January 25, 2022

Top 7 CyberSecurity Preditions for 2022

What trends are worth watching in the ever-changing cybersecurity landscape? What types of threats are likely to emerge? What is worth paying attention to? Read the list of threats from Łukasz Wójcik, Head of CyberRisk.

 

  • Supply Chain Threats and Attacks

A continuing, if not increasing, the trend of attacks using the supply chain is to be expected. These attacks are likely to oscillate around two scenarios. The first is – in straightforward terms – the injection of malicious code by attackers into trusted application programs, the systems on which many services in companies around the world are based. The second is the unconscious use of smaller companies or even people who cooperate with a given entity as contractors, suppliers or employees. Attackers will not go to the trouble of breaking through reasonably robust security measures since they can potentially open doors by attacking the IT resources of a poorly secured contractor, subcontractor or employee and, by doing so, gain access to a larger institution quite quickly.

  • Cloud Threats

The move of services to the cloud, the already emerging returns from cloud services and the hybrid nature of working from anywhere in the world will pose significant security challenges for cloud providers, key operators, companies, and institutions alike. All processes associated with multi-cloud architectures will require appropriate data security and business continuity, technical, organisational and legislative solutions.

  • IoT, OT, drones and autonomous vehicles attacks

The market for smart devices, IoT, is growing. At the same time, there is still insufficient investment in securing these devices, which can provide an easy, almost open door for intruders into home networks or corporate infrastructure.

In addition to treating IoT as a security hole, it should be borne in mind that in some instances, the device itself, especially if it comes from an untrusted manufacturer, will pose a severe threat or cause losses, e.g. faulty implementation of an alarm panel, heating or watering control, etc.

The activities in the field of attacks on autonomous vehicles seem, for the time being, in the main, due to the scale, to be instead treated as PoC. However, the producers of these vehicles must not sleep over the point when the oversights in the security of their technology will start to bear fruit in the form of fatalities or other serious incidents.

  • Critical Infrastructure

Critical infrastructure in many economic sectors and areas are still not adequately secured. And yet the security of Critical Infrastructure is essential not only for the functioning of states and many elements of the global economy but also because it constitutes a tempting morsel for hostile states and criminal groups. When one adds to this the updates to the interpretation of the law on the protection of critical infrastructure (e.g. the European Parliament’s NIS 2 directive), which some entities have not had time to prepare for, a reality emerges that leaves much to be desired in terms of security, and now is the last call before it is too late.

  • Phishing, SMSishing, petty cyber gangsters and crypto wallet attacks, Ransomware

The still low awareness of users, the relatively low effectiveness of law enforcement agencies, the emergence of new, organised cybercrime groups, and the high quick turnaround factor will cause an increase in these types of attacks. At the same time, these will not be uniform actions but waves, based on current trends, problems, etc., which will form the basis for sociotechnical and manipulative interpretation by the attackers. The growing market for cryptocurrencies and the anonymity of their acquisition and trading, as well as the scarcity of regulations, on the one hand, gives great freedom of action and good profits, but on the other hand, will still be a convenience for criminals, for example in the field of ransomware.

  • Deep fake, frauds, disinformation

The development of Deepfake threats and a relatively low level of their detection and inadequate control mechanisms will tempt criminal groups and hostile forces to realise fraud and sow disinformation.

  • Cyberattacks in the military area

It is to be expected that some of the ongoing hybrid operations of states, militaries and even intrastate games will be oriented towards malicious activities in cyberspace. Critical infrastructure, the financial industry and the medical sector may be affected, and ultimately citizens will suffer.

 

And a few more…

 

 Data breaches and business continuity disruption

A complex and uncertain global situation will tempt potential bad actors to steal intellectual property, breach corporate secrets, act as bribed insider threat/bad actor. Irresponsible behaviour of users in cyberspace, still low level of awareness and frustration, will violate business continuity by causing unavailability of systems, access to information, or unavailability of staff on a given position. It is worth noting another risk factor, namely the growing market for hiring employees – especially in the IT sector.

CISOs, ZeroTrust, PasswordLess and MFA challenges

Sophisticated and distributed attacks affecting cyber, physical security, organisational elements and legislative pitfalls alike will require cyber and information security professionals to take a holistic approach and increase the level of collaboration between teams responsible for each aspect of security. The PasswordLess trend, without proper education and efficient implementation of MFA and integrated security systems, could undermine ZeroTrust. Today, spending on security is not a necessary evil or an unnecessary cost. It is an investment. Companies that do not treat security as an investment will sooner or later suffer the consequences. It was similar in the case of the industrial revolution and, 100 years later, the computerisation of enterprises.

 

wearenavirisk.com

Read more:

Cybertaps for Law Firms

Asked why he’d robbed banks, a notorious American gangster from the Great Depression era famously replied: ‘If they kept money in candy stores, I would rob candy stores.’  Is there any connection between old-style robbers and the plight of modern l law firms? On the surface, not really. After all, what can you steal from […]

Phishing Awareness Training – Simulating Phishing Attacks

Phishing training for employees is one of the most effective ways to strengthen your company’s defences against malware, ransomware, data loss and Business E-mail Compromise (BEC) attacks. Experience shows that awareness campaigns result in a significantly reduced click-through rate after each subsequent campaign. An employee who has made a mistake becomes more vigilant and more resistant […]

Phishing – how to deal with it?

Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware.   Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries […]

CONTACT

NaviRisk Sp. z o.o.

ul. Huculska 5/6
00-730 Warsaw

+48 605 19 11 19 info@wearenavirisk.com

CONTACT FORM

Do you have any questions? Write to us!