will enable them to create new value from existing core network assets and put their businesses on the digital transformation roadmap.
Yet, implementing 5G does not come without challenges and complexities. With 5G accelerating the growth of the Internet of Things, threat actors can take advantage of vulnerable connections and compromise smart devices to infiltrate network infrastructure.
Organizations need to ensure they are protected from all 5G associated risk. Otherwise, they face losing out on the benefits of a connected future.
3. Customization, personalization and getting personal with phishing tactics
Organizations have increased staff training and awareness as phishing scams have become more of a common occurrence. As a result, users now have a greater vigilance and can detect the most common phishing scams. To overcome this, attackers are evolving their strategies to make their attempts appear more authentic.
2022 will see phishing attacks take a more sophisticated form. Instead of relying on the usual tactics, attackers will develop their approach to leverage more customized and personalized attacks based on intelligence gained from social media outlets. These enhanced personal attacks will be harder to distinguish from genuine communications
4. Hackers will go for gold at the Beijing Olympics
Hackers will use the upcoming Beijing Olympics as an opportunity to breach the personal accounts of athletes and find incriminating email exchanges that can be leveraged in blackmail attempts.
Content regarding the use of performance-enhancing drugs and the athletes’ personal lives is vulnerable to the risk of exploitation and will be seen as a top prize by hackers. Gaining such insights could result in hackers blackmailing athletes with the threat of the release of this incriminating evidence.
5. The enterprise API ecosystem will show its vulnerabilities
Cyber criminals commonly use lateral movement techniques to infiltrate an organization’s entire network after launching their attack. This year, we have witnessed the ransomware-as-a-service group, REvil leverage Kaseya’s network management and remote control software in a ransomware attack. This affected not only Kaseya itself, but also extended to its managed service provider customers and their end-users.
Attacks on this scale are especially harmful due to their links to multiple enterprise ecosystems. Throughout 2022, hackers will increase the number of attacks that involve the lateral movement concept. They will use this concept for internal networks and apply it to an entire partner network using misconfigured enterprise APIs. This will enable threat actors to gain access into a company’s extended ecosystem.
Security teams that pay close attention to upcoming trends and challenges in the cybersecurity landscape will gain the ability to not just survive but thrive in the future.
2022 will see a growth of complexities in the security sector and organizations must be prepared to evolve their operations if they wish to stay ahead of new risks. They need to take the key learnings from 2021 and build new adaptability and flexibility into their security process to improve their overall risk posture.