Cybersecurity Trends: the top 5 cybersecurity trends we can expect for 2022.
As we approach the end of 2021, all of us at CIELTECH & CIEL Lebanon want to wish you and your dear families a Merry Christmas and Happy New Year, especially after almost two years of living with the COVID-19 pandemic.
This last year was especially challenging as we finally developed a vaccine and thought things were getting back to normal, only to have repeated lockdowns and restrictions on travel.
On the IT front, Cyberattacks have surged during the COVID-19 pandemic, and this, unfortunately, looks set to continue as the new distributed workforce presents more opportunities of which criminals can take advantage. Hackers will likely continue to exploit any human or technical vulnerabilities and capitalize on the increasingly complex IT requirements of the hybrid work era.
Here, we examine which cyberattacks will likely pose the biggest threat in 2022, and also what IT leaders can do to prevent their organizations from falling victim to the next attack.
- Supply chain attacks
In 2021, there was a dramatic increase in supply chain attacks – the European Union Cybersecurity Agency (ENISA) reported a four-fold increase in attacks. The nature of these attacks varied but criminals increasingly targeted software supply chains, allowing them to compromise sometimes thousands of victims through a single breach, while also providing them with extensive internal access through the trusted systems.
These attacks are very likely to continue in 2022 as organizations increasingly engage with not just third-party vendors, but also third-party individuals. With the threat exacerbated by the challenges of securing the new distributed landscape, organizations should seriously think about how to ensure their supply chain is as secure as possible.
- DNS poisoning attacks
Cyberattacks such as ransomware and phishing attacks garnered headlines in 2021, but alongside those, we are seeing the emergence of another type of threat: DNS spoofing or DNS cache poisoning.
Research shows that DNS-related attacks are on the rise: 72 percent of organizations surveyed experienced a DNS attack in 2021, with one-third of them falling victim to DNS cache poisoning.
These are types of redirect attacks where a cyber-attacker hacks into a user’s domain name system (DNS). For example, the user believes they are visiting website A, but in reality, they are being re-routed to website B. So instead of visiting website A, they are directed to a site that looks like website A, but it’s fake. The user may still be directed to the site they intended, but they will go via another route where all the data they enter can be harvested
- Zero Trust
One method for securing organizations’ valuable systems and data is by implementing a Zero Trust policy. Many organizations will already be familiar with the concept, but 2022 will see Zero Trust gain greater traction among organizations.
Zero Trust plays strongly into the challenges of securing the supply chain, for example, because it is based on not trusting anybody with access to your data or your network until they re-qualify as ‘trusted’ – even if they’re only trusted at that point in time or for a particular activity.
Zero Trust can also mitigate some of the threats associated with remote working, including preventing access to systems and data via unsecured devices in the home running on the same network as a remote corporate device. In effect, Zero Trust creates a cocoon around employees’ activities to ensure any potential cyberattack does not extend beyond that instance.
- Security By Design
Whenever people make decisions about security, they should always consider building in security from the ground up.
There are two reasons for this. The first is that it is much easier to design effective, pervasive security at the beginning of any deployment rather than to try and bolt it on when all the decisions have been made. The second reason is that sometimes adding security layers can have an impact on other things, such as user experience. For example, applying filters designed to stop people from visiting certain websites that actually prevent them from accessing perfectly valid business sites.
This is also why security sometimes has a reputation as the department that says ‘no’. The design decisions were perhaps made and then security was added afterward, leaving the security team with no choice but to say ‘no’ when they spot vulnerabilities.
Additionally, the importance of security must be clearly communicated to employees and stakeholders. It should not be something that’s done in a vacuum; it should be very clearly communicated that these changes are being made to the IT environment. It is a cultural challenge as much as a technological challenge
- Sssh…Securing the Network While It’s Quiet
The era of hybrid working is upon us. UK Government figures show that 85 percent of individuals want to use a hybrid approach of both home and office working in the future. So, while there will be a greater return to office life in 2022, the same levels of activity as before the pandemic probably won’t be seen – there will likely be lower occupancy and less predictable work patterns moving forward.
With many offices running at a much lower capacity and with much less pressure and activity on the network, now is a great opportunity to baseline the environment, spot any potential items that shouldn’t be there, and understand where risks might exist.
Think about the devices on the network that have been implemented – they’re doing their job, but are they introducing any risks? Maybe conference room televisions that can connect to the corporate Wi-Fi or even to Bluetooth? There could be all kinds of devices on a corporate network that could be better tuned for security, but it has not happened in the past because no one’s had the time, or it’s always been too difficult due to too much network traffic with a high number of people in the building.
Organizations are looking to the Internet of Things (IoT) technology to help them maintain a comfortable, safe, and energy-efficient office environment. Now is the perfect time to optimize the security of those, and any other devices, on the network for 2022.
Looking Forward to 2022
The year 2022 will be the year that security comes back into focus (since some companies previously switched their IT personnel from security to enabling work-from-home) as a priority for organizations. Protecting the attack surface will regain attention, as attacks continue to increase.
Moreover, the High-profile sporting events will also present new opportunities for attackers to target users: The Winter Olympics in Beijing and FIFA World Cup in Qatar give threat actors plenty of scope for exploitation. Such large events attract opportunistic attackers, be it a direct attack on organizers, sponsors, participants, and fans, or as phishing lures for malware and ransomware campaigns targeted at users.
With the increase in attacks, the continued need for a hybrid worker, and the ongoing digital transformation of organizations around the world, application security will become a key focus in the coming year.
To learn more about how to make your organization’s applications more secure for the coming year, contact us for a meeting.