2021 was another eventful year for cybersecurity. Landmark critical infrastructure attacks like the Colonial Pipeline hack, grueling supply chain challenges, and wiser-than-ever cybercriminals made headlines globally as governments, utility providers, and industrial companies questioned how to defend their business against the mounting attacks. Dr. Raphael (Rafi) Yahalom, Research Affiliate at MIT Sloan School of Management, warns that the “magnitude, scope, and nature of cyberattacks last year clearly indicate that new cyber security paradigms are required – current industry approaches are insufficient.”
The silver lining of all the damage and worry caused by cybercriminals is that at least awareness is up – it became evidently clear that connected devices in vitally important industries are vulnerable to cyberattacks and it’s essential to be prepared for when – not if – they are compromised. With the alarm sounded in 2021, what should stakeholders look out for specifically in 2022? Here are some resonant observations and predictions for the new year in cybersecurity, with advice from our partners and leadership for how to address the ominous threat landscape.
Attackers Will Outsmart You – From All Directions
The idea of the basement hacker is far outdated, as detailed in Dark Reading recently, and can actually cause decision makers to be too complacent in their cybersecurity protection. Not all hacks come from external sources; in fact, we predict a more sophisticated subset of cybercriminals in 2022.
David Stroud, Head of Europe and APAC at NanoLock, recommends watching your six as attacks come from state-level, supply chain, and internal sources: “I think we will see more state-sponsored attacks and a continual rise in the number of attacks, starting with insiders. Especially in OT incidents, we are seeing that attacks are continuing to grow both in their volume and complexity. There are no limits, and without proper monitoring and management in place, it is very difficult for countries to track and hold those that undertake the attacks accountable.”
Attacks will only become more severe as hackers gain greater understanding of their leverage and their targets’ vulnerabilities. Sagi Berco, VP R&D at NanoLock, shares that, “as hacker groups grow more refined, from private ransomware-as-a-service (RaaS) outfits to seriously moneyed state-sponsored groups, the urgency to act has never been greater because the threat has never been more multiple or more ambitious. Cybercrime is proactive. Cybersecurity must be, too.”
Yanir Laubshtein, VP Cyber Solutions at NanoLock Security endorses proactive measures and monitoring as well: “The evolution in cyber-attacks calls for a new way of thinking about security operations: Organizations should become more proactive to change the paradigm, from detection to protection, and look for new threats, work with device vendors to adapt new cyberattack prevention tools and techniques and adopt zero-trust approaches for their systems.”
Ransomware Origins Diversify
Thanks to a cavalcade of incidents in 2021, one of the most newly familiar forms of cyber warfare is ransomware. Given the rise in prevalence over the past few years, ransomware attacks project to cause unparalleled financial losses in 2022 compared to past years. As RaaS gangs gear up to extort organizations, VP Cyber Solutions at NanoLock Security Yanir Laubshtein warns that “the adversaries have learned that victims are willing to pay staggering amounts of money to return to operations and to maintain their reputation. As more companies seek to improve efficiency by uniting their IT/OT technologies and embracing cloud connectivity, it’s essential that they continue to assess and respond to the threats facing their product lines.”
John Felker, President of Morse Alpha Associates, reveals that the progression of ransomware attacks and the catastrophic nature of the actions over the past 12 months are highly data-driven: “For one thing, bad actors are taking data and using it as part of the attack itself. Data that can be sold or leaked can cause significant damage or loss to the victim – it’s a powerful possession to have. And secondly, bad actors are becoming more creative and insidious, cracking systems below the main network to harm organizational operations directly. These tactics are indicative of more combined ransom and theft attacks to come.” He also shares that the concept of “immutable” data is one that needs more exposure and exploration. “Assuming that we can safely store data – before malware is injected – has significant promise to preclude ransomware data lock ups.”
Sagi Berco also predicts a significant rise in ransomware attacks given the increased attack surface that comes with the proliferating IT/OT convergence and diversification of attack sources. Reflecting on last year’s destructive SolarWinds and Kaseya VSA hacks, he predicts that more ransomware groups will look to exploit vulnerabilities in supply chains. It is crucial that across industries, connected devices are protected throughout the entire product lifecycle, starting from the production line and throughout supply chain field operations. Dr. Rafi Yahalom agrees that the full scope of equipment needs to be covered, noting that “Cyber-attacks increasingly traverse the boundaries between IT and OT. Unified cyber-security solutions need to provide cyber-resiliency on the OT devices as well as end-to-end from each OT device to the IT and Cloud environments.”
Reacting to attacks won’t be enough
Cybercriminals are always developing new tools to exploit new holes and while defenders attempt stop them using patches and network defenses, it’s often not enough. Franco Monti, Co-Founder and Chairman at Monti Stampa Furrer & Partners Group, shares that as these attacks become more complex, the actors are circumnavigating preventative measures that business leaders have historically placed their confidence in. He mentions the degree of intelligent behavior from all attackers – internal, external, supply, chain, state-level, and beyond – is “increasing to an unprecedented level. Attackers are tricking sensors and honey pots, leveraging self-learning AI to analyze data, find new entry points, and constantly adapt to defeat insecure protection measures.”
As more complex attacks emerge, continuous improvement to security measures and testing is essential to ensure that you’re always one step ahead of the attacker, and not the other way around. Sagi Berco shares: “Never stop improving your security because bad actors never stop improving their tactics, either. For the known vulnerabilities, performing penetration tests using the known attack vectors can help you patch your system on a regular basis. For unknown risks, prioritize preventive security rather than detection solutions. Use several security methods in different hardware and software levels to cover all your bases.”
Having a dynamic response plan that includes 3rd party IR, legal, breach coach, etc., exercising that plan and ensuring that ALL of the company leadership is engaged in the effort is also important.
John Felker shares that basic blocking and tackling and cyber hygiene practices like patching, net segmentation, regular scanning for shadow IT and vulnerabilities are essential. Equally as important are educational practices and security-conscious business operations: “Ongoing awareness programs help make all employees sensors – not the once in a year, check the box, multiple choice efforts – which are useless. Having a dynamic response plan that includes 3rd party IR, legal, breach coach, etc., exercising that plan and ensuring that ALL of the company leadership is engaged in the effort is also important.”
With increased digitization impacting all aspects of life, cyberattacks will become increasingly ubiquitous and may impact all our activities across the most mission-critical industries. Dr. Rafi Yahalom shares that as bad actors continue to “exploit weaknesses across organizational boundaries, organizations must identify and apply completely new methods to manage trust relationships, business operations, and supply chain related cyber risks.”
The threats facing critical industries will continue to expand as their networks do in the new year. Decision-makers must act immediately to evaluate and upgrade security approaches with an eye towards proactive outcome prevention rather than solely relying on reactive patches fixes. In 2022, organizational success and survival depends on it.