Press "Enter" to skip to content

Predictions page 2

Cyber security 

Marc Laliberte, Technical Security Operations Manager,
WatchGuard Technologies 

Space-hacking to hit the headlines in 2022
“There are already more than 4,000 operating satellites in space, which, combined with the growing number of commercial space flights and government- funded missions to explore other planets, have turned space into a giant attack surface for cyber criminals and state- sponsored hackers. Cyberattacks aimed at space systems could disrupt internet access and other critical national infrastructure, interfere with Global Positioning Satellite (GPS) systems, and even disable or turn satellites into weapons. With the increasing value of orbital systems to nation states, economies and society, we suspect governments have quietly started their cyber defence campaigns in space already.” 

_________________________________________________________________________________________________________

Mike Sentonas

Mike Sentonas, CTO, CrowdStrike 

The rise of the extortion economy 

In 2021, we saw the rise of the double extortion ransomware model, in which threat actors demand one ransom for the return of data and an additional ransom to prevent that data from being leaked or sold. This year, we expect the extortion/ exfiltration side of ransomware to achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion. 

An entire underground economy is being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire tactics, techniques and procedures (TTPs) to exfiltrate and sell stolen data more effectively. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and find other ways to gain access to the data to sell for a profit. 

_________________________________________________________________________________________________________

Ashvin Kamaraju

Ashvin Kamaraju, CTO, Thales 

Deep fake AI and ransomware up the ante
Rising fuel bills are a growing concern for businesses and consumers – and energy suppliers are focusing all their efforts on remaining financially viable. Unfortunately, hackers pounce when people are distracted. With our critical national infrastructure increasingly connected, 2022 will see threat actors weaponise operational technology environments more successfully than ever, targeting systems that, once offline, will have a significant impact on our day to day lives. Given that the UK energy industry is already facing a turbulent time, we are most likely to see a major energy supplier taken offline, with threat actors holding the service to ransom. 

Deepfake technology is now so sophisticated that we are starting to see cybercriminals move away from tried and tested methods like phishing to carry out far more advanced attacks on enterprises. In 2022, we will see deep fake AI utilised to impersonate the CEO of a high-profile global enterprise. Such attacks have already started to gain in popularity, with threat actors using AI to clone the voices of business leaders in order to steal huge amount of money. If these attacks become more widespread, the consequences could be devastating. 

__________________________________________________________________________________________________________

Rick Jones

Rick Jones, CEO and Co-founder, DigitalXRAID 

Ransomware-as-a-service increases risk 

Ransomware-as-a-service (RaaS) poses the biggest risk to businesses in the coming year. RaaS will not change the defences needed to mitigate ransomware attacks (regular backups, data encryption, MFA and continuous monitoring will still prove useful), but it will increase the risk to organisations due to a higher volume of attacks. This is because RaaS gives people without the skills to create and deploy ransomware the option to carry out an attack by buying ready-made ransomware tools. The rise of RaaS in 2022 is likely to lead to a ‘see what sticks’ approach, rather than targeted, tailored attacks. Such attacks may also have lower ransoms, making payment seem more attractive, perpetuating yet more attacks. 

The next 12 months will also strengthen the trend of large companies recognising and understanding the importance of having a strong security strategy. This means hackers will start searching for new ways in – we’re already seeing evidence that they are leveraging a back-door entrance through smaller partner companies with less budget to secure their networks. 

To mitigate the danger from supply chain attacks, it is essential that organisations understand, evaluate and quantify the risk of working with third parties and ensure that well-defined security policies and frameworks such

as ISO 27001 are put in place. Liability around breaches must be contractually agreed, and businesses should look to implement regular penetration testing to protect their networks and demonstrate their due diligence. 

Adopting a Zero Trust architecture will be a popular solution for reducing risk in 2022. While a level of trust is essential for organisations and their suppliers, resellers and service providers, cyberattacks are now becoming so financially devastating that more stringent measures must be put in place. 

__________________________________________________________________________________________________________

IIia Sotnikov

Ilia Sotnikov, cybersecurity expert and VP of User Experience & Security Strategist, Netwrix 

Cyber insurance costs to keep growing 

Legislation will increase as security incidents at private companies affect national security. The impact of ransomware and other cyberattacks is no longer limited to the victim company; attacks are now affecting entire regions, with attacks on companies that supply food or fuel leading to empty shelves in supermarkets and long queues at petrol stations. We can expect security requirements for private organisations in critical sectors to become tougher, in particular notification rules, as governments need more visibility into the specifics of cyberattacks in order to improve legislation. In some cases governments may offer tax breaks that reward organisations for investing in cyber defenses. 

Cyber insurance costs will increase and policies will mandate higher security standards. With insurance payouts becoming both more frequent and more costly, the cost of cyber insurance has already skyrocketed: prices were up 96% in the US and 73% in the UK in the third quarter of 2021 compared to the same quarter in 2020. We expect continued increases in 2022.  In addition, insurance policies will require the implementation of critical controls that reduce the risk of cybersecurity incidents. With attacks becoming increasingly common, insurance companies will pay in exceptional cases only. 

More attacks will target MSPs as a path to infiltrate large enterprises or government agencies. Attackers have seized upon a very effective strategy for getting access to large organisations — through the relatively weaker IT infrastructures of SMBs that provide them with services. Accordingly, managed service providers (MSPs) will need to increase the breadth and depth of their security measures, since many SMBs rely upon them for their security. 

Quantum computing will begin to disrupt encryption. Most cryptographic algorithms today rely on the premise that there’s no processor sufficiently powerful to crack them in a reasonable timeframe, but quantum computing will allow such a processor to exist. While this technology is still far from any practical application, concern is growing. For example, the U.S. has announced export controls on eight Chinese quantum computing companies because of worries about China’s ability to break encryption. As the technology matures, we can expect more widespread adoption of post-quantum encryption standards.

Please follow and like us:

Be First to Comment

Leave a Reply

Technology Reseller Magazine & Site is Published by Kingswood Media 2022