Last year, we shared a number of cybersecurity predictions, most of which either played out as described or are trending that way, with results that remain to be seen. In one instance Ordr CEO Greg Murphy predicted that, “Someone in the U.S. will die as the result of a ransomware attack, resulting in increased push for cybersecurity regulations in healthcare and increased cybersecurity budgets.” Tragically, according to a lawsuit filed in September of last year, that prediction came true.
This year, we asked a number of Ordr cybersecurity experts what they saw unfolding for the next eleven months and are sharing nine of the more interesting responses.
Ransomware attacks will continue to increase (Pandian Gnanaprakasam)
The impacts of double extortion and crimeware-as-a-service will continue to plague businesses worldwide. The number of victims will triple, increasing from 20% to 50%, while the number of companies that pay a ransom to recover their data will increase from 10% to 30%.
Cybercriminals will drive these increases through more aggressive tactics, including data destruction, sensitive data leaks, DDoS campaigns, targeting and breaching high-profile organizations (including wealthy families), and disrupting business operations to force enterprises to pay. We will also see a concerning increase in the use of killware in attacks that once were used to sow only ransomware.
Organizations will adopt a more holistic security strategy to address a shift from traditional endpoints as IoT, IoMT, and OT devices converge in the enterprise network. (Bryan Gillson)
Recent attacks (i.e., Colonial Pipeline) show us that we are not thinking about cyber resilience and as a result, in the case of thousands of industrial and healthcare breaches, we see loss of services (patients diverted, pipelines shut down). This happened even though the IoT/OT infrastructure was not attacked nor compromised.
This will prompt organizations to recognize that what is needed is to embrace a whole-of-enterprise approach to security that encompasses cloud-to-ground visibility, and analysis and control of all connected assets (from traditional IT to vulnerable IoT, IoMT or OT) in order to enable true cyber resilience.
Third party/Supply chain attacks will continue to increase (Brad LaPorte)
2022 will be the Year of the Supply Chain Attack. Already up 430% since 2019, the growth of these types of attacks will increase exponentially and become the #1 global attack vector. As more enterprises adopt more mature cybersecurity practices, criminals will go upstream to weaker targets that can maximize their blast radius and give them an impactful one-to-many attack ratio. Historically, attacks have been spray-and-pray; now, they will become more surgical as supply chain attacks become weapons of mass disruption.
Attackers will begin using AI to infect multiple organizations at a massive scale (Srinivas Loke)
It has taken a few decades, but adoption of automation solutions such as AI, ML, and DL has gone mainstream and worldwide. This is great news for cyber defenders, as Gartner finds “33% of technology providers plan to invest $1 Million or more in AI within two years.” The cybersecurity industry is leading the way on this trend, but easy access to open-source AI tools is both a blessing and curse. Cybercriminals have access to the same resources, and the resulting threat is multiplied by strong ideological and financial incentives to use them. This will accelerate the ability of threat actors to conduct targeted, automated attacks at a massive scale. The war of the machines is on the horizon.
Attackers are going straight to recruiting insiders for advanced attacks (Danelle Au)
Organizations have focused (rightly so) on shoring up their identity and access management capabilities, and deploying multi-factor authentication within their networks. These solutions have made it harder for attackers to bypass defenses—and so attackers are going directly to insiders. With the promise of a cut of the haul in exchange for access, ransomware gangs are bypassing traditional methods and are instead working to recruit insiders to use their privileged access to install malware directly. The tactics being used by these attackers are similar to HUMINT espionage and recruitment programs. Unfortunately, this means that every security leader now needs to consider insider-originated malware as part of their ransomware protection strategy.
Laws or sanctions won’t make a big dent in stopping ransomware and cyberattacks (Greg Murphy)
Over the last several years, the urgency in dealing with ransomware and other advanced attacks at the legislative level has grown, as illustrated with bills like Warren-Ross, a 30-country meeting led by the Biden administration to address the threat of ransomware, and efforts by the FBI to crack down on ransomware gangs. However, political and legislative efforts won’t make a difference as long as cybercrime makes sense economically, and as long as Russia has no incentive to bring threat actors to justice. One possible—though controversial—way to reduce these advanced attacks is to eliminate the anonymity associated with cryptocurrency payments. Without an easy way to pay ransom, these attacks will decrease. Additionally, more scrutiny is needed on cyber insurance, as this practice facilitates easy payments for threat actors, and has the adverse effect of fueling more cyberattacks.
Security teams should expect significant Zero Day vulnerabilities (Pandian Gnanaprakasam)
Software development has roared forward for decades without enough thought given to security implications, and we’re suffering the consequences. That was evident to security teams in 2021 with the emergence of vulnerabilities like PrintNightmare in Q2/3, and Log4j in Q4. Similar revelations will continue throughout 2022 and beyond with the evolution and use of malicious, automated scanners leveraging tools like Cobalt Strike to find and exploit new vulnerabilities. In response, software developers should emphasize security best practices, especially when working with open-source software. Manufacturers should also disclose their software bill of materials (SBOM)–nested inventory for software, a list of ingredients that make up software components–to better inform customers and users of the possible security implications of using their products.
Telehealth and telemedicine are here to stay. And healthcare organizations need to keep those systems secure. (Darrell Kesti)
The COVID-19 pandemic brought telehealth and telemedicine into the mainstream, and they are not going away even after the threat of the virus abates. For most healthcare organizations, the popularity of telehealth visits versus physical visits will be dependent on insurance providers, and whether they will pay the same amount for virtual versus physical visits. In the UK, telehealth visits are gaining in popularity because of the reduced number of physicians and the long wait time when it comes to scheduling visits. From a cybersecurity perspective, a lot of telehealth/telemedicine environments connect directly from the patient to the specific telehealth vendor, and therefore there is a lack of security visibility into these visits. That needs to change for the sake of patient and organizational safety.
In the U.S., Mayo Clinic began offering hospital-at-home care for patients with non-life-threatening conditions during the pandemic, and saw success from the strategy; not just for patients but also for freeing up space in the hospital. With Omicron and future variants being inevitable, expect that these will also be included in telehealth and telemedicine at-home care, with corresponding medical devices that also need to be secured.
Cloud infrastructure will be one of the leading attack vectors in 2022. (Brad LaPorte)
Everything is moving to the cloud—including cybercriminals. According to Gartner, by 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020. Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users. In addition, 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities. And 63% of third-party code templates used in building cloud infrastructure contained insecure configurations. Threat actors know this, and they are working hard to take advantage. To say that cloud security needs to be a top priority is the understatement of the year.
Those are our thoughts on what’s in store for the cybersecurity landscape in 2022. We’d love to hear yours.