How Is Cybersecurity Likely To Evolve In 2022
It goes without saying that 2021 has seen the most significant disruption to business processes in living memory. Unfortunately, cybercriminals thrive on any form of disruption and this year has been no exception. So, just how has this manifested itself and what can we expect to see into 2022? These are just some of the trends we expect to see in the coming months:
Phishing emails on the rise
Before March, our security team were typically helping clients deal with five (or so) phishing breaches per month. This has since rocketed to around 15 to 20.
Why the increase? One significant factor is that being away from the office has broken some of the human connection within the workplace. Without a colleague - particularly an IT or security person - to ask, ‘is this OK?’ or ‘did you send this email to me?’, individuals have been more prone to take risks. Criminals recognise this and have upped the rate and sophistication of attacks.
With a return to the workplace still some way off and flexible working an ongoing trend, organisations must stay on their guard.
Ransomware becomes more sophisticated
Ransomware often relies on phishing to infiltrate an organisation, therefore it is natural to have seen an increase here too. The year began with the Travelex incident which ultimately resulted in the business collapsing into administration, highlighting just how damaging ransomware can be for an organisation.
Pre-pandemic, I rebuilt one business from scratch in three years however, post-pandemic, I’ve rebuilt five in three months. With the growth of ransomware as a service, it has unfortunately never been easier to do and we can expect this to only accelerate.
MFA isn’t a silver bullet for protection
Undoubtedly, MFA is a powerful deterrent against account takeover. Some MFA is always better than none, but organisations should accept that it isn’t fool proof.
There are numerous examples of SMS-based MFA being compromised (mainly via SIM card cloning) but we’ve now seen attackers socially engineering employees by calling them, sometimes pretending to be from their firm’s help desk, and asking for 6-digit codes to access work systems.
Use MFA but also be aware that a strong education strategy is required and that it is only one part of a required immune system of security and mail protection.
Remote working continues to undercover new challenges
Solutions such as Security Information and Event Management (SIEM) and other internal network security solutions rely to some extent on location to spot ‘risky’ behaviour. For example, if you‘re physically present on the office network then this will flag as ‘safer’ than being away from it. However, a more disparate workforce brings challenges.
Some will show up securely on a work VPN tunnel and others won’t use it. Logins can appear from all over the world leading to many false positives.
The fact that many people will access company assets from their own devices further complicates matters. This will require effective triage from security teams in 2021 to spot real risk from false information. It will also necessitate a greater focus on the endpoints than the network with endpoint detection and response technologies likely to see an increase in use (on all devices, not just those issued by the company), as well as conditional access.
Automation will play an important role
The rise and complexities of threats have long been too much to handle without some level of automation. But from 2022, we can expect to see Security Orchestration and Automation Response (SOAR) take off. This type of technology takes time to learn an estate and is still in its infancy, but in time will assume a more significant role. It’s likely that by 2025, machines will be running most elements of cybersecurity protection.
What does all this tell us? Technology to both attack and defend is getting smarter. Artificial intelligence is already being used in defence tools yet also used by criminals in malware. It is making the bar for attackers ever lower, with less technical knowledge needed to carry out attacks.
However, as smart as technology is on both sides of the coin, people remain the weakest link. Testing and educating employees has never been more critical, especially with more dispersed and flexible workforces. It is likely to be a challenging year for everyone with a temptation to cut budgets as businesses struggle, however applying this to security is a false economy, given the power of attackers to take down an entire organisation.
As ever, getting cyber smart in 2022 means using the right technology and services, but also working alongside employees to understand the risks.