Back to Blog

Cybersecurity 2022: These four areas will evolve!

By
Willem Hendrickx
|
January 18, 2022

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, but 2021 managed to be an exceptionally dangerous year. Most notably, ransomware was consistently a hot topic within the industry after a string of high-profile incidents involving organisations such as Kaseya and the Irish Health Service all falling victim. In addition, the ransomware attack on JBS was a stark reminder of the potential severity of supply chain attacks. More widely, permanent shifts to hybrid working and rapid cloud adoption also meant organisations had to revaluate their security infrastructure to ensure remote workers are fully safeguarded.

 

So how will the lessons learnt from 2021 shape the cybersecurity landscape? Here are four areas of cybersecurity that will evolve in 2022.

 

1.  Cloud security will come under increasing pressure 

First, ransomware will shift to exfiltrating and encrypting cloud data. While this has sometimes happened by attacking third-party processors of data (as we saw recently with the Labour Party member data being ransomed), 2022 will be the year where data which is on the customer’s side of the “shared responsibility” model undergoes direct attack by one or more ransomware gangs. Additionally, Network defenders in the Hybrid-cloud world need to understand that RansomOps may be just as interested in pivoting up to the cloud from traditional corporate network enclaves, as they are attacking cloud assets directly -- perhaps unsurprisingly, they'll take the path of least resistance.

 

2.  Proactive action to minimise ransomware attacks

In terms of defending against ransomware, we’re going to see an increase in the frequency of public take-down of ransomware gangs and the increased formal oversight over Information Security due to the prevalence of ransomware attacks. However, we can also expect to see the woeful under preparedness of many public sector entities to address the threat. Finally, we’ll see a relative reduction in ransomware outcomes versus data loss or exfiltration outcomes, as Human Operated Ransomware is detected and stopped before it goes nuclear.

 

3.  A growing demand from organisations for Managed Detection & Response services and automation 

Outside of ransomware, while managed security services will continue to grow in volume, a non-trivial subset of organisations will meet talent shortfalls with automation, orchestration, and analyst-augmenting AI. Organisations will recognise that outsourcing business context to an external entity can be exceptionally difficult, and a few well-equipped and supported internal resources can be more effective than an army of external resources.

 

4.  Increased use of AI to counteract malicious use of MFA

The final area to focus on revolves around Multi-Factor Authentication (MFA). With MFA being enforced by some of the major tech giants including Microsoft and Google. This is in large part because attackers continue to have success stealing credentials and bypassing basic authentication, however, while MFA isa step that everyone should take — criminals continue to prove that it’s not enough to keep them out. In some cases, criminals are even using bots to help them work around MFA and this will continue to be an uphill battle for organizations. As a result, we’ll see more organisations turn to AI-driven security tools to help stop attacks that make their way past MFA. 

 

Being on the front foot in 2022

As 2022 will place its own set of security-related hurdles, it’s vital organisations get ahead of the game to ensure they have the best possible protection against potential threats. To achieve this, organisations should look to implement a detection and response strategy. This will usually employ combinations of AI and Machine Learning (ML)to look for crossover between authorised but suspicious activities, and the sorts of behaviours that an adversary will exhibit as part of an unfolding attack. If organisations assume they have been compromised and actively search for the signs, they will be in a much stronger position to detect all sorts of attacks in good time and stop them before they become breaches.