Richmond, Surrey, UK, , 22 November 2021 – While 2022’s dominant cyber threats will largely mirror those faced this year, criminals will evolve their modus operandi to boost disruption and monetisation, according to Infosecurity Europe’s community of security leaders. The organisers of Europe’s number one information security event asked its network of CISOs and analysts to comment on the major trends and shifts they foresee shaping the next 12 months.
Ransomware attacks are expected to continue rising in 2022, but are likely to look different, as hackers become aware that the return on investment they can achieve by encrypting data is diminishing. “Criminals are busy exploring alternative means of monetisation,” says Rik Ferguson, Vice President of Security Research, Trend Micro. “The act of encrypting data and denying the owner access to it is actually a minor way of making money. Criminals will focus on their secondary and tertiary means of extorting money – for example threatening to release data for public exposure, contacting people who are a part of the data set and trying to exploit them, or piling denial of service attacks on top of encryption.”
This view is echoed by Barry Coatesworth, Director – Risk, Compliance and Security, Guidehouse. “Ransomware will continue to evolve, and the sophistication of the techniques criminals use will improve,” he states. “They will become more astute in what situations their victims want to avoid, to maximise payment. Attacks affecting the supply chain will probably also increase – including managed service providers (MSPs) that manage parts of infrastructure or software for other organisations, because if adversaries can get to them they can also get to many of their clients.”
Forrester’s cybersecurity and privacy team also points to the supply chain as a key target in 2022, predicting that 60% of security incidents will result from issues with third parties. Paul McKay, Principal Analyst, explains: “With cyberattacks targeting smaller vendors and suppliers, third-party incidents will increase and SolarWinds-style headlines will plague firms that don’t invest in the risk management trifecta: people, process, and technology. Technology needs will grow, requiring tools for risk assessments, supply chain mapping, real time risk intelligence, and business continuity management. We’ll also see organisations transfer third-party risks by embedding policies in contracts stipulating that the partner assumes the risk of an intruder jumping from its environment to the organisation’s.”
The insider threat is also expected to continue making organisations vulnerable with – worryingly – users and employees being brought into play by criminals looking to target critical national infrastructure (CNI).
Barry Coatesworth anticipates an increase in social engineering, which tricks users into making security mistakes or giving away information. “Threat actors have been recruiting insiders with the promise of millions of dollars if they help them gain access to an organisation’s system to install malware,” he says. “This, combined with growing attacks against operational technology (OT) systems and critical infrastructure services, could result in serious disruption, potentially even endangering human life. Improvements in deep fake technology for instance have allowed threat actors to bypass multi-factor authentication (MFA) and also elicit fraud by using faked audio.”
Countering these threats will require organisations to improve their preparedness for incidents, and build their ability to respond effectively, according to the security leaders.
For Munawar Valiji, CISO, Trainline, the recalibration of tooling and capability for the post-pandemic world will be a priority. “Organisations need to validate their use of basic security tooling – such as vulnerability management, and virus and malware protection – to make sure that they haven’t degraded against the performance expected of them. There will be more centralisation of those functions, and increased focus on automation and orchestration..”
Independent researcher David Edwards believes that cybersecurity will attract more senior leadership attention in the coming year. He says: “I think we’ll see an increase in boards taking more interest in cyber risk as spend increases. Meanwhile, vendors will align their product strategy to empower Zero Trust; however we’ll see slow adoption throughout 2022 as a result of businesses starting to compete more aggressively in the digital landscape.”
The need for individual users to recognise they have a role to play in security – and accept that this may mean compromising on speed and convenience – was highlighted by Lisa Plaggemier, Interim Executive Director, National Cyber Security Alliance (NCSA). “We’re realising that sometimes we do have to slow down a bit to be more secure,” she says. “Organisations are recognising that introducing multi factor authentication, for example, doesn't necessarily cost them customers or business, and consumers recognise it’s for their own protection. We'll see companies become less afraid of that friction. As major enterprises make those changes, people will get used to it. They’ll see it as a habit, and might even start asking companies without those controls why their security is so lax!”
Nicole Mills, Exhibition Director at Infosecurity Group, says: “Cyber-criminals are sharpening their skills and techniques, with a focus on using existing attack methods in new ways to hit organisations harder in 2022. Enterprises must be aware of the tactics attackers are likely to use to access their networks, systems and data, and prepare to respond effectively. This will require a concerted effort and commitment throughout the organisation – from the leadership team to suppliers, and right through to the individuals who use its products, services and technologies.”
The conference programme at Infosecurity Europe 2022 will cover the topics raised by the CISOs and analysts who contributed their thoughts, with presentations, talks and workshops exploring the themes across the different theatres. Infosecurity Europe will run from Tuesday 21 to Thursday 23 June 2022 at ExCeL London. Full details about the exhibition and conference programme will be released on the website in the coming months.