Security Predictions for 2022 and Beyond
With the year in full swing, we thought it better late than never to take a look at the predicted security threats and trends for 2022 and beyond. When it comes to cyber security, experts are generally expecting another sharp rise in the number of targeted malicious attacks and further evolution in their sophistication. There are also some positive factors being predicted, however, as we become a little wiser to the risks and a little more receptive to the idea of protecting ourselves.
Lets start with a very quick recap of the events that shaped the security sector in 2021. Phishing attacks were off the charts as threat actors exploited dramatic increases in home working trends - where security measures are less stringent and support was more difficult to deliver when it was needed. The cost of ransomware attacks on companies hit record numbers. Organisations that were late to embrace digital transformation were forced to sign up to services and to implement them in a hurry, without proper due diligence, with rushed configuration and with limited or no inclusion of security into the implementation plans. Originally hesitant consumers started to feel the draw toward Internet of Things (IoT) devices and turned in their droves to smart speakers, smart living appliances and smart watches.
Expected Trends this Year
In many ways the experts are predicting a similar trend over the next couple of years, but with some notable differences. Most seem to agree that criminals will make further efforts to exploit unpatched systems and weaknesses in rushed network configurations and platform and cloud services adoptions. Attacks on cryptocurrencies will feature again this year and all experts agree that we’ll see criminals finding new ways of targeting emerging technologies. At the top of all the experts’ lists is a rise in attempts to crack cloud technologies. From a positive standpoint, security professionals are predicting 2022 to finally be the breakthrough year for embracing and investing in security measures. Boards of directors are beginning to wholly understand the importance of protecting their environment and how a small upfront investment can be dwarfed by the cost of the consequences of not investing.
There are tens of reputable reports out there to sink your teeth in to if you feel so inclined, we like the predictions by Trend Micro. To make things a little easier for you, we’ve taken the time to filter through some of the various reports out there and to compile a list of highlights which we feel may be of interest.
Starting with Trend Micro, they predict a further increase in the number of attacks on cloud services as they continue to gain popularity among SMEs in particular. Due diligence remains an effective approach to combat these attacks so do your homework and make sure your provider is secure. Embrace the shared responsibility model for cloud security, you also have a part to play in ensuring your data is secure. Threat actors will continue to use Phishing attempts to hook their victims but Trend also expect an increase in the ‘shift left’ philosophy from a criminal standpoint, with targets being made on development tools and other interlinked systems - as they are seen as a less secure entry point. Ransomware threats are likely to become more targeted and aimed more at breaching servers than endpoints, mostly because these are less likely to be the focus of security efforts by a company. As a slight twist on standard zero-day attacks, threat actors will find it easier to look to security update patches to help them identify weaknesses and then exploit the vulnerabilities between the time an update is made available and the time it is actually installed by the end user. Trend Micro also see a rise in IoT threats as they become more commonplace in our homes and offices. These present an easy route into the network if they are not properly secured. Smart car data is already being tipped as the next big thing to look out for, with suggestions of it being a multi-billion dollar industry. Finally, expect to see a further increase in supply chain attacks. As businesses themselves become more security savvy, criminals will look to their supply chain for a way to get their hands on their data. Suppliers often won't have security practices on the same level as yours.
Kaspersky Labs predicts a renewed interest in mobile devices. They agree that we should be wary of a rise in supply chain attacks and targeted commodity threats, as people continue to work from home and are slower to update their end devices with security patches.
McAfee believe we’ll see nation states turning to social media a little more as a way to target their victims. Fake profiles and group pages will be designed to gain access to your contact lists and to identify your interests. Threat actors will attempt to hack influencer accounts to use fake posts as a means of getting their messages out to the masses. They also predict that nations states will start leveraging known cybercriminals to help them gather intelligence. We're seeing this already in the events unfolding in Eastern Europe. They predict ransomware attacks to continue but in a far more targeted capacity. Poor cloud configuration and slow patch updates are weaknesses that they expect to be exploited.
BAE Systems mention a focus on employee devices rather than business owned devices as they are often less secure and could provide an easier route into a network. They see a rise in attacks on IoT devices and predict that with borders opening up again following the pandemic, there may be an increase in attacks on payment systems now that criminals can cross borders again to collect their stolen funds.
As you can see, the predictions made the big players in the security industry are closely aligned. The key take-aways in our opinion are to stay on top of patching and updating your devices, to take all necessary precautions when using cloud services, to secure your IoT devices and to consider any potential threats that lie outside your organisation but have a defined way in, such as supply chain and development tools.
The experts agree that a layered approach to security is the only option most likely to give you a desired level of success in protecting your business. This means a top-of-the-line anti-virus alone is no longer enough. You need to compliment a good anti-virus with sound security best practices, with strong passwords, access control, user awareness/training and by incorporating security into all elements of the business - including development and supply chain.
If any of this seems a little overwhelming, at ITbuilder we are always on hand to offer advice on protecting your business.