Martin Riley, Director of Managed Security Services at Bridewell Consulting, shares his Top 10 cyber security predictions for 2022.
1. 2022 will be the year of remote risk. With hybrid working here to stay, we expect cyber criminals to evolve and adapt their techniques to exploit the growing reliance
on mobile devices and remote working. Social engineering will remain the initial attack vector for deployments of malware, phishing and ransomware, with an increase in deepfake technology making attacks more technologically convincing. We’ll also see a rise of update-themed phishing emails designed to trick remote employees into believing they are legitimate updates, as well as those used to tailgate employees into restricted areas under the guise of being a new employee hired during lockdown.
2.Ransomware will become automated. Human-operated ransomware will be the biggest cyber risk for organisations in 2022, as more cyber criminals with a high level of offensive security knowledge gain access to organisations and survey their environments for an extended period before launching attacks on data and systems. The risk presented by human- operated ransomware, as opposed to traditional commodity ransomware attacks, will increase as wormable variants such as WannaCrypt and NotPetva are utilised more. Automation will play a key part in the evolution of modern ransomware and malware attacks, with machine learning and AI being used to remove some of the mistakes that allow businesses to respond to current threats.
3.Volume of hackers-for-hire will increase. In 2021, we saw a number of hacker groups arrive, have a big impact, and then vanish as quickly as they came, only to repeat the same process again a few months later. In 2022, we can expect more of the same, in particular large attacks on lucrative targets such as supply chains and cloud providers to maximise ransom value and payments. Managed services and third-party suppliers will be under greater risk and Phishing-as-a- Service will become commonplace on dark web forums.
4.Zero-Trust will become the de facto cyber security approach. With the rise of hybrid working, Zero-Trust will become critical in 2022. Lack of secure cloud configuration will continue to cause security breaches and organisations will seek to separate users and devices from data, applications, infrastructure and networks through an Identify, Authenticate, Authorise and Audit model (IAAA). More CIOs and CISOs will roll out system- wide Multi-Factor Authentication (MFA), with stricter rules around conditional access built in and supported by session information and telemetry to develop a comprehensive audit trail for real-time detection of a policy breach. Extended Detection and Response (XDR) will become the technology of choice for Zero-Trust, enabling rapid detection and response of threats across endpoint, network, web & email, cloud and, importantly, identity.
5.Organisations will turn to hybrid SOC models to plug skills gaps and aid consolidation. As the cyber skills shortage grows enterprises that lack security professionals with the knowledge and technical skills to run a cloud-native modern Security Operations Centre (SOC) will increasingly turn to hybrid SOC models combining the cyber skills of in-house teams with the expertise of a Managed Security Service Provider (MSSP). Companies will use providers to plug gaps in defences while developing in-house expertise in tools and techniques including EDR, XDR and intelligence-based threat- hunting. Hybrid SOCs will also facilitate consolidation of security tools in order to reduce security costs, maximise ROI and improve efficiency.
6.Rise in 5G and connected devices will increase IoT risks. 5G will continue to be rolled out in 2022, increasing the number of connected devices within organisations, particularly within industrial IoT. Manufacturing and Critical National Infrastructure (CNI) will remain the sectors most susceptible to security issues, with more factories and facilities becoming connected and more organisations reliant on IoT devices for measuring and monitoring processes remotely. We expect to see the introduction of more government guidance and standards to bolster IoT security as uptake increases.
7.Organisations will shift focus from prevention to detection and response. As the speed and complexity of attacks continues to grow, demand for managed security services, such as Managed Detection and Response (MDR), will rocket. No longer the luxury of large enterprises, in 2022 we expect all companies to seek to shift from prevention to response and look to implement early warning systems to flag up early signs of a potential breach. Security Orchestration Automated Response (SOAR) solutions, such as Microsoft Sentinel, will be critical alongside MDR to help improve efficiency. Traditional tools like anti-malware software and spam blockers will be combined with proactive tactics such as MDR, threat hunting and ethical hacking to ensure vulnerabilities are identified and mitigated immediately.
8.Critical National Infrastructure will face more threats. CNI will face increased activity from nation state groups that are likely to prioritise green energy targets given the global focus on the development of sustainable infrastructure. The oil and gas sector will be subject to more directed attacks from hackers-for-hire targeting high value income industries.
9.Cyber security transformation will drive digital transformation. Digital transformation became a necessity in 2021, driven largely by Covid-19. Probably the biggest mistake we saw
then was a reactive approach to security transformation, whereby security was only considered afterwards. In 2022 cyber security will shift from a box-ticking exercise to a business enabler, with CISOs and CIOs working with the CEO to develop an adaptive and customisable security model before broadening the attack surface.
10.Cyber Security vendors will start to consolidate. Microsoft and Google will evolve to become leaders in cyber security. Microsoft has announced a huge commitment to grow its cyber security offering and Google has already taken big steps to bolster its security expertise. As both companies continue to build their expertise we expect to see traditional cyber security players lose market share.