A new study has detailed a number of trends that cybersecurity leaders need to look out for as digital transformation evolves through the coming year.
Compiled by experts at incident response company, BreachQuest, the study’s findings focus on improving cybersecurity infrastructures and compliance with developing data protection laws as businesses shift towards hybrid working arrangements.
Cybersecurity trends for 2022
Greater focus on asset visibility
Organisations can use outsourced detection and response for 24x7 operations, but it’s important to match the control to the threat. If the goal is stopping ransomware threat actors, visibility matters more than hours of coverage. By the time ransomware is being detonated, you’re fighting the wrong battle.
Most ransomware operators take a few days to a couple of weeks performing lateral movement, privilege escalation and exfiltrating valuable data. That’s where organisations need to focus on stopping ransomware. However, with good monitoring to detect lateral movement in the environment, ransomware risks are diminished substantially.
Most organisations considering ransomware response are hyper focused on protecting backups and are not doing enough work on the earlier stages of the attack (lateral movement and privilege escalation). As security teams are doing year-end analysis, it is expected that asset visibility will be near the top of the list so they are able to identify and stop attacks earlier.
Remote access exploits will be at the top of cybercriminals’ to-do lists
Threat actors will continue to rapidly operationalise any exploit that provides them with remote access to an environment (ex: Pulse Secure). Organisations need to pay special attention to any vulnerability in VPN appliances.
Security professionals should take note today of which vendors are providing patches for those systems regardless of their current maintenance support contract and consider migrating to those. VPN vulnerabilities in particular have long patching lead times in many organizations, but threat actors aren’t offering the luxury of time.
Reorganisation of security infrastructure
There’s little question that the vulnerability landscape has shifted since the start of the pandemic. As the majority of knowledge workers moved from on-premises to remote work, network architecture fundamentally shifted.
The shift to remote work happened so quickly that most organisations only worked on availability without worrying about the other aspects of security. Vulnerabilities caused by the rapid transition to remote work will certainly continue to be discovered.
Cloud services are great for centralising security, when properly implemented, and are generally more secure than on-prem counterparts as security issues can be remediated in bulk - unlike on-prem systems that must be individually patched. It is expected that as more organisations switch their mindsets to remote work being the usual, instead of a stop-gap, we will see security tighten up until normal in-office work returns.
Additional federal laws and requirements are incoming
In the US, the DHS Software Supply Chain Risk Management Act set the stage for Software Bill of Materials (SBOM) implementation across not only the Federal Government, but the entire IT industry.
While the bill itself is only specific to software used by the federal government, once software bills of material are built, there’s very little chance that other organisations won’t demand this data as well.
That legislation, paired with the U.S. Department of the Treasury advisory which stated that facilitating ransomware payments to hackers is potentially violating OFAC regulations, is likely the tip of the iceberg in terms of incoming laws and advisories in 2022. While this is definitely a step in the right direction for cybersecurity, companies have to be careful to not use these as the minimum standards to meet.
Shaun Gordon, CEO of BreachQuest, said:
“With 2021 being a record-setting year for cyberattacks, there are a multitude of themes and learnings security professionals should take into 2022.
“That said, the biggest takeaway has to be the need for preparedness. If we have learned one thing, it’s that cybercriminals are continually becoming more organised and dangerous with the passage of time and organisations must be prepared to meet these threats,” Gordon added.