2021 was an unprecedented and all-together wild year regarding the cybersecurity landscape for many reasons: ransomware attacks rose over 100% from 2020, with the total cost of attacks approaching $20 billion dollars; most security breaches—upwards of 95%—were preventable and on account of human error; double, triple, quadruple extortion emerged as a commonplace tactic of threat actors; government entities were the most targeted sector for ransomware attacks; state-sponsored cybercriminal affiliates re-emerged or were strengthened across the globe with the likes of Hafnium, REvil, Lyceum, and Moses Staff.
Given the trends of this past year, it is fair to predict 2022 will bring with it new developments and a continuously evolving threat landscape. As such, here are my boldest predictions for 2022, which I implore you to consider as you resolve to strengthen the security posture of your organization in the new year.
Threat Actors Will Continue to Steal Data
This might not be the boldest prediction, but it is something we should keep in mind for next year and beyond. The number of publicly disclosed data breaches in 2021 is in the range of 1300, which represents a 17% year-over-year increase. We can expect at least another 20% increase in data breaches with exfiltration by the end of 2022.
Virtual Private Networks (VPNs) Will Be Heavily Targeted
VPNs essentially create a private tunnel across a public network in which to hide personal data, internet activity, and IP address on any wi-fi network from threat actors. VPNs are certainly more secure than public wi-fi if properly configured, but they are not impenetrable. As remote work continues to expand, anticipate an increase in threat actors targeting VPNs. Like any network, VPNs can be compromised through known vulnerabilities, which act like holes in the security, after which threat actors can steal the encryption and decryption keys. Additionally, VPNs can experience a leak. We have seen this with the exposure of some 500,000 usernames, passwords, and IP addresses from multiple data leaks of Fortinet VPN users. For these reasons, and because businesses reliant on VPNs for remote workers do not quickly patch vulnerabilities, expect to see an exponential increase in VPN compromise in 2022.
Data Theft Without Ransom Will Increase
2021 saw a meteoric rise in ransomware because it is such a lucrative industry. Approximately 85% of all cybersecurity attacks in 2021 were financially motivated. I see this number decreasing over the next year. One reason will be the rise in state-sponsored attacks driven primarily by a political incentive, like we have seen with the Moses Staff threat group targeting Israel in order to disrupt infrastructure and embarrass leadership. Furthermore, the robust and growing black market for personal identifiable information (PII) doesn’t require a large ransom to make a fortune. One example of this, which I fear we will see more of, was the extortion of individuals—rather than the organization itself—in the attack against patients at Finland’s Vastaamo psychotherapy center.
Make Way for MFA
With Covid-19 came a rise in virtual offices with remote work occurring on work-issued devices. This trend also carried with it an increased risk of data compromise as organizations and their workers continue to rely on simple username plus password login credentials. Add on the fact that over 90% of malware is delivered via email, the most accessed work-related data source, organizations are increasing the likelihood of a breach or malware attack. The latest data suggests that 55% of businesses require the use of MFA (multi-factor authentication) for its employees. As we move through 2022, expect this number to rise significantly into the realm of 90%.
Phishing Remains #1
Phishing scams will continue to be the most successful method of network access and data theft; human error will extend its streak as the primary way access and theft occur.
The Year of Security Operations Centers as a Service
2022 will be the year of Security Operations Centers as a Service (SOCaaS). The current reality is that global conglomerates, small businesses, and every venture in between is increasingly susceptible to cyberattacks every day they operate. Most organizations do not have the staff, technology, or finances available to monitor all endpoints 24/7 with Incident Response experts. Combine this with the impressive benefits of Extended Response and Detection toolsets (SpearTip’s ShadowSpear Platform, for example, brings a 254% ROI and NPV of $1.91 million), and more and more organizations will realize their need for such a comprehensive and practical service.
There is one fact I am most sure of as we adventure into 2022: it will be as unpredictable as 2021.
Bonus Prediction: Kansas City Chiefs Beat Green Bay Packers in Super Bowl LVI