2022 Cybersecurity Predictions

2021 could be considered the year that everyone finally reconsidered how cybersecurity affects everyday life. Attacks on critical infrastructure such as the Colonial Pipeline, JBS, and Iowa Grain Cooperative resulted in inflated oil prices and risks of food shortages. Additionally, cyberattacks on hospitals threatened patient care and PII, plus businesses felt financial pains courtesy of the Kaseya attack and T-Mobile breach that took entire companies offline and hurt organizational trust and reputation.

However, while these attacks reached record numbers, the federal government took action to combat them. For example, the Biden Administration signed an executive order to protect the nation against cyberattacks. The Department of Justice formed the Ransomware and Digital Extortion Task Force, which ultimately led to charges against REvil.

As we venture into 2022, many are eager to know what the cybersecurity landscape holds. From repercussions for paying ransomware demands, a blurred line between cybercrime and nation-state attacks, the growing cyber skills gap, OT environments under siege, and COVID’s impact on security issues (or lack thereof), cybersecurity teams and organizations have much to prepare for, including the following:

1. Someone finally pays the full price for meeting ransomware demands

Even though ransomware attacks have been bad over the past couple of years, they were only the tip of the iceberg. Given the extensive financial motivations for ransomware gangs and their utilization of insider threats, even current legislation and the Biden Administration's cybersecurity executive order aren’t going to prevent companies from trying to discreetly meet their demands. That being said, as organizations weigh the risks of guaranteed pain now versus potential repercussions later, someone is going to be made an example of by the federal government in short order. Not knowing the law won’t be an excuse and, although jail time is unlikely, there will be organizations that are indicted in order to make them think twice about paying these criminals in the future

2. The line between cybercrime and nation-state attacks will continue to blur Following a cyber-attack or data breach a couple of years ago, threat intelligence companies could often assess the breadcrumbs left behind by attackers and accurately determine who was behind it. This was largely partly because certain threat actors often have a “playbook” that they share to discuss how to operate. However, given the common rebranding of ransomware gangs and criminal organizations using the same tactics, techniques, and procedures (TTPs) as nation-states, some of these attacks are becoming indistinguishable from each other. Additionally, a single threat actor isn’t solely responsible for some of the larger attacks, but rather a group of three or five that all have a hand in it.

3. The cybersecurity workforce shortage and skills gap won’t improve Following the Biden Administration’s cybersecurity executive order in May, there was hope throughout the industry that the increased resources and emphasis placed on the growing threat would lead to closing the cyber workforce and skills gap. However, it’s not going to be an immediate fix and it’s also one that needs to be assisted by private companies that invest in more hands-on training programs that focus on building transferable technical skills rather than purely professional development. This way they make their respective security teams more efficient instead of having to rely on expensive security products. Also, in terms of geographies, organizations based within countries with allocated resources, such as the U.S. aren’t going to see this issue get worse, but places without the same prioritization and funding are going to encounter even more difficulties on this front.

4. OT environments will be subject to the cyber “perfect storm” Centers that control the entire manufacturing process for organizations are going to be at even greater risk in the new year. Since implementing new technology and infrastructure can disrupt their entire environment and supply chain, these centers often have old security systems that are not supported by vendors anymore. This perfect storm of bad technology and a lack of adequate patching capabilities, combined with the fact that it’s the closest thing to an organization’s cash register, makes it an ideal and easy target for threat actors.

5. COVID’s impact on phishing attacks and WFH security is more bark than bite Over the past couple years, many have been talking about the impacts that COVID could have on phishing campaigns and remote work. However, there’s always going to be a current event or newsworthy item that threat actors can exploit or leverage when it comes to phishing campaigns. Additionally, even though remote work used to be a concern at the onset of the pandemic, organizations and employees have adapted at a rapid pace, leaving a majority of the security concerns in the dust.

While 2021 was a turbulent year, 2022 may not be the calm after the storm that many were anticipating. However, with these new challenges also comes the opportunity to improve and invest in cybersecurity teams, knowledge, and defenses more than ever before. While these five predictions are just a handful of expected developments, anticipating what’s on the horizon can help the entire community better prepare for the next wave of cyber evolution.