Cyber Threats Aren’t Letting Up: What to Know for 2022
The coming year will see more of the same attacks as 2021. But there will also be new ones, and new considerations.
Shutterstock
Ransomware costs will reach $265 billion by 2031, according to projections from Cybersecurity Ventures. On top of that, new attacks will come every two seconds, the firm says, “as ransomware perpetrators progressively refine their malware payloads and related extortion activities.” Cyber threats presented via ransomware will only worsen in 2022. Here’s what some vendors have to say to channel partners.
“Solving ransomware challenges becomes an executive problem, giving resellers access to the boardroom. … As governments step in and propose new laws that would require companies to disclose ransomware payments, leaders at organizations will no longer able to hide their attacks and are expected to take a much more active role in data protection. Resellers will be able to use this opportunity not only to protect their customers and demonstrate their value, but also to build closer relationships at the executive level.” —Mike Walkey, senior vie president of global channels and alliances at enterprise data management software vendor Veritas Technologies
“Existential threats like ransomware demand a fresh approach. In 2022, 100% prevention will become the standard as organizations fully embrace zero-trust principles. Ransomware is the sleeper agent of cybersecurity, and despite the billions invested in combating this malware, detection is not the answer. Zero-trust goes some way to managing the threat, but it must evolve toward the 100% protection of critical data, and that means 100% prevention. We need unconventional approaches to defend our economies, critical infrastructure and way of life.” —Petko Stoyanov, CTO for global governments at data protection provider Forcepoint
“Natural disasters like hurricanes, wildfires, earthquakes and floods are increasing in size and frequency. And when natural disasters strike, communities and organizations are the most vulnerable. Cybercriminals understand this — and they will make it a priority to take advantage of environmental events to create more havoc by targeting physical infrastructure like electric grids, fuel pipelines and water systems with ransomware attacks. State and local governments must respond to this growing threat by better preparing their defenses and regularly running disaster drills and simulations to counter these threats. The more they practice, the better their response will be.” —Lyndon Brown, chief strategy officer at managed detection and response vendor Pondurance
“Despite investments in preventive measures, ransomware will continue to be a significant issue. The struggle will shift to the internal attack surface.” —Mike Heredia, vice president, EMEA and APAC at path management platform maker XM Cyber
“File data and their backups are new targets for ransomware. File data — which may be user documents, video or research notes — may not be protected as vigilantly as … operational data such as customer databases or invoice systems. Yet this data still has long-term value and contains sensitive info such as PII or IP that can’t be compromised. The flip side is, that as organizations bolster their ransomware defenses by taking on a more thorough approach to detection, recovery and restoration, they may end up spending exorbitant opex on a ransomware program. Right-sizing ransomware protection will be a smart tactic.” —Krishna Subramanian, president and COO of data management firm Komprise
“Ransomware incidents will double, if not triple, and more companies are paying ransom, creating a death cycle. Further, more supply chain compromises will drive ransomware attacks. … Instead of working on their ransomware backup strategy, companies would be much better served focusing on their hygiene and EDR strategy. The focus is on the wrong areas — don’t focus on the symptoms; focus on the root causes..” —Andrew Howard, CEO of managed security provider Kudelski Security
“Ransomware gangs are morphing into ‘everything gangs.’ Instead of just doing ransomware and data exfiltration, they are doing cryptomining, botnet creation, DDoS attacks, etc. The attack gangs of the future will look at every new victim as a pot of gold and try to figure out what to do and in which order to maximize financial value extraction.” —KnowBe4, a security awareness training firm
Hackers will target any vulnerability they can find. In 2022, APIs, the digital magic that connects business applications, will invite more breaches because most organizations leave them unsecured. This will stand out as one of the most important cyber threats to protect against.
“APIs are an increasing target and often-ignored attack point. … By 2022, API abuses will move from an infrequent to the most frequent attack vector, resulting in data breaches for enterprise web applications.” —Peter Firstbrook, research vice president at Gartner
“APIs will become more critical as interconnectivity evolves. Organizations will struggle to deal with the complexity of APIs and interconnectedness, which will create new vulnerabilities.” —XM Cyber’s Mike Heredia
Many an industry observer predicts hackers will do their best to cause turmoil among world citizens, particularly in the United States. This will include attacks on the already weakened supply chain. Channel partners must remain vigilant on behalf of their own operations as well as those of their clients.
“Nation-state attackers will target the U.S. economy and financial institutions with disinformation, much like they have targeted our political institutions. These nation-states could spread misinformation about the viability of our banking system, thus stoking panic among consumers and causing a run on our banks. These campaigns will be small in nature, but they could add up to make people lose confidence in our financial systems. … Expect to see the introduction of more cybercrime legislation around the globe that will fight back on cybercrime syndicates and make it harder for them to evade police action. This could include new laws that make it easier for police to gain search warrants, as well as more anti-corruption legislation to disrupt the use of cryptocurrency and cybercrime. Though cybercrime syndicates are still emerging, we predict at least one major cyber ring will be shut down this coming year.” —Pondurance’s Lyndon Brown
“Nation-states will activate more disruptive attacks against their adversaries.” —XM Cyber’s Boaz Gorodissky
“The global supply chain is at the forefront of everyone’s mind today — including cyber attackers. While organizations focus on supply chain challenges like unloading container ships and managing workforce shortages while containing cost, cyber attackers are busy leveraging hyperconnected digital supply networks to invent new attack vectors. Now is the time to move beyond just monitoring security risk in supply chains — and to start taking action to mitigate it.” —Sharon Chand, cyber secure supply chain leader at consultancy Deloitte
Research firm MarketsandMarkets predicts that cyber threats will heighten demand for specialized insurance. As a result, spending on cyber insurance will grow from $7.8 billion in 2020 to $20.4 billion by 2025. That amounts to a compound annual growth rate (CAGR) of 21.2%, a relatively staggering figure. Yet the increase is not shocking. As organizations experience an unprecedented number of cyber threats, they must have liability coverage. MSSPs are no exception. At the same time, these partners need to understand what their customers need, and what limitations they might encounter.
“Cyber insurance premiums are going to skyrocket, and states will implement liability shields for companies. We’re going to see higher premiums, more exclusions, longer forms and more third-party analysis. Ransomware, in particular, will likely be an insurance exclusion moving forward.” —Blair Lyon, vice president of cloud experience at cloud hosting provider Linode
“Cyber insurance policies will continue to evolve. With cyber attacks on the rise, leadership discussions on cyber insurance are rising as well. As the attack surface evolves, so do changes policy coverage terms and costs. Cyber insurance is one piece of the cyber program management and financial optimization puzzle that leaders are constantly working on.” —Daniel Soo, principal — risk and financial advisory at Deloitte
Research firm MarketsandMarkets predicts that cyber threats will heighten demand for specialized insurance. As a result, spending on cyber insurance will grow from $7.8 billion in 2020 to $20.4 billion by 2025. That amounts to a compound annual growth rate (CAGR) of 21.2%, a relatively staggering figure. Yet the increase is not shocking. As organizations experience an unprecedented number of cyber threats, they must have liability coverage. MSSPs are no exception. At the same time, these partners need to understand what their customers need, and what limitations they might encounter.
“Cyber insurance premiums are going to skyrocket, and states will implement liability shields for companies. We’re going to see higher premiums, more exclusions, longer forms and more third-party analysis. Ransomware, in particular, will likely be an insurance exclusion moving forward.” —Blair Lyon, vice president of cloud experience at cloud hosting provider Linode
“Cyber insurance policies will continue to evolve. With cyber attacks on the rise, leadership discussions on cyber insurance are rising as well. As the attack surface evolves, so do changes policy coverage terms and costs. Cyber insurance is one piece of the cyber program management and financial optimization puzzle that leaders are constantly working on.” —Daniel Soo, principal — risk and financial advisory at Deloitte
In 2022, global spending on information security and risk management tools and services will reach $172 billion, according to Gartner. That represents an 11% increase from 2021. That’s because cyber threats will continue nonstop. COVID-19 unleashed hell for organizations as attackers took advantage of pandemic fears and vulnerabilities. That activity will not slow.
For the coming year, ransomware, APIs, connected equipment and sensors rank as some of the biggest areas of concern. In fact, observers predict hits in new areas: attacks on medical devices in hospitals and other health care settings, as well as on patient billing systems; on remote-controlled tractors and other equipment in the agricultural sector; on IoT sensors that support smart cities; and so on. Organizations will turn even more to managed security service providers for guidance and management of their environments.
Find out more about the cyber threats coming in 2022 so you can better protect customers (and your own operations). Check out our slideshow above.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Kelly Teal or connect with her on LinkedIn. |
About the Author(s)
You May Also Like