Since the pandemic flipped the world on its head, forcing organisations in every
industry to adapt to working from home and completely change their operating
models, cyber security has been struggling to keep up. There’s no question that
COVID-19 quickened the adoption of digital technologies across the board, but as
technology became more sophisticated to meet the needs of a mobile workforce, so
did cybercrime become significantly more complex and sophisticated.
There’s no doubt that 2021 was an interesting year for cyber security, but what can
we expect to see in 2022? I believe business and IT leaders will continue to battle to
get a handle on the challenges posed by a hybrid work model that bad actors are
constantly trying to attack.
Cloud Security Issues
Along with digitisation, cloud adoption soared during the pandemic, and malefactors will carry on trying to access cloud apps and services using a ‘mud against the wall ’ approach that takes little effort, but yields a good return. Their old tools and tricks aren’t going anywhere, but will be augmented with new ones designed to breach today’s digital entities.
Phishing & Ransomware
Phishing will remain a popular scourge as long as it carries on working. Employees that are not educated in cyber hygiene will continue to click on malicious links, and open up malware-ridded attachments in emails, and vulnerabilities will continue to be exploited as too many environments are simply not patched or updated. This is a strong lesson to companies to never ignore the basics, and always view these as a possible first line of defence - patch, update, educate and train.
Another threat that will continue to rear its ugly head is ransomware. As we saw last year, ransomware attacks are becoming increasingly targeted, and are going above and beyond demanding a ransom, to including an element of extortion, where the malefactors threaten to release confidential data should the victim choose not to pony up. Again, hybrid and remote workforces are increasing the attack surface, making it harder for cyber security practitioners to defend against, and giving bad actors more means to carry out, these attacks.
Internet of Things
Then there’s the Internet of things (IoT). For some time cyber crooks have had connected devices in their cross hairs, and we’ve already seen a slew of attacks against IoT devices, including baby monitors, smart homes, medical devices and even cars. Attackers are betting on the fact that these devices are rarely designed with security built in from the ground up, and have limited capacity, meaning it is often omitted or an afterthought. This is dangerous, as these devices can be a highly effective stepping stone into a targeted organization.
Supply Chain Attacks
And speaking of stepping stones, I believe the supply chain will suffer more attacks in the future. Between SolarWinds and Kaseya, the industry learned a hard lesson in how truly vulnerable the supply chain is, as well as the devastating roll-on effects successful attacks of this nature can have. As we depend on supply chains more and more, threat actors will continue to abuse and exploit them - with more and more sophisticated tools and tricks, many of which I suspect will be nation-state backed.
Remember, nation-states have the deepest pockets and I believe malicious APT groups will carry on disrupting supply chains to commit cyber espionage and disruptions, targeting the weakest links in the supply chain to achieve their malicious ends.