https://www.digicert.com/blog/what-cybersecurity-brings-for-the-world-in-2022
https://www.digicert.com/blog/author/elitsa-krumova
The COVID-19 global crisis shook all industries deeply and acted as a catalyst for the faster advancement of digitalization of businesses worldwide. Along with this process, innovations and emerging technologies are shaping the landscape for emerging cybersecurity threats. The cybersecurity threats from 2021 are persisting, given the rise of new work models and new forms of business organization.
Indeed, COVID-19 has proven that businesses need to reorganize, revise and alter their processes, workforces and strategies to recover faster and adapt more rapidly with flexibility and sustainability to the new normal. Additionally, all businesses, organizations and governments globally need a more robust, advanced and pan-encompassing cybersecurity monitoring and defense posture.
The most alarming cybersecurity trends for 2022 that networking leaders should focus on are supply-chain attacks, authentication as a service (AaaS) attacks, cybercrimes in the cloud, ransomware and ransomware as a service (RaaS), IoT attacks and zero-day vulnerabilities. Without a doubt, the top risks for businesses globally in 2022 are rooted in the expected and unforeseen cyber risks.
Trend 1: Cyberterrorism, supply-chain attacks and ransomware
Cyber terrorism and hacktivism will be at the forefront of the cyber landscape in 2022, having the potential to cause devastating effects on the global geopolitical map. Regional tensions and cyber conflicts could lead to wider-targeted cyber espionage attacks and even destructive attacks. We can expect major infrastructure attacks in certain regions as a logical consequence from geopolitical events of 2021.
In 2022, supply-chain attacks will be dominant, given the constant economic turmoil, disturbances and deficiencies, which give abundant opportunities to cybercriminals to explore the potential of their actions and the dimensions of destruction they can cause. AaaS attacks will continue to gain strength, as bad actors increase interest in overtaking and re-selling AaaS.
The cyber threats facing industries are expected to be higher this year, especially with ransomware becoming much more sophisticated and grave than ever. The main industries at the front line for ransomware and RaaS cyberattacks in 2022 are healthcare, education, manufacturing and energy/utilities. Ransomware threat actors and cybercriminals will be targeting software supply chains, and we predict ransom payments will see an unprecedented rise. Medical eco-systems will be a main target for attacks due to the rise of HealthTech, MedTech, BioTech, TeleHealth, eHealth, mHealth and Connected Health. SMBs will be exploited more often by RaaS-organized cyber-criminal groups, given their weaker security preparedness and capacity for active defense and monitoring. Moreover, we can expect attacks targeted at smart manufacturing, smart buildings, smart factories, smart cities, GovTech, OT attacks and breaches and DDos attacks. If companies and the public sector don’t act fast to secure their assets and critical data, they will leave blooming opportunities for cybercriminals and cyber terrorists to weaponize data.
Therefore, public institutions, organizations and governments should urgently focus on the integrity of their crucial security infrastructure, by transitioning to a Zero-Trust framework, improving software supply chain security, shifting to a more complex and integrated XDR (extended detection and response) approach, closely monitoring cybersecurity policies, procedures and measures of third-party providers and vendors, and mitigating impendent cyber risks and potential threats of data breaches with extended cyber risk and liability insurance.
Trend 2: 5G and IoT applications & device vulnerabilities
While 5G technology is being widely adopted globally and the number of connected IoT devices and applications keeps growing at a fast pace, this presents a golden opportunity for cybercriminals to exploit device and network vulnerabilities. In 2022 we will witness an increasing number of 5G breaches, due to the vulnerabilities in the current infrastructure that still need to be modified and remodeled for 5G. Threat actors will exploit IoT devices and applications vulnerabilities. Such attacks might be targeted at consumer IoT, such as smart home IoT devices, or at industrial IoT, industrial robotics, smart automation and even smart grid.
The smart healthcare and telemedicine trend might trigger targeted attacks on wearable devices, medical IoT appliances, remote patient monitoring (RPM), decentralized clinical trials (DCTs), and mobile personal emergency response systems (mPERS).
To address any security gaps, IoT solution and service providers must implement robust security monitoring and Zero-Trust architecture. Businesses should be prepared to keep an inventory of the connected assets, authenticate all connection points, sign all firmware and encrypt data at rest in the cloud and at the edge to secure critical data.
Trend 3: The rise of crypto and FinTech cybercrimes
Given the economic disturbances and fallouts globally, in 2021 cryptocurrencies, especially Bitcoin, became extremely attractive for the public. Thus, cryptocurrencies were a pivotal target for cybercrimes. In 2022 we can expect crypto and FinTech cybercrimes to be at the forefront of cybercrime targeting globally. Cyberattacks on cryptocurrencies and crypto wallets will skyrocket and state-sponsored groups will also be targeting the industry. Cryptocrimes targeted at cryptocurrency wallets — locally stored, cloud-based and hardware-based — will surge. Attacks on other crypto-threats, focused on DeFi, smart contracts, fake hardware wallets and blockchain, will increase dramatically. We can expect discussions about better crypto regulations globally.
The insanely rapid rise of the NFTs brings its equally high-level security risks. The pace of adoption of the non-fungible tokens raises alarming concerns, given the critical vulnerabilities yet to be identified and explored. Major security vulnerabilities will allow cybercriminals to access and empty crypto wallets — for example, by using malicious airdropped NFTs. Digital marketplaces and digital assets will be a lucrative target for crypto crimes.
An upsurge in cybercrimes can be expected within the metaverse and on AR/VR peripherals and platforms. We have already witnessed cyber harassment, cyber bullying, and cyber stalking. As with every new technology, the rise of the metaverse will open many new opportunities for cybercriminals and a whole new area for exploration for vulnerabilities and weaknesses. Even novel types of cyberterrorism might be expected to emerge in the metaverse if the required level of security, privacy and identity protection are not reached promptly.
In 2022, attacks targeted at the financial sector will boom. Financial organizations, digital wallets, financial apps, open banking, mobile banking, online payments systems, digital transactions and FinTech apps will be a key focus for cyberattacks. With the increase of mobile wallets and payment platforms, bad actors will find new ways and methods to target mobile fintech.
Conclusion
The phenomenon of hybrid work has pushed organizations to embrace more robust and converged security architecture. This in turn allows them to address emerging threats, be future-ready and cloud-first designed, focus on end-point security, and have all components of the system, networking and security work faultlessly together, as part of a seamless framework. In 2022, IT leaders and CIOs should adopt security-driven networking approaches when reimagining networking models, focusing on the convergence of networking and security to support a hybrid workforce.
The most crucial challenge for tech leaders in 2022 is to be aware and well prepared for the trending cyberattacks and emerging cybersecurity threats, while overseeing the current security state of the business infrastructure. IT leaders should adopt a Zero-Trust approach, along with strong security policies and policy-enforcement business processes and tools. They must look to digitally sign and authenticate everything that touches the network.
Solid cybersecurity practices, such as threat hunting, ransomware mitigation and cyber insurance should rapidly be implemented while considering micro-segmentation and advanced telemetry capabilities for security threat monitoring.
Organization-wide cybersecurity education and training is a must for all in 2022, from SMEs to big tech corporations.