To predict cybersecurity trends in 2022, it helps to look at the recent past. In 2021, we’ve seen the Colonial Pipeline attack against oil infrastructure in the US, the biggest ever cyberattack in food production which blighted JBS, the Kaseya ransomware attack by REvil and the Health Service Executive attack on the Irish healthcare system. Such incidents should remind businesses that, firstly, no sector is safe from cybercrimininals.
Additionally, it seems that nothing is off-limits anymore when it comes to cybercrime: health, food, even childrens’ education are all at risk from data breaches and ransomware.
Another way to predict what businesses need to prepare for on the cybersecurity front in 2022 is to listen to the experts. Data and analytics firm GlobalData for example reports that “attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT)”.
To get some details, at Verdict this week we’ve reached out to cybersecurity experts active in many different sectors, and brought together predictions for 2022 from insiders monitoring the threat landscape today. We’ve obtained some general cross-sector viewpoints and also ones focused on energy, oil, transport, logistics, aerospace, automotive, healthcare, retail and finance.
Cross-sector cybersecurity in 2022
Alon Arvatz, Senior Director of Product Management at IntSights
“Based on the hacker chatter that we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019. Based on this, we can definitely expect hacker interest in deepfake technology to rise and will inevitably see deepfake attacks becoming a more-utilised method for hackers in 2022.
“Furthermore, like many other cyberattack methods, we predict that threat actors will look to monetise the use of deepfakes by starting to offer deep-fake-as-a-service, providing less skilled or knowledgeable hackers with the tools to leverage these attacks through just the click of a button and a small payment.”
Various predictions from Zoom CISO Jason Lee
“To adapt to hybrid working environments, more companies will drive to adopt the Zero Trust security model. Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the Zero Trust approach to security. I believe that companies need these tools to make sure their employees can get work done as safely as possible from wherever they are – commuting, travelling, or working from home – and that all of their endpoints are secured with continual checks in place.
“Security leaders will step up their protections against third-party risks. In security, you always need to be thinking ahead about what might come down the pipeline. From SolarWinds in December 2020, to Colonial Pipeline and Kaseya in 2021, our industry saw a distinct increase in supply chain attacks. CISOs and CSOs will need to make sure their vendors are also secure. This includes looking at third parties related to the business and assessing how to best manage any risks.
“More public technology companies will create dedicated cybersecurity committees on their boards of directors. One of the most impactful things we did at Zoom this past year was to institute a three-person committee on our board dedicated to cybersecurity matters. Having security industry experience at this level is incredibly valuable, allowing us to readily address concerns and issues in industry shorthand. While this approach is still relatively new, it has been incredibly beneficial and I wish we did it sooner. And I’ve heard peers express strong interest in recreating this approach at their own companies, which leads me to expect this will be a priority for organizations in the new year.
“The security hiring boom will continue. We know that cybersecurity professionals are a hot commodity across industries, due to more available jobs than trained applicants. In fact, the U.S. Bureau of Labor Statistics reported that employment for information security analysts is projected to grow 33% from 2020–2030. I believe we’ll see the cybersecurity talent pool grow as more professionals choose to enter the field due to increased demand and in many cases, the ability to work from anywhere.”
Corey Nachreiner, CSO at WatchGuard Technologies
“It’s official. Windows has gone password-less! Though we commend Microsoft for making this bold move, we believe all single-factor authentication mechanisms are the wrong choice. Researchers and attackers have repeatedly defeated various biometric mechanisms and while in general, hardware tokens are a strong single factor option too, the RSA breach proved that they are not undefeatable either. And frankly, clear text emails with an OTP are simply a bad idea.
“The only strong solution to digital identify validation is multi-factor authentication (MFA). Microsoft and others could have truly solved this problem by making MFA mandatory and easy to use. Organisations should force users to pair it with another, like a push approval to your mobile phone that’s sent over an encrypted channel: no text or clear email. So while we predict that Windows password-less authentication will take off in 2022, we also expect hackers and researchers to find ways to bypass it, proving we didn’t learn from the lessons of the past.”
Adam Brady, Director, Systems Engineering, EMEA, Illumio
“With the increase in ransomware and other malware attacks we have seen recently, both on critical infrastructure and other industries (such as healthcare and education), I think 2022 will bring with it an increase in mandated compliance regulations to reduce these risks, as opposed to guideline-based compliance. While regulations like the GDPR and NIS Directive are EU initiatives, the creation of similar UK-specific versions post-Brexit could be highly beneficial and will be a key focus in the industry as we move into 2022.”
Chris Vaughan, AVP — Technical Account Management, Tanium
“Various outages and issues this year have highlighted that sometimes, falling back on manual or ‘old-fashioned’ processes such as physical security or system re-boot measures are critical for business continuity and to protect an organisation’s key assets.
“Detailed scenario planning is crucial when it comes to ensuring business continuity. Technology has a clear role to play, but traditional manual processes also still have their place – despite the widespread industry focus on digital transformation. To protect their key assets into 2022, organisations will build an ops strategy that has manual and IT aspects working as one.”
Kelvin Murray, Senior Threat Researcher, Carbonite + Webroot
“This year has seen many new technical developments in the mobile cybercrime sphere, with the likes of the Joker malware returning in the form of new, advanced malicious code which camouflages itself as system apps on Android devices. Hundreds of millions of dangerous apps have recently appeared on the Google Play platform over the past few months.
“With many more people accessing work information such as emails and collaboration platforms from their mobile phones amid the shift to modern working styles, organisations need to be wary of the threats related to mobile attack vectors.
“Mobile threats aren’t going away, and we predict they will get larger and scarier as we move into 2022 – so organisations need to encourage their employees to install security software on their personal devices and include the latest mobile threats in their cybersecurity awareness training programmes. Corporate policies should also enforce proper locking of the devices and enable remote wiping where required.”
Martin Riley, Director of Managed Security Services at Bridewell Consulting
“The number of cyber attacks that we’re seeing targeted at the UK’s critical national infrastructure has become alarming. It’s also not just the energy sector that is at risk, but also healthcare, water, aviation and more, and the consequences of these attacks can put public safety at real risk, including a threat to loss of life. Our research uncovered that 88% of UK energy organisations detected a cyber attack on their Operational Technology (OT) or Industrial Control Systems (ICS) environments in the last 12 months, with 91% of these encountering at least one successful attack. The attack surface area of the UK’s energy sector is vast, as more than two-thirds have made their OT systems accessible over the internet.”
Anjos Nijk, Managing Director, ENCS (European Network for Cyber Security)
“In 2022 we expect an ongoing trend of malicious activities targeting energy grid infrastructures including edge systems and grids. We see a tendency for critical infrastructure owners to move from awareness towards increasing efforts to cope with the challenge ahead, whilst OT manufacturers still struggle to raise their cybersecurity maturity.
“Altogether, incidents in the energy sector should be anticipated in the near future.”
Richard Springer, Head of Industrial Cybersecurity Business Strategy and Development at Tripwire
“Beyond the Electrical Utility regulations of NERC CIP, the other 15 critical infrastructures vary wildly in terms of cyber security maturity with most near the immature end of the spectrum. To increase security, there are inexpensive and expensive solutions, but overall the investment in cyber security will increase with analysts providing ranges from single digit to +30% growth for IT and OT cyber security technologies.
“Pipelines were in focus over the summer, but weakness in other critical infrastructure have also emerged. Initial gaps are due to the relative immaturity of cyber security solutions and processes and need to be addressed by establishing basic cyber controls and then evolve. Initial conversations around standards have defaulted to existing policies like NERC CIP and NIST and appear to be a collaboration with government and industry. Cyber security policy is known, it is just a matter of will be enforced. Due to recent events, the recent 100-day sprint and issuance of Executive Orders are the first actions. I’ll be watching the various industry responses to these actions and curious to see the responses to this action and if industry pivots to maturing their cyber security programs.”
Thom Langford, Security Advocate, SentinelOne
“In the Colonial Pipeline attack of mid-2021, it transpired that best-practice was not always followed, even in such a highly regulated sector. With the administrative networks (the back office) not separated from the operational networks (the fuel pumping environment), an attack on the administrative network resulted in the fuel pumping network being shut down to protect it – affecting roughly 45% of the Eastern Sea Board fuel supplies and resulting in panic for almost a week.
“Governments around the world have witnessed the effect fuel outages of just a few days have on their populace, and it isn’t pretty. For next year therefore, I believe there is going to be a far greater emphasis placed on how these supposedly regulated environments are actually going to see far greater scrutiny than they currently see. Whether these regulations (in whatever form they take in each country) will be enhanced, or if the assessment and enforcement of them will simply be more rigorous, remains to be seen.”
James Alliband, Senior Security Strategist at VMware
“We are seeing cybercriminals adopt a style of attacks that seek to cause disruption to human lives. The attack on Colonial Pipeline that triggered a fuel shortage along the U.S. East Coast was only the beginning.
“There will be copycats as we see bad actors target critical industries such as energy, healthcare and finance with the intent to cause panic while cashing in on a ransom payment. The results of a successful attack can be expensive and dangerous, ranging from cancelled hospital surgeries and rerouted ambulances to people waiting hours at a gas station for fuel. This will be an area that is of real interest to nation-states looking to cause disruption abroad.”
Matthew Roach, Head of i-4 at KPMG UK
“Big data and 5G will open up new vulnerabilities: The global rollout of 5G and ‘smart’ vehicles containing an orchestra of sensors is already generating sizeable data lakes of user behaviours that vehicle manufacturers will wish to retain and capitalise on.
“As data is widely seen as ‘the new oil’, our transportation habits will be seen as an easily exploitable vulnerability by ambitious attackers. Recent outages experienced by vehicle manufacturers have left drivers unable to operate their cars and some have been left stranded. As ‘smart’ vehicles increase in popularity, we can expect threat actors to direct their disruptive efforts more towards cars. We may even see the resurfacing of a modern day ‘digital Dick Turpin’, emulating the 17th century highway robber demanding money for travel.”
Derek Manky, Chief Security Insights & Global Threat Alliances, FortiGuard Labs
“We can expect to see new proof-of-concept (POC) threats targeting satellite networks over the next year as satellite-based internet access continues to grow. The biggest targets will be organisations that rely on satellite-based connectivity to support low-latency activities, like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines.
“This will also expand the potential attack surface as organisations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks. In many networks, Linux runs the back-end computing systems, and until recently, it has not been a primary target of the cybercriminal community, but we anticipate this to pick up in 2022.”
Dennis Kengo Oka, principal automotive security strategist at Synopsys
“2021 was the year of cybersecurity standards for the automotive industry. ISO/SAE 21434 ‘Road vehicles: Cybersecurity engineering’, Automotive SPICE for Cybersecurity, and TR-68:3 ‘Autonomous vehicles: Cybersecurity principles and assessment framework’ were all released. The ‘OpenChain ISO 5230 – Security Assurance Reference Guide 1.0’ focusing on security for open source software was also released. But it does not stop there.
“Work on new standards such as ISO 5112 ‘Road vehicles: Guidelines for auditing cybersecurity engineering’, ISO/SAE 8475 “Road vehicles: Cybersecurity Assurance Levels (CAL) and Target Attack Feasibility (TAF)’ and ISO/SAE 8477 ‘Road vehicles: Cybersecurity verification and validation’ are commencing. All of these different standards and technical references provide the automotive industry with guidance for building more secure cars.
“In 2022 we will see a continued adoption of these standards and technical references among automotive organisations. We can also expect more streamlined workflows based on improved security awareness in the organisations, relevant security training for product teams, and increased use of guidelines, templates and automated security testing tools for performing the required cybersecurity activities.”
Paul Cragg, CTO at NormCyber
“The booming logistics sector will be one of the most attractive targets for cyber criminals in 2022, and worryingly, may also be one of the least prepared. Eye for Transport estimates more than half of logistics organisations don’t have a chief information security officer, which indicates that cyber security is not a priority in the sector. With pressure, delays and shortages already amounting, much will need to be done to remove the target from its back.
“In 2022, we’ll see logistics businesses focus on creating the same level of transparency in their cyber defences as they enforce in their supply chain operations. This will be driven in part by pressure from external stakeholders with responsibility for ensuring continuity of operations in this sector – be that investors, shareholders, customers or insurers. If the logistics sector fails to adequately respond, expect to see governments and regulators stepping in – particularly where there is potentially a wider economic and human impact.
“First and foremost this will require real-time visibility into which of their widely-dispersed assets are in danger of breaches due to technical vulnerabilities, as well as an understanding of the immediate steps available for remediation. And that’s just the technology – people and processes must also be safeguarded from evolving social engineering and hacking tactics. With the attack vectors multiplying, logistics companies that can cover all three elements will be able to avoid hefty losses and, crucially, demonstrate their cyber security credentials to trusted partners and suppliers, too.”
Tamer Baker, VP Global Healthcare, Forescout
“Even before the pandemic struck, the healthcare industry had been experiencing explosive growth in the number of connected devices used to provide care and manage facilities. With the significant increase in ransomware attacks against healthcare systems seen in 2021, we can safely predict an even larger increase in 2022.
“These attacks will likely shift from simple yet dangerous ransomware encryption of data – like the devastating WannaCry attack that crippled large parts of the NHS in 2017 – to holding hostage connected medical devices with a denial-of-service attack on top of the data encryption. The expanded attack surface will bring with it new compliance mandates around protecting more devices on the hospital network. To comply and to better prepare for the threat of more attacks, technology and security leaders will launch initiatives to revalidate their IT estate, its posture and potential exposure and channels.
“These changes will also drive organisational restructuring within healthcare. The large threat landscape of connected medical devices has typically been fully under the responsibility of the BioMed/Clinical teams. With the increase in security concerns for these devices, 2022 will likely bring convergence in the IT Security and BioMed/Clinical teams. Either the BioMed/Clinical teams will begin to face strict security mandates or the IT Security teams will be mandated to take greater security control over the connected medical devices.”
“The deepfake technique of using AI to emulate corporate leaders’ signatures will become a more mainstream attack vector in 2022. Financial institutions have been increasingly reliant on voice analysis as a security measure and the threat actor community has already cottoned on. This method was used successfully at the end of 2021, with a $35m theft from a bank based in the UAE. Banks and global investment houses need to take note and ensure their security methods are not over reliant on any single technology solution.”
Armen Najarian, Chief Identity Officer at Outseer
“Use of Buy Now Pay Later (BNPL) services, such as Klarna or Clearpay, skyrocketed in 2021. Shoppers racked up £4.1bn in outstanding debt with these companies, which certain sections of society may never be able to repay. In 2022, the dark side of BNPL will emerge, with the trend re-named “Buy Now Pay Never”. Expect to see cash-strapped individuals try and get away with more and more first-party fraud – using the service and collecting the merchandise with no intent of repaying the loan.
“While merchants and card issuers may prefer to write-off lower value transactions than accuse customers of lying, the lines are blurred with BNPL providers whose entire business model relies on repayment. As the industry enters 2022, tackling all types of BNPL fraud will be critical, as this type of borrowing will face more regulation. Improving fraud detection will help these services look more attractive to regulators, as well as help BNPL providers protect their bottom-line. Data-centric fraud solutions can help, crunching thousands of data points – like age, buying habits, and previous fraud claims – to determine the likelihood of fraud having taken place.”
Matthew Gracey-McMinn, Head of Threat Research at Netacea
“Cryptocurrency exchanges and wallets can often contain huge amounts of wealth that can be a great lure to attackers looking to profit from their attacks. Over the latter half of 2021, there has been an uptick in the number of attacks related to cryptocurrencies. Sometimes these are simple social engineering attacks, and other times much more technically advanced.
“With the amount of money that can be stolen in a single successful attack (potentially running into the millions of dollars) we expect to see more attacks on decentralised currencies. However, we also expect law enforcement to become increasingly involved in both investigating cryptocurrency attacks and exploiting cryptocurrencies weaknesses in order to investigate and interfere with crime. Governments may seek to crack down on cryptocurrencies or seek to regulate them more severely in response to this trend.”
“Ransomware will be rebranded: As Emotet has re-emerged following the short-lived law enforcement takedown, there is evidence of collaboration between notorious ransomware gangs that will gather pace next year. Most recently, Emotet has been adapted to drop Cobalt Strike onto victim’s systems, and we can expect threat actor groups including Ryuk, Conti and Revil to work together and kick off with new campaigns targeting sectors which have not previously been subjected to such attacks – with their sights set on retail.
“As well as disabling systems, these threat actors will be aiming to harvest customer credentials to carry out a double extortion/secondary fraud attempts at scale. Retailers and ecommerce should ensure their client data is held in an encrypted format to protect against this threat.”
Sam Heiney, VP Product at Impero
“Customer self-service options, like self-checkout at the grocery store and contactless check-in and ordering for hospitality organisations, will continue to grow and expand. Unfortunately, we expect more large-scale data breaches as organisations transition from traditional network topologies to the software-defined networks required for top-notch user experiences in this omnichannel, self-service world.”
“Organisations who have already begun the technology transformation embracing secure access service edge (SASE) architecture will see the least disruption next year, giving them a competitive advantage in the marketplace. 2022 will be another unpredictable year with new Covid variants and other surprises, which means centralised cybersecurity controls that can handle decentralised devices and networks are needed.”
Katell Thielemann, VP Analyst at Gartner
“As retailers continue to push the envelope with consumer engagement with Augmented Reality and Artificial Intelligence, other forms of data are also being collected and new cybersecurity concerns emerge. An example is virtual fitting rooms to try on clothes. They create a new cyber-physical reality where biometric data is captured. This creates a new opportunity for cyber criminals, and it is inevitable that those systems will be targeted.”