As 2021 draws to a close, it is safe to say the year has been a blockbuster for cybercrime. We have witnessed attacks on critical national infrastructure, which have impacted the supply of consumer commodities. We have seen law enforcement clamp down on cybercriminals, taking down some of the most ruthless operations that have wreaked havoc on organisations and consumers across the globe. At the same time, cyber has also become a key topic on almost every politician’s agenda, with Biden recently imposing strict sanctions on Russia around the cyber playing field.
However, despite how eventful the last year has been, it will likely be a trailer for what lies ahead.
To help prepare organisations and consumers for what 2022 has in store, Obrela Security Industries has written this blog post with predictions on what we believe is coming up in the year ahead.
The Cyber Cold War has been a prediction from almost all security experts for the last few years. Based on the previous year’s activity, it looks like we are already in the midst of it. Suppose the escalation in cyberattacks from Russian state-sponsored attackers on US and UK critical national infrastructure is not proof enough; in that case, 2022 will provide the evidence any sceptics need.
However, in the next year, eyes may avert from Russia and focus more on China and Iran. Now that Russia, the US and Germany have reached a deal on the controversial Nord Stream 2 Pipeline, we may find Russia becomes less of a threat. However, Iran and China may increase state-sponsored attacks on the US, mainly as tensions between the US and Iran grow and the Chinese President Xi Jingping wants to demonstrate the force of his country. Any other European countries that strongly support the US are set to become a target of China and Iran.
If 2021 has demonstrated anything, it’s that when companies get hit with ransomware, it will almost always result in a pay-out for cybercriminals. A recent survey by Obrela revealed that 38 per cent of UK healthcare organisations had paid a ransom demand to retrieve their sensitive data from hackers in the last year. Despite the recent takedown of REvil, ransomware attacks will continue in 2022. New RaaS groups will surface, some proving even more ruthless than REvil and DarkSide. The one change we can also expect is a drop in demands, but a higher frequency of attacks, which will make payouts easier for organisations to swallow and will guarantee even more funds for attackers. To prevent ransomware from getting on to systems, organisations must rely on technology that detects and stops the malware before reaching inboxes. There is no benefit in teaching employees to be scared of email, given it is the primary means of communication. Instead, organisations must stop ransomware in its tracks before it reaches users.
Just what the security industry needs, another acronym, but Resilience-as-a-Service will be a top priority for all security companies in the future. Organisations need to understand that security is not a product. It is an ongoing process, and its most important feature is resilience. Helping companies harden their systems against attacks and prevent them from getting into networks before they can cause damage. Because of this, RaaS (resilience, not ransomware) is a buzzword we will be hearing a lot more about in the next year.
Check your supply chain if Solar Winds and the Accellion breach taught us anything. Despite continuous warnings, organisations are still failing to check the security of their supply chain, costing them millions when they get breached and putting their customer’s data at risk. Unfortunately, we will see more supply chain attacks in 2022. These will only be limited when organisations evaluate their suppliers and partners’ security practices and ensure they follow the same principles and don’t put their data security at risk.
These are just a few of the 2022 predictions. However, there will likely be many surprises along the way.
We are ready for the challenge.