Well, we made it. 2021 is finally in the books. The gift of LOG4J and the onslaught of vendor emails made for an eventful end to 2021. Take a minute (and I only mean a minute) to catch your breath before we jump headfirst into 2022. It’s time to look forward to what the cybersecurity landscape will give us this year. Obviously, I could continue to scare you with increased COVID-19 related attacks, the lack of cybersecurity progress in the healthcare industry, and mega breaches in the cloud, but there is already enough written and rewritten on those topics. The cloud continues to be a technology accelerator – and a risk to businesses going forward. Most of our office perimeters have dissolved and clouds enable a mobile workforce. Hyper-connectivity of systems and applications, and everything automatically talking to everything else is a must. This translates to a lot of risk in 2022.
A recent report by Cybersecurity Ventures outlined that global cybercrime costs1 will reach nearly $7 trillion USD annually in 2022. To put this figure in perspective, if cybercrime was a country, this figure would represent the world’s third-largest economy after the U.S. and China. There is an entire industry that has popped up around cybercrime in a way we’ve never seen before. With so much at stake, what are the things to watch out for to make sure you are as prepared as you can be?
Looking back, a lot of the risks we called out at the beginning of 2021 were never properly addressed and therefore remain risks today. For example, credential theft and attacks targeting privileged users continue to dominate the headlines. Although, the targets and sophistication of attacks have evolved.
Back in 2019, and 2020….AND 2021, I said the best way to combat these types of attacks was to use multi-factor authentication (MFA). Use it for everything! There is no simpler way to say it – but three years later, this is still not being done. Until we require MFA for access, making it the standard, risk will continue to increase. I cover this past advice and other cybersecurity predictions for 2022.
1. Embrace ZERO Trust Security
We are all used to the traditional security model of authenticating to the perimeter VPN or to a cloud application, then carrying on with our tasks. This “Trust but Verify” strategy assumes everything within an organization’s network is trusted and not already breached. Once a user is authenticated to the VPN, they can move around to any resource to which they have access. The assumption is the user is who they say they are, the user’s account is not compromised, and that the user will act responsibly.
This model leaves organizations vulnerable to credential theft, low and slow attacks, and malicious insiders. Essentially all authenticated users are trusted on the network. That’s a risk. A big one.
Enter ZERO Trust.
ZERO Trust is not a single product or technology, it’s a methodology. ZERO Trust access methodologies never trust and always verifies. This eliminates any trust that previously existed for users, credentials, network, permissions. Instead, ZERO trust continuously checks and authenticates all attempts to gain access to data, applications, servers, resources, etc. to ensure they are who they say they are. Even the U.S. Federal government is pushing hard for agencies to adopt this model under new guidance released last year by the Office of Management and Budget’s Cybersecurity and Infrastructure Security Agency. There will be a heavy emphasis this year by organizations both large and small, federal agencies, and security vendors towards ZERO Trust strategies.
2. Cryptocurrency becomes a target
With interest rates (currently) at all-time lows, hyper-inflation, and the U.S. stock market at all-time highs, investors are looking at better returns on their money. Apps like CoinBase, Robinhood, eToro, and others can make investing available to even the most technologically novice user. This could potentially be a recipe for disaster. As novice investors move funds around into these apps, they become popular and draw attention. Late last year, we saw what Robinhood calls a “data security incident” which compromised data from 7 million accounts by using simple social engineering techniques. Although this incident wasn’t as bad as it could have been, this shows that no app is off-limits. This was the toe in the water. We are going to see larger attacks focused on targets where the money is.
Take steps to protect yourself:
- Practice good security hygiene
- Do not respond to unsolicited messages (These are almost always scams)
- Do not divulge information
- Monitor the activity on your investments
- Turn on two-factor authentication
3. Ransomware as a Service
Yes, this is really a thing now. Ransomware as a Service is a subscription-based model that lets anyone use ready-made ransomware tools to launch an attack. There is no need to develop your own ransomware or even be technically proficient. Using the platform, someone can launch the attack and share the profits. An entire industry has cropped up to support ransomware as a legitimate business model – including crypto exchanges and “cyber security” companies. Most of these crypto exchanges are fronts to launder money, and the “cyber security” companies who “negotiate” with the malicious actors on a customer’s behalf are also part of the ploy.
There is currently no technology that eliminates or completely blocks ransomware. If that were the case, ransomware wouldn’t be profitable and would not exist. Disturbingly, it’s growing faster than ever. Ransomware is here to stay – because most industries make it so easy to become targets. The best way to combat ransomware is to implement security best practices, verify and reverify that there are working backups, and real-time monitoring.
In the event the ransomware is successful, unfortunately most of the time, the only way to get data back is to pay the ransom. This is a hard pill to swallow. Even the FBI strongly recommends not paying ransoms, but in a time of crisis all options are on the table and the number of victims paying the ransom is increasing year over year. According to Sophos, 32% of companies hit with ransomware paid a ransom in 2021, up from 26% in 2020.
These stats are high mainly due to the decrease in properly performed and verified backups and other responsible methods used to recover from ransomware and other data-compromising disasters. Because backups aren’t verified to be working, either due to technology failures or not being set up properly in the first place, this leaves the company with few options. Unfortunately, in these cases, paying the ransom, although not encouraged, may be the shortest route to get data back. Of the 32% that paid the ransom, 96% of them were able to get some of their data back. But recovered data is inherently compromised going forward.
There are steps you can take now to avoid paying a ransom and becoming a statistic:
To read the rest of this article, click here.