5 minute read
CYBER SECURITY
Four top cybersecurity threats that organisations should prepare for in 2022
One of the biggest challenges that IT departments are currently facing, is making sure their cybersecurity protocols fit into existing employees’ workflows and patterns within the hybrid environment. If they don’t succeed, users may well put the company at risk by attempting to bypass critical security policies in efforts to make their remote working experiences easier.
Advertisement
By Bradley Pulford, Vice President & Managing Director, HP Africa.
The threat landscape is going to evolve and expand at a high pace in the year ahead. We should expect to see ransomware gangs continue putting lives at risk, the weaponisation of firmware exploits and much more. Here are four key cybersecurity trends organisations need to be prepared for in 2022.
Continued commoditization of software supply chain attacks could result in more high-profile victims targeted
Cybercriminals are always ahead of the curve when it comes to password theft. According to PCW, 54 percent of African CEOs are very concerned about the fast-evolving nature of cyberthreats.
One of the common threats target software supply chains. SMBs and high-profile victims may be targeted. Targeting software supply chains allows ransomware threat actors to increase the scale of their attacks by accessing multiple victims through a single initial compromise.
The pandemic has shown a lot of new cybersecurity issues and companies are working diligently to ensure they are prepared for anything that comes their way in the future. One of the major changes include enhanced software supply chain security, transitioning to a zerotrust framework for cybersecurity and increased scrutiny on the cybersecurity measures.
Ransomware gangs could put lives at risk and engage in ‘pile-ons’
Despite a community driving to ban ransomware activity from online forums, hacker groups use alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors, affecting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections. This is according to research done by cyber company Trellix.
The research highlights that South Africa is only seventh on the list of countries that have experienced the most number of ransomware attacks, despite it only having the 32nd largest gross domestic product (GDP) in the world.
Ransomware will continue to be a major risk in 2022, with victims potentially being hit more than once. The method will be akin to ‘social media pile-ons’ – once an organisation is shown to be ‘soft’ or to have paid a ransom, others will pile-on to get their share of the action. In some instances, threat actors will hit a company multiple times – doubling or even tripling extortion rackets.
Ransomware operators will almost certainly intensify how they pressure victims into paying ransoms. Beyond data leak websites, attackers will use increasingly varied extortion methods, such as contacting customers and business associates of victim organisations.
Weaponisation of firmware attacks will lower the bar for entry
Firmware provides a fertile opportunity for attackers looking to gain long-term persistence or perform destructive attacks. The security of firmware is frequently neglected by organisations, with much lower levels of patching observed.
In the last year we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously these types of attacks were only used by Nation State actors. In the next 12-months we can expect to see the TTPs (Tactics, Techniques, and Procedures) for targeting firmware trickle down, opening the door for sophisticated cybercrime groups to weaponised threats and create a blueprint to monetise attacks.
The lack of visibility and control over firmware security will exacerbate this issue. Certain industries, such as healthcare, where these attacks could be more probable, should start thinking about the risks posed by low-level malware and exploits.
Hybrid work will create more opportunities to attack users
The shift to hybrid work will continue to create problems for organisational security. The volume of unmanaged and unsecure devices has created a wider attack surface. Threat actors could start to target the homes and personal networks of top executives, or even government officials, as these networks are easier to compromise than traditional enterprise environments.
Phishing will remain an ever-present threat in the era of hybrid work. The line between personal and professional has been blurred, with employees using home devices for work, or corporate devices for personal tasks. This will continue, and it’s likely there will be an increase in phishing attacks targeting both corporate and personal email accounts, doubling attackers’ chances of a successful attack.
A new approach to security is needed
The rise of hybrid working and continued innovation from threat actors means 2022 has plenty of nasty surprises in store. As a result, a fresh approach to secure the future of work is required.
We urge organisations to deliver protection where it is needed most: the endpoint. Organisations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of Zero Trust — least privilege access, isolation, mandatory access control and strong identity management.
This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralising cyber-threats. For example, disposable virtual machines can be transparently created whenever the user performs a potentially risky activity, like clicking on an email attachment or link. This means any malware lurking inside is rendered harmless and allows organisations to drastically reduce their attack surface.
