Guest Post: 2022 Cybersecurity Predictions

By Anurag Gurtu, CPO of StrikeReady 

As we foray into the second decade of the 21st century, it’s worth looking at what cyber-security might be in 2022. What are some possible predictions? How will this industry evolve and change to keep up with more sophisticated hackers and cybercriminals?

Over the years, the rise in cyberattacks’ sophistication has become more significant. We all know that in 2021, one of the worst things was when Colonial Pipeline suffered a cyber attack that caused fuel shortages across much of their East Coast. This event had significant consequences for America and its people. Microsoft Exchange also got hacked last December, resulting in denial-of-service attacks that paralyzed many operations around North America (and even Europe). There were some more types of attacks leaving some negative impact, and this is inevitable.

I believe that in 2022 the hackers will become more sophisticated and take advantage of the current geopolitical climate. My biggest concern is that hackers have speedier access to newer technologies and organization won’t be able to keep up with them. And if things continue this way in the coming years, it’s definitely going to disrupt several normal business flows – if not a total business ruin. Hence, it is now important to stay ahead of such threats. By being proactive, every organization stands a better chance against cybercriminals seeking to take advantage of loopholes. In this regard, here are my top cybersecurity predictions for 2022 that every business needs to be aware of. 

  • Digital Cyber Analyst

The coming year is expected to be most challenging concerning the ongoing cybersecurity talent crunch. Among the factors responsible include digital transformation initiative, accelerated adoption of hybrid cloud, and post-pandemic projects ramping up. There is a need to augment cybersecurity workforce using Digital Cybersecurity Analysts. These Digital Analysts will learn in real-time from the experiences and knowledge of other cyber experts all over the world, then use this information to guide junior analyst with their decision-making processes when it comes time for resolving threats or proactively protecting their organization. A digital analyst is the newest trend and will grow in number even more through 2022 and beyond.

  • Deep Fake Tech

Deep fake content – manipulation of video or other digital material designed to make someone else look like they’re saying something when it’s not them is gaining popularity with each passing day. Also, machine-learning algorithms can create realistic-looking videos without human input whatsoever. Several open sources have noted how threat actors have utilized manipulated media to bypass multi-factor authentication (MFA) security protocols. The same approach has been used successfully against Know Your Customer (KYC) identity verification. I believe that deep fake technology will become more readily available in 2022, while criminal espionage actors will increasingly utilize manipulated media to achieve their objectives.

  • Automotive Hacking

As we can see, the automotive industry is going through a massive transition, not only shifting from an oil based fuel source to a totally electric source, but also seeing a massive overhaul of technology – autonomous driving. Assuring that these vehicles are secure from hackers will be one of its biggest challenges. In the event of an attacker taking control of a self-driving car, they would endanger not only themselves but those around them as well.

  • Increased Aggressiveness with Cyber Warfare

In this case, four prominent nation-state actors, including Russia, Iran, China, and North Korea, are expected to show enhanced aggressiveness with cyberwarfare. This is especially for Russia as several recent incidents, such as the manipulation of UNC2452 authentication methods, have shown that the country possesses a high level of sophistication when it comes to cyberwarfare. Also, Iran is likely to consider creating more power balance towards its own interest, with more emphasis on region promotions. As for China, the country is expected to continue supporting the Belt and Road initiative with the use of cyber-espionage while North Korea is willing to take the risk, if need be, and continue funding nuclear ambitions and strategic intelligence with the North Korean cyber apparatus. And as these nations use “cyber operations as a low-cost tool of statecraft” as part of their malpractices, I do not see any slowdown for these nations, while some more may also join in 2022. 

  • Increased risk to US infrastructure

With cyber-attacker now intensifying and data breaches rising, there is an expectation that many US infrastructures would be at increased risk. This is already in play as a US insurance giant had to pay $40 million in ransom to hackers in May 2021. It is expected that the ransom demand from attackers will also increase in the coming year. 

  • Accelerated use of Ransomware as a Service

One of these troubling trends is Ransomware-as-a-Service (RaaS). As cyber criminals lease ready-made malware tools to buyers, increasing accessibility makes this threat more relevant than ever before because anyone can perform attacks with little technical expertise no matter what level they are at in criminal endeavor.

  • Larger Extortion Payouts with a Rise in Bitcoin Prices and Crypto Hacking

In 2021 we saw most of the extortionists threatened companies to pay large sums of money in Bitcoin. This has a lot to do with the rise in Bitcoin-to-USD price and as these prices are expected to rise again, I believe that a larger wave of an extortion payout may not be farfetched. And with cybercriminals using various techniques including “mixing” – where funds from different users are mixed together so as to break any traceable trail, making them less likely to get caught thing are just going to get worse. 

Hacking also plagues the world of crypto currencies. In a world where money becomes pure software, hackers will have a blast. In the coming year and years to come, I anticipate them becoming more aggressive with stealing bitcoins and altcoins.

  • A New Wave of Attacks Targeting Cloud Services

The continual rise of the cloud-based technologies and infrastructure does not show any sign or indication of slowing down. In fact, organizations are expected to keep relying on cloud or cloud-hosted third-party providers for fundamental business tasks. Cloud vulnerabilities are no longer an exception, especially with the adoption of remote work following pandemics have made them a necessity. Thus I see them as a prime target of compromise due to its high-value nature.

  • Let’s Confuse the Market with another Buzz Word – XDR

XDR is the future of cybersecurity according to almost every analyst firm and security vendor. It is the magic bullet that can detect new threats and protect enterprises that have needs we have yet to imagine, such as in a hybrid-work environment. I view it as another promise SIEM made and couldn’t keep. So who am I to disagree with industry experts who have already agreed on XDR being the next big thing? 

Leave a Reply

%d bloggers like this: