Written by: Csaba Krasznay, Director of Cybersecurity Research Institute at National University of Public Service
A lot of bad cyber-related things happened in 2021. Solarwinds, the Colonial Pipeline, and the Microsoft Exchange and log4j vulnerabilities, to name but a few. But what does the future hold for us in 2022?
Okay, we admit it – this prediction is obvious. We can expect ransomware-as-a-service, ransom DDoS, affiliate programs of serious cyber-gangs. What will be unique is the regional spread of such devastating attacks. In the last year, ransom-like attacks have mainly focused on large and visible companies, but as affiliate programs open the show for local criminals, highly targeted attacks will also appear in smaller countries. Meanwhile, we can expect the first results of the law enforcement cooperation initiated by the United States in mid-2021 and the arrests of previously untouchable criminals.
There is huge tension between the two superpowers, including in cyberspace. At the beginning of 2021, a large-scale attack against Microsoft Exchange servers was attributed to China, although such operations had not really been conducted by the Asian country before. In President Biden’s second year, USA may also do something spectacular, in line with its defense forwards principle. We expect a strategic cyber-maneuver from one of the countries that will be visible to the public and uncover a surprising new feature in their armory.
Solarwinds case was a supply chain attack. Colonial Pipeline was a cyber resilience issue, due to a ransomware attack. What would happen if these two things meet? We assume that the log4j vulnerability is a warning sign for everyone and it is now clear that global IT is similar to the game Jenga: it doesn’t have a solid base; it is built on mud. We expect targeted attacks exploiting third-party software vulnerabilities in the supply chain, with financial intentions, against critical infrastructures that will result in unintentional service outages on a national or regional level.
2022 will be the year of EU cyber legislation. An NIS2 Directive aiming to increase the cybersecurity level of critical information infrastructure, DORA to extend cyber resilience of financial institutions, and a CER Directive to enhance critical infrastructure protection are all on the table, among other things. We expect a loud debate on these legislative actions in the second half of the year, similar to GDPR in 2018. The good news for security teams is that more compliance might mean larger budgets for security operations.
As the tension rises in Western-Eastern relations (all eyes on the East-Ukraine border, the French presidential and US midterm elections), we expect to see more advanced information operation techniques. Our prediction highlights the extended use of deep fake and AI supported automation in the social media by rogue actors. In particular, governments of European Union countries should prepare for such attacks.
Managed Security Services, cloud security and CISO-as-a-Service are nothing new. Why do we mention this area in our outlook? Because what is common in the most advanced countries is not necessarily as common in the rest of the world. Due to the changing threat landscape, extending compliance requirements and the lack of skilled cybersecurity workforce, more and more local companies should outsource their security operations. We predict a huge leap in this business segment, especially in smaller European countries.
It’s time to rethink our security architecture, because of the changing nature of cyberattacks or simply because of compliance requirements. Zero Trust Principle is a good candidate (and quite a strong compliance issue in the United States) for that change. We assume that for most organizations, this won’t entail too much more work, just engineering tasks, but we can predict the emergence of some great new technologies that can support this transition. Balasys has some hints for you.
Ez a blogposzt a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0) License feltételei mellett licencelődik.
Az ipar a zsarolóvírusok célkeresztjében
A zsarolóvírusok nemcsak a magánszemélyek, hanem a vállalatok számára is hatalmas fenyegetést jelentenek. Közülük is kiemelkednek azonban azok az ipari cégek, amelyeknél egy informatikai leállás akár a gyártást is ellehetetlenítheti.
The internet is a global village, not a metropolis
Think the internet is large enough to hide from criminals in the hope you won’t be the next victim of a cyber attack? Sadly, this is no longer the case. The internet is a global village, where everyone is your neighbor, and anyone can detect your mistakes and vulnerabilities.