Security Predictions For 2022

Article supplied by Palo Alto Networks

In 2021, we saw the sustained acceleration of innovation and digital transformation as organizations continued to navigate the effects of the global pandemic. Unfortunately, cyberattacker also grew in sophistication, compromising the very foundation of our digital economy. The impact of ransomware attacks reached an unprecedented scale, threatening thousands of organisations worldwide and even holding critical infrastructure hostage.
Looking back at our predictions from last year, we saw that the data privacy debate was indeed a critical focus. As authorities ramped up COVID-19 contact tracing and information sharing efforts in a race to reopen their borders, the ability of governments to secure and protect citizen data effectively also came under scrutiny in several countries across the region. 

We also forecast that the shift to mass remote work would drive businesses and their respective IT teams to speed up IT adoption – with security getting pushed to the edge and simplified. In a recent survey, we found that organisations in the Asia-Pacific region (APAC) identified maintaining comprehensive security as the top remote access challenge when expanding work-from-home capabilities, leading 80 per cent of them to seek broad, end-to-end solutions to improve their remote security posture.
With the pandemic-induced shift in digital behaviour and adoption clearly here to stay, the question remains: Are organisations well equipped to deal with the security threats that we will face in 2022?
Here are our predictions for the cybersecurity trends that will shape the digital landscape for the year ahead.

Prediction One

Cybercriminals are getting richer than ever 

• Over the past year, the APAC region has seen a variety of cyberattacks, but the one that has truly risen in prominence is ransomware attacks. The 2021 Unit 42 Ransomware Threat Report revealed that the average ransom paid by an organisation in the first half of 2021 was US$570,000 – an 82 per cent increase from the year before. This demonstrates how cybercriminals continue to profit and dominate the cyber threat landscape. 

• It’s no secret that cryptocurrency fuels the ransomware economy, and its continued appreciation will only spell good news for cybercriminals. In spite of its volatility, bitcoin’s value is anticipated to continue rising. It reached a new all-time high in October, and some experts expect the coin’s value to hit $100,000 by early 2022. At the same time, attackers have been more aggressive in coercing organizations into paying larger ransoms. In June, meat giant JBS paid ransomware attackers US$11 million to prevent further disruptions to its supply chain.

• Furthermore, the decentralised nature of cryptocurrency offers attackers anonymity and protection of their identities. As the currency is not tied to any central bank or financial institution, it makes it hard for regulators to trace back to the criminals. Cybercriminals can move their illegitimate proceeds across countries without detection and engage in money laundering to further fuel illicit activities. Viewed through this lens, cryptocurrency has become a vehicle for cybercriminals to supercharge their unlawful deeds.

• The rising value of cryptocurrency may signal further growth and evolution of cybercrime. Cybercriminals who have received ransom payments in cryptocurrency will have more funds and resources to launch bigger attacks on critical infrastructure. Beyond monetary loss for businesses, the systems and services that entire populations depend on could be crippled. We can also expect cybercriminals to take data exploitation to the next level: Attackers are now launching “shameware” attacks – double extortion in ransomware campaigns – in a bid to inflict lasting reputational damage on targets who do not accede to their ransom demands.

• The emergence of double extortion tactics points toward how attackers plan to take confidential information public. We will also see quadruple extortion tactics coming to the forefront, as threat attackers add pressure points to coerce their victims into paying up.

Safeguarding what really matters

• As a first step, organisations can improve their cybersecurity posture by undertaking a Ransomware Readiness Assessment to determine their level of preparedness for an attack or run tabletop exercises to identify any security gaps that need to be addressed.

• Organisations should tackle the root of the problem by adopting a prevention-based approach to cybersecurity. Examining how to reduce the attack surface and building capabilities that prevent both known and unknown threats are essential. As attackers’ techniques become more sophisticated, organizations should include AI and other new technologies as part of their arsenals. Correlation capabilities that provide continuous validation of authorised use and accurate detection of anomalous activities will also help. 

• Closer collaboration between cybersecurity providers, cloud and telecommunications operators is critical to disrupting successful ransomware attacks and imposing real costs on adversaries. The former have access to threat intelligence and information on the activities of ransomware gangs, while the infrastructure of the latter is used by ransomware actors to propagate attacks.  

• With the help of private sector threat intelligence, governments should also continue to leverage all instruments of national power to raise the consequences for attackers and reduce the profitability of their attacks. 

• Cybersecurity is a team sport where everyone – individuals, businesses, and the authorities – needs to work together to safeguard the data and integrity of assets belonging or connecting to any organisation’s network. The more united we are in our approach against cyberattackers, the harder it will be for them to put our finances at risk, steal our information, and disrupt our livelihoods.

Prediction Two

Cyber Attackers now have a bigger playing field

• As we enter the era of Web 3.0, the spatial web will be brought to the forefront. We will be interacting with smart devices that have intuitive and sensory triggers such as geolocation, computer vision, and biometric or commands. Digital information will exist in physical spaces, meaning that security breaches of such devices could lead to far-reaching consequences in the real world.

• The ubiquity of IoT devices in our everyday lives has further blurred the lines between our physical and online worlds. Be it smart light bulbs or self-driving vehicles, these devices have vulnerabilities that hackers could exploit. Web 3.0 will make data breaches and other cyberattacks a lot more impactful, as these attacks are on cars, buildings, and physical lives.

Navigating a mixed reality

• The good news is that organisations are making progress in shoring up their cybersecurity defence in the Web 3.0 era. In Singapore for instance, organisations are warming up to the new security paradigm of Zero Trust, especially with the strong support from regulatory bodies. The Monetary Authority of Singapore (MAS)’s Cyber Security Advisory Panel specifically supported the adoption of zero trust security principles and architecture to tackle advanced cyberthreats. If 2021 was the year to validate a Zero Trust architecture for cybersecurity, then 2022 will be the year of adoption and implementation. Leveraging a platform approach to speed up Zero Trust adoption will ensure organizations to better manage the associated risks with a holistic view of all devices and data in one place.  

• Organisations will also need to start looking into segmenting their networks to reduce the attack surface. The implementation of physical or virtual firewalls will give network owners more control over access to sensitive applications and data. They can also prevent malicious traffic from establishing a communication channel within their network.

• Given the hyper-connectedness of our networks today, organizations will also need an ironclad strategy that offers complete visibility of all devices connected to their networks. AI is a powerful tool that can help to accurately profile, correlate, and contextualize every digital entity. The combination of these capabilities will help organizations validate, authenticate, and apply threat prevention technologies across their entire infrastructure.

Prediction Three

Greater reliance on digital services presents more opportunities for cybercriminals to carry out identity theft, fraud, and unauthorised data collection 

• There is no doubt that the APAC region is in the midst of a digital banking revolution, with at least two new digital banks expected to emerge in every market by 2025. The region’s overall digital banking penetration rate increased sharply from 65 per cent in 2017 to 88 per cent in 2021 – in part due to the impact of the pandemic. 

• Of note, senior citizens have been compelled to come onboard the digital banking bandwagon despite initial skepticism and hesitation. They were identified as the fastest-growing segment for digital adoption by major retail banks in Singapore, likely in response to stay-at-home orders for vulnerable populations.

• While digital banking brings greater convenience and accessibility, it is not without potential risks. Especially with the rise of open banking and solid fintech growth in the region, poor programming done at the application programming interface level can have serious repercussions as APIs are the glue that holds most digital apps and software together. New services like buy now, pay later are no exception.

• Any security misconfigurations in APIs could be exploited as an entryway for cybercriminals to gain access to personal data, manipulate a transaction, or shut down a key service. Such data is of great value to attackers, who can not only sell the information on the dark web but can also use it to carry out spear-phishing, account takeover attacks, or business email system compromise. 

Shoring up defences against online fraud 

• Financial institutions can build customer trust and enhance anti-fraud measures by including customer education as part of their security strategy. Special care should be given to groups like the elderly, who may be more susceptible to fraud as new users of digital banking platforms. 

• Such efforts can also be strengthened with government programs to spread greater awareness. In Singapore, for example, various government agencies developed the SG Cyber Safe Seniors Programme to educate seniors on cybersecurity and cyber hygiene practices. 

• On the backend, financial institutions need to integrate security into all stages of the software delivery process and ensure that they have visibility on their entire API ecosystem. This approach, also known as DevSecOps or “shift left” security, ensures that software is tested for security problems before it goes public, allowing IT teams to plan for any security issues that might appear after deployment.

• In addition, organizations should implement API security to their inventory and assess the security of external-facing APIs. Monitoring and addressing any anomalous activities within API interactions is also vital. 

Prediction Four

Expect bigger and bolder attacks in the coming years

• Globally, organisations have been actively digitising systems and processes within national critical infrastructure. While this bodes well for service delivery, every digital touchpoint in such infrastructure has now become a target for cyberattacks.
  
• Critical infrastructure, with its confidential and lucrative data, is a key target for cybercriminals. In 2020 and 2021, we witnessed several high-profile attacks on critical infrastructure, including attacks that have shut down New Zealand’s Stock Exchange and disrupted the operations of Taiwan’s state-owned energy company. 

• Critical infrastructure is susceptible to attacks from state-sponsored groups as well. In June 2020, the Australian government revealed that critical infrastructure and even businesses have been targeted in a series of state-sponsored cyberattacks. The digital vulnerabilities in critical infrastructure have set the scene for more national espionage campaigns moving forward.

• These attacks exposed a damaging weakness on critical infrastructure: the rate at which cybersecurity protocols are implemented is significantly slower than the rate of digitalisation. Time-sensitive and highly lucrative critical infrastructure will see more attacks from cybercriminals that can easily exploit weaknesses within their digital systems.
  
• The interconnectedness of supply chain and business applications creates further complications as cyberattackers can infiltrate critical infrastructure from the periphery. The Australian Cyber Security Centre reported that out of the 1,630 cybersecurity incidents they responded to from 2020-21, approximately 25 per cent affected critical infrastructure and their supply chain network. In fact, 14 of such incidents were classified to have damaged or deleted key sensitive data or intellectual property. 

• In other words, organizations that have taken the necessary precautions to secure themselves might still be exposed to threats through third-party vendors and partners.
  

Examining the cyberthreats embedded within our systems and supply chains 

• We’ve seen some of the most damaging cyberattacks amid the acceleration of digital transformation efforts in recent years, but the worst is yet to come. In light of the SolarStorm attacks, we can certainly expect more attackers exploiting weaknesses from the broader supply chain network to enter critical infrastructure systems. Moving forward, governments will continue to expect best-in-class supply chain security practices among ICT companies that supply critical infrastructures.

• The cybersecurity risk landscape is getting increasingly complicated, with cybergangs, state-sponsored attackers, and perhaps other parties with different agendas looking to sabotage critical infrastructure. Better global collaboration among governments around the world on policy and regulation is needed to navigate these complex challenges, especially those targeting critical infrastructure via supply chain weaknesses.  

• Cyber Attackers are likely to have already infiltrated numerous organizations and are lying dormant just waiting for the opportune time to strike. As such, a strong threat prevention and response strategy is indispensable for all critical infrastructure. To ensure that their bases are covered, organizations should adopt a multi-pronged approach. Correlating endpoint threat data helps to better identify the source and spread of advanced attacks. Technologies like behavioural analytics and SOAR can alleviate the burden on time-strapped security teams.

• Not to mention, governments and organizations alike have to probe deeper into their supply chain networks to understand their suppliers and their cybersecurity policies.

Prediction Five

The ‘work-from-anywhere’ genie is out of the bottle, and we can’t put it back

• At the start of the pandemic, organisations were scrambling to put in place remote work systems at scale, and efficiency was prioritised more than security. Some 18 months later, we’ve realised that there’s no going back – people have found that they are more productive working from home, and we need to ensure that they’ve got a secure way to do that.

• Threat actors of course have not missed out on this megatrend. With our homes now evolving into our workplaces, they have switched their focus from targeting corporate headquarters or branches to attacking individual homes. As more people settle into their home offices, the number of corporate-issued devices increases correspondingly – beyond just laptops, these can include video conferencing equipment, IP phones, printers, and more. All of these devices can be points of vulnerability if they are not adequately configured and secured.

Keeping safe while working from home 

• These new realities point to the need for the reimagination of the current security paradigm and the modernisation of the remote access architecture. As remote work becomes a critical long-term strategy for most organizations, there will continue to be a convergence of network and security. Organizations need to extend their corporate networks and bring unified security policy management to their work-from-home employees. 

• This should include the deployment of new integrated solutions like secure access service edge (SASE) that combine security, networking, and digital experience management. The best of SASE solutions brings about not just security but also operational efficiency.

• With more dependable backbone connections, employees can have peace of mind when accessing services remotely. In addition, IT teams will gain visibility into these interactions to conduct troubleshooting or look into security issues, if necessary. Organizations also enjoy operational efficiency as SASE centralises the security of remote sites and users to the cloud where it can be managed holistically.

• Zero Trust will also have to become an important part of this new security paradigm, where all users are denied network access by default. Legitimate users will need to be validated through rigorous authentication and only have select access to applications and services that are absolutely necessary for them to do their jobs. Securing every part of the access route will be essential to give organizations the peace of mind and assurance they need in today’s digital workforce. 

• We can also expect a lot more harmonisation, or application rationalisation, around the all-remote-access technologies that people use, such as VPNs, which can be complex to work out. Conversely, with a home environment, there will be more expectations from both organizations and employees for remote work solutions to be simple to both deploy and manage.