Cyber Security Trends & Vulnerabilities For 2022
Updated: May 10
As we come close to wrapping up Q1 of this year, the Cyber threat landscape is probably far different than what anybody ever imagined last year. A lot of this has been fueled by the recent conflict with Russia and the Ukraine, where the escalated threat of even worse Ransomware is now a reality. The biggest fear now is that of a massive assault onto our Critical Infrastructure, in a simultaneous attack, cutting off food, water, and even electricity all at once.
So far nothing has happened, but nobody is discounting it out either. But apart from this, what are some of the other trends that are occurring which have been lurking, but not too much talked about? We examine some of these in this article.
What Else Is Happening
Here is the rundown:
AI is going to boom further: With everything that is going around us, IT Security teams have probably or even exceeded their breaking points of keeping track and fighting off the latest threat variants. It’s not that they don’t have the tools in place to help them, but they often need to be tweaked and optimized on a regular basis so that they do capture the information that is real, and not a false positive. Because of this, many teams are now resorting even further to the use of Artificial Intelligence (AI) and Machine Learning (ML). Although the algorithms that drive these two also had to be tweaked often in the past, they now have advanced to the point that they don’t need as much anymore. Also, they have become very affordable, as you can custom build an AI or ML system straight in the Cloud either with the AWS or Microsoft Azure. In fact, the bulk of the Fortune 500 are now ramping their efforts in this regard. But there is a flip side here as well: As much good AI and ML can bring to the table, the Cyber attacker is also using it for nefarious purposes, such as creating Deep fakes and launching Synthetic ID Fraud attacks.
Ransomware will further proliferate: One of the biggest fears was just described at the beginning of this article. But there are other fears as well. For example, it is quite possible that a Cyber attacker group could take control of something even more serious, such as a nuclear power-plant, or even yet, a military installation where nuclear missiles are stored. Remember, the security that went into protecting these systems were developed many years ago. You simply cannot rip out the old ones and put in something entirely new, because of inter-dependency of these legacy systems. The only viable option is to install any firmware or software upgrades/patches that are compatible with the old stuff. But you simply cannot do all of this at once, it has to be done in a gradual, phased in approach so that no more new back doors are created for the Cyber attacker to enter into.
The Internet of Things: Very often referred to as the “IoT”, this is where the devices that we interact in both the real and virtual worlds are all connected together. While this does have its fair share of advantages and benefits, it also has its huge vulnerabilities as well. For example, with all of the interconnections taking place, this simply expands the surface for the Cyber attacker to enter into. The reason for this is that the lines of communications between these devices still remain unencrypted, and this allows for the hacker to move laterally quite easily and stealthily in a covert fashion. At every point in the journey, they can drop off their malicious payload without you noticing it until it is too late. Also, the vendors that make these IoT devices don’t take security as a high priority. Very often, they tell their customers that its fine to leave their IoT based products on the default settings, but this is a huge no-no, and should never be followed. As we move further into 2022, the number of connected devices is expected to reach well over 18 billion. Because of this, the new trend has now been labelled as the “Internet of Vulnerable Things”. In fact, many businesses are now recreating their physical IoT devices into the virtual world, which is technically know as the “Digital Twins”. Although the intent here is to test drive a new process or procedure before it is released into the production environment, a Cyber attacker can quite easily capture this and make even more replications for evil purposes.
The vetting of partners: In the past, when there was some level of implicit trust, many companies took the honesty and value of their third-party suppliers. But now that everything has pretty much gone digital, and also fueled by the Solar Winds hack, many of them are now closely scrutinizing who they want to partner up with. These suppliers now must come up to at least the same level of the vendor that will be entrusting them, and a key factor in determining who will win out will now go back to the level of Cyber Risk that will be experienced. This only makes sense, as you would never want to work with anybody who brings a high level of risk to the table. In fact, according to a recent study by Gartner, at least 60% of businesses here in the US will be using the level of Cyber Risk as a key determinant.
Regulators will pick up the pace: Many of the agencies that enforced the statutes and provisions of the GDPR and the CCPA remained pretty quiet so far during the pandemic. But with COVID-19 now easing up here at least in the United States, it is highly expected that they will once again pick up the pace of conducting audits and imposing harsh financial penalties as 2022 rolls on forward. One of the key reasons is not only the rise of making ransom payments to the Cyber attacker, but the costs of security breaches reached close to $6 trillion last year. In order to bring this whopping number down, companies are going to have to greatly ramp up their efforts to make sure that they have the right controls in the place so that they do not become the target of a publicly embarrassing audit.
Well, this is what is predicted as to how the rest of this year is going to turn out. Of course what is forecasted and what turns out to be real are very often two different things, so it will be quite interesting to see what shakes out in the end.