Cyber Security Predictions for 2022 

Cyber security continues to be a hot topic – with the lethal combination of Brexit, COVID-19 and the digital skills gap, which is currently at an all time high, dictating that patchy security measures just won’t cut it anymore.  

Organisations must look to 24/7/365 security to effectively monitor and protect against the ever-widening range of cyber attacks in 2022. In this latest blog, Rick Jones, CEO and Co-Founder of DigitalXRAID, is sharing his top cyber security predictions for the next year so you can be armed with the knowledge you need to safeguard your business.  

Prediction 1: The continuation of the rise in ransomware attacks 

The major hitter of 2021 has been the proliferation of ransomware attacks on businesses across the globe. It’s been reported that ransomware cost the world $20 billion in 2021 alone, with nearly 40% of all businesses reporting a ransomware attack. I think we can all agree that it’s not going anywhere anytime soon. It’s one of the most famous forms of cybercrime with coverage in major news publications and due to the unfortunate fact that it’s so successful in terms of generating a return for cyber criminals.  

One of the changes we’ll see in ransomware attacks in 2022 is a further increase in volume. With its continued success we’re going to see more and more hacking groups utilising it. Traditionally, ransomware attacks were targeted at an organisation’s corporate information technology. In 2022 we’re going to see a shift to OTs – or operational technology. Given the dependency that businesses now have in utilising operational technology in terms of the Internet of Things, this is only serving to widen the potential attack vector and aid to make ransomware attacks even more successful.  

In 2021 we’ve seen the global effect that a ransomware attack can have. If you look at the example of the Colonial Pipeline attack, hackers were effectively able to shut down the ability to deliver fuel, bringing most of the world to the brink of a major fuel crisis. Organisations operating in the Utilities, Power and other critical infrastructure sectors must ensure complete protection is in place in view of this.  

2022 is going to bring some thinking out of the box from cyber criminals to bring new, more innovative ways to launch a cyberattack like we saw in the sunburst attack on SolarWinds. We could see more ransomware executed through third parties or malicious code. But the most concerning is that we are going to see a lot more collaboration, with criminal organisations working together to heighten the impact and speed of which ransomware can be deployed and executed. 

An example of that would be where a criminal organisation specialises in creating backdoors which they then sell on to other criminal organisations, who will then use that to deploy their ransomware to maximum effect.  

One of the main recoveries from a ransomware attack was traditionally from backups. This was the main area of focus in terms of business continuity. However, this is going to be another focus in 2022, with criminal organisations targeting backups for a major impact. No longer can an organisation use backup solely as a method to recover from a ransomware attack. 

Prediction 2: Adoption of cloud services will introduce vulnerabilities through misconfiguration 

With the effect that COVID-19 had on business operations and hybrid working practices, we’ve seen a huge increase in the adoption of cloud services and organisations migrating to cloud as part of their wider digital transformation strategies.  

Whether it’s through agency relationships or in-house teams, cloud migrations need a specific set of skills to perform correctly. Looking at the digital skills gap, organisations are adopting step-by-step ‘clickable’ tools to try and build and deploy within a cloud-based environment. This causes a major issue with cloud environment misconfiguration, which in turn introduces vulnerabilities which leaves organisations open to attacks by hackers using tools to detect these issues. This could have an impact on the availability of services as well as customer data and ultimately business reputation.  

We’ve already seen an example of this where Amazon S3 buckets were left publicly available through misconfiguration leading to sensitive data being leaked to the internet. If you’re concerned about your own security, then a Cloud Security Review is the best first step to protect the resources you have stored online from leakage, theft or loss.    

Prediction 3: An increase in the utilisation of tooling by hackers 

Not only do managed security services providers use the tooling available to monitor and protect against cyberattacks, but cyber criminals are also now utilising these tools, especially things like Artificial Intelligence (AI).  

Cyber criminals are utilising artificial intelligence to point at social media and build a very accurate profile of their target organisation, or individual, and then utilising tools to create a phishing email automatically based on those profiles, and driven through AI. This capability will be added to cyber criminals’ arsenal in 2022 to make them more efficient, more proficient, and effective in their exploits. 

Prediction 4: Supply chain attacks continue to be a focus 

We saw a number of examples of supply chain attacks in 2021 and cyber criminals will continue to utilise this method to open backdoors to larger organisations.  

In the SolarWinds case we saw several IT service providers targeted with malicious code that was modified in a way that opened up a backdoor to allow cyber criminals to exfiltrate data. This not only impacted the providers but also their customers. The malicious code was pushed through SolarWinds, which was then sent out as an update to customers.  

In 2022 we’re going to see an increase in hacks that have been driven through vulnerabilities within the supply chain. Organisations must evaluate the risk and shore up their supply chain to ensure that they’re fully protected.  

Prediction 5: 5g brings new vulnerabilities 

As we move towards 5G networks being more widely utilised, it goes without saying that new vulnerabilities are going to be discovered and taken advantage of. This will be an interesting area to watch in 2022 and we can only wait for this to proliferate to understand the impact more clearly. 

Prediction 6: Nation state attacks will rise 

Nation state attacks are always well publicised in the national and international media.  

Some of the political sanctions that are being introduced on countries, which stop importing or even exporting and stunt economic activity, are seeing retaliations using laptops to initiate various cyberattacks. This is very much dependent on the political landscape in 2022 but with it being difficult to identify the threat perpetrators and a varying degree of attack sophistication, the only mitigation against this risk is to ensure you have complete protection in place to detect and stop an attack before it happens.  

Organisations must look to 24/7/365 security to effectively monitor and protect against the ever-widening range of cyberattacks in 2022. Therefore, it is likely that enterprises will turn to outsourcing cyber security to managed security services providers to rely on experts to ensure their business is always protected. Outsourcing solutions, like a comprehensive Security Operations Centre (SOC), will mean that an organisation’s cyber strategy will no longer be affected by a lack of digital skills or an increase in staff illness.  

We’re dedicated to ensure that 2022 is a year that everyone stays a step ahead of the cyber criminals. If you’d like to discuss your cyber security with one of our experts then please get in contact.