If it seems like everywhere you turn there is another large-scale cyberattack that has hit a global organisation, you’re not far wrong. Over the past few years cybercrime has become a lucrative – and organised – industry and businesses large and small are at risk. Each year, however, cybercriminals are evolving. Here are the 9 trends that we are keeping an eye on in 2022:
- People will remain an organisation’s weakest link
Unfortunately, despite an increasing focus on cybersecurity training and strong passwords and multi-factor authentication, we expect to see this trend continue in 2022. At Cyanre, our own experience with cyber breaches has been that in 43,5% of the cases we have investigated, the breach was the result of easily guessable passwords, even though our clients had enforced complex password policies. These passwords allowed extensive and easy lateral movement by the threat actors across the organisations breached.
Remember, cybercriminals know that the easiest and often most direct way into a network is through an employee who unwittingly clicks on the wrong link. They’re not likely to change methods that have worked so well in the past. Education and even regular tests that send out fake phishing emails to see how employees respond is critical. Similarly, enforce regular password updates and encourage strong password phrases.
- The healthcare sector will see more breaches due to digitalisation
When the pandemic took hold, Kaspersky researchers predicted that the healthcare sector would receive major attention from cybercriminals. This certainly proved true. Criminals tried to profit off of the vaccine and ransomware hit hospitals around the world, endangering patients’ lives. As more patient data moves to the Internet, these threats will continue to rise. Kaspersky also reveals that healthcare data breaches in 2021 increased by one and half times when compared to 2019. Wearable devices that track a person’s health and fitness and medical applications give hackers new entry points into personal data and an opportunity to build and deploy fake apps filled with malware that people mistakenly download. There will also be a market for fraudulent digital vaccination passports and certifications, all of which could potentially give hackers access to personal devices and mobile phones.
- Supply-chain attacks will continue to rise
In many ways, a supply chain attack is a cyberattack on steroids, because it allows cybercriminals to attack many organisations at once. We’ve seen this first hand at Cyanre – over the past two years, in 8,62% of the cyberattack cases, the breach could be traced to external IT service providers who were themselves breached by external parties. Another 3,45% were compromised trough third party connections on their network. In other words, an IT service provider was breached and their customer networks accessed through that breach – one breach, multiple attack points.
In 2022, we should expect to see an increase in attacks that target service providers and software that other businesses rely on. It’s important to remember that outsourcing to a third-party vendor only outsources the work and not the risk. Legally and reputationally, the blame and responsibility for a breach will fall on the company, and not its vendors.
- Work From Home policies will continue to be exploited
While many people will begin to return to the office in 2022, most large organisations have begun to implement hybrid workforce policies that will continue to see employees working from home, at least some of the time. Personal computers and home networks are far more susceptible to cyberattacks, even though enterprises have had almost two years to create more robust security protocols to protect their networks with so many employees working from home. Cybercriminals are always looking for the weak link and throughout 2022 this will continue to be one of them.
- Sophisticated attacks are targeting mobile devices
Smartphones go everywhere with their owners. They are a veritable treasure trove of personal information and, these days, business information too, often connected to business networks. Kaspersky data reveals that 2021 saw more ‘in-the-wild zero-day attacks’ on iOS than ever before. On PCs and Macs, users have the option of installing security packages, but these products are not as robust for iOS, which makes them far more vulnerable to advanced persistent threats (APTs), which are long-term attacks that sit on devices and mine information.
- Social media will be weaponised
McAfee has identified that one of the areas cybercriminals are now focusing on is social media – specifically, top-tier executives who are on social media for business purposes, and who will respond to head hunting and job offers. The problem is that the jobs are not real – they are offers from threat groups used to bypass traditional security controls. This type of fraud takes effort – individuals must be researched, but personalised scams have proven to be a successful way to infiltrate organisations and we expect to continue to see these attempts as companies invest more heavily into keeping their networks secure.
- There will be restrictions to insurance coverage
Aon reports that up until this point insurance coverage changes have been tied to capacity management for certain risk issues, specifically ransomware. However, some insurers have now started introducing sub-limits and even co-insurance penalties to companies who suffered losses due to ransomware, but were considered to have had less than ideal security controls. Even through ransoms can be insured, cyber risk is an area insurers are focusing on with an eye to ensuring that all reasonable security measures have been taken by organisations to protect their networks and data.
Companies should take advantage of the opportunity to prepare for and prevent attacks by working with trusted managed security services partners.
- The lifecycle of malware is reducing
This might sound like it is good news, but it’s not. According to research from Kaspersky, many cybercriminals are shortening the lifecycles of their malware to circumvent detection. The malware is released into a system aimed at a very specific set of targets. A few weeks later, once it is past peak effectiveness, a new build is released to bypass detection. These smaller, targeted ‘hit and run’ tactics ensure that cybercriminals can stay ahead of any patches that are created and keep infiltrating businesses. It’s imperative to be able to pinpoint the origin of a breach through digital forensics to be able to prevent further attacks through the same breaches.
- APIs are increasingly coming under attack
Many new cloud applications and APIs (Application Programming Interfaces) are treasure troves of business-critical data and client data. They are fast becoming an entry vector for wider supply chain attacks. We’ve mentioned earlier that supply chains will increasingly come under scrutiny, but for the same reasons, so will APIs. We expect to see traditional malware attacks evolving to use more of the cloud APIs entering the market and MacAfee predicts that we will soon see the potential misuse of APIs themselves to launch attacks on enterprise data (as opposed to just infiltrating APIs) and the usage of APIs for software-defined infrastructure could also result in potential misuse.
This list might sound like a huge challenge to navigate, however with the right partners and by working together, companies can be prepared and limit the damage of any future attacks. Let the work begin for a safer 2022.