Privileged Access Management (PAM) company BeyondTrust has released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer, Brian Chappell, Chief Security Strategist EMEA/APAC, and James Maude, Lead Cyber Security Researcher, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.
Prediction #1: Space Travel – Taking advantage of the huge wave of space tourism, expect phishing attacks and faux websites to crop up across social media and the Internet.
Prediction #2: Cybersecurity Talent Resources – 2022 will prove to be the most challenging year yet with regards to the ongoing cybersecurity talent crunch. Some drivers of this supply-demand imbalance include the accelerated adoption of hybrid cloud and digital transformation initiatives, post-pandemic projects ramping up, and budgets becoming available for spend. Security posture improvements will be at the top of the list of desired projects. The imbalance will cause salary spikes across the board for every level of IT security professional.
Prediction #3: 5G in Everything — Consumers and businesses can expect that newer devices will be cellular-enabled, or cellular capable, to provide services outside of local area and Wi-Fi networks. This will allow connectivity using a subscription model and remove the barriers and troubleshooting required for connectivity on home or small business networks.
Prediction #4: Ransomware Reinvented – In 2021, the ransomware model evolved to include data extortion based on exfiltrated information. The evolution will continue and new paradigms to extort money will emerge in 2022. Organisations should expect ransomware to become personalized and increasingly involve different types of assets, like IoT, as well as company insiders. Targeted disclosure of exfiltrated information may be perpetrated to specific buyers. We may even start to see more flexible terms of payment, as opposed to lump sum payouts. With installment plans, ransomware operators will decrypt victim assets over time, based on agreed upon payout terms.
Prediction #5: Supply Chain Kinks — Supply chain attacks will further mature in 2022, expand in scope, and increase in sophistication. Expect far more third-party solutions and common development practices to be targeted. Organizations need to include third party supply chain breaches in their incident response plans and plan for a public and private response, just in case they become an inadvertent victim for a licensed solution.
Prediction #6: Cyber Insurance Termination — Expect a tsunami of cyber insurance cancellations and a mad scramble to obtain new coverage, potentially at much higher rates. To obtain coverage and ensure the best rates, organizations will need to demonstrate the proper cybersecurity hygiene demanded by cyber insurance underwriters. Failure to have agreed upon cybersecurity controls in place will also be a key argument for insurers to refuse paying out after an incident, or to terminate coverage.
Prediction #7: Freedom of Social Networks — Social networks will be under increasing pressure to control the content posted by their users. This is also likely to result in broader powers for the authorities to trace and identify malicious sources. Expect to see tighter controls on the content that is distributed via social platforms, reliable attestation for the source of the material, and potentially access to the data for authorities.
Prediction #8: Softly, Softly — Next year will see the average time from intrusion to detection grow, giving attackers more time to perform reconnaissance and wreak havoc on systems. Expect a lot of careful hackers to find their way into systems and establish long-term residences there.
Prediction #9: Broken Record — The number of successful attacks will continue to grow, the average cost to the victim organization per successful attack will rise, and the pattern will repeat. With so many new and shiny technologies to choose from, the IT security basics just aren’t exciting.
“The seeds of rushed implementation of remote working and digital transformation bore fruit in the form of once-in-a-decade breaches like SolarWinds, Colonial Pipeline and others that seemed to occur monthly, said Morey Haber, Chief Security Officer at BeyondTrust. “Looking ahead helps us anticipate where cyber threat actors will undoubtedly head as they look to take advantage of this paradigm shift. At BeyondTrust, we plan to provide the best security solutions to address current and future attack vectors, which our customers and partners expect.”
Discussion about this post