An unprecedented number of new challenges to cybersecurity were created in 2020 as the COVID-19 pandemic forced an unprecedented number of businesses out of the office to operate strictly online. This fueled a fertile environment for malicious actors to seek profit and sow chaos.
In one survey, 90 percent of organizations said they experienced an increase in cyberattacks due to the pandemic. Healthcare providers, for instance, became prime targets for attackers looking for lucrative medical records and ransomware payoffs. This happened while they were already in the midst of quickly upgrading their technology and updating their staff’s cybersecurity training to accommodate the new remote reality. K-12 schools were also subjected to an onslaught of ransomware as they shifted to an online-enabled distance learning model. On a broad scale, the historic shift to a remote workforce stress-tested most businesses’ security resources, and phishing and social engineering campaigns flourished.
As we enter 2022, these challenges and threats are not going away. Organizations continue to face compounding complexity from changes and challenges, and this uncommonly dynamic environment makes it difficult for business leaders to determine the right path to take with security. How can they prioritize their investments?
To start, it is important to understand and anticipate the top cybersecurity threats likely to appear (or continue appearing) in 2022, with the biggest and overarching threat being change itself.
Top 5 Cybersecurity Threats for 2022
1. There will be a change in the deployment strategies for cloud transformation.
It is expected that 50 percent of workloads will move to the cloud within the next year — a rapid shift that will significantly disrupt companies’ security operations. For organizations that were already considering cloud adoption, the COVID-19 pandemic added a new urgency.
First, consider cloud transformation in general (minus any serious urgency). The ephemeral nature of the cloud adds an entirely new dimension to security — it introduces a diverse and constantly expanding attack surface in which threats can come from any point in the environment. In 2022, cloud environments will face many of the same cybersecurity threats as traditional data centers, but they are also exposed to increasing numbers of sophisticated new threats. Organizations must not only work to protect physical data centers and servers but must also secure workloads, virtual resources, and communications between cloud and physical data centers.
That is quite a challenge and it has become more urgent because of the pandemic. Organizations find that they are left exposed, particularly those that rely on traditional SIEM and premise-based security tools. Such tools simply cannot provide the granular visibility needed to identify events in modern microservice-based architectures, and they do not equip organizations to respond effectively to the active, aggressive threats seen in a cloud environment.
While none of these challenges are insurmountable, successfully addressing them requires new skills, more people, and a new suite of tools capable of understanding the cloud, and correlating cloud and legacy events. That is a tall hurdle for organizations already scrambling to adapt to other changes wrought by the pandemic.
2. The pandemic will continue to shape business operations.
With shelter-in-place orders issued nationwide during 2020, organizations were compelled to transition to remote workforces. Now, most organizations have three-quarters of their employees working from home, three times higher than in 2019. Not surprisingly, the ad-hoc shift to remote work exposed and created security holes that cybercriminals have been happy to exploit — 63 percent of security pros say they have seen a rise in cyberattacks since the start of the pandemic.
In 2022, companies will extend their work-from-home arrangements or even make remote work permanent for some portion of their employees. That means these companies will have to continue to address their increased exposure. Few companies can meet the security needs for such large remote workforces, and without enough business-grade hardware to distribute, many have been forced to allow employees to use their personal devices for work. More than half of employees are doing so, even though three-out-of-five have not been provided tools to secure these devices. The challenge of scaling from hundreds to thousands of VPN connections has also left many workers connecting to company data centers through insecure home networks, while phishing attacks have increased worldwide — largely due to attackers taking advantage of isolated and distracted at-home workers.
In 2022, organizations will wrestle with how to manage and secure this expanding and increasingly porous perimeter while dealing with other challenges.
3. We will see changes in cyber criminals’ monetization strategies.
The global cost of cybercrime shot to nearly $1 trillion in 2020, double what it was just two years prior. While the rise was largely the result of new opportunities created by the pandemic, it is also indicative of the dramatic changes we have seen in the threat landscape over the last few years. Cyber criminals increased attacks on critical industries, including healthcare and financial institutions, in 2020. Ransomware continues to be their favored tactic, but with a twist — many attackers are exfiltrating rather than encrypting sensitive data and releasing it if their ransom is not paid. More than 1,000 companies reportedly had their data leaked in 2020 after not caving to ransomware demands and the trend — a new version of doxing — is expected to become standard in 2022.
[Related Reading: What Is Ransomware?]
Credential theft is also on the rise, accounting for 80 percent of cloud data breaches. With more services brought to the perimeter to accommodate remote workforces, threat actors have gained more potential points of entry to networks. Given this greater opportunity and the inherent difficulty of distinguishing between a legitimate employee and a hacker who uses a stolen login, this threat will continue to grow, aided by organizations’ plans to move at least 5 percent of their previously on-site workforce to permanently remote positions post-COVID-19.
Finally, the SolarWinds Orion hack, which enabled an unprecedented attack on U.S. government and corporate networks, reminded everyone that the supply chain is vulnerable and will have far-reaching consequences when breached. Considering these cybersecurity threats, organizations will have to reevaluate their security strategies to effectively deal with increasingly sophisticated, organized cybercriminals and nation-state sponsored attacks.
4. Businesses will be reluctant to invest in security.
The uncertainty created by the pandemic has led to more scrutiny on budgets and overall, less spending on non-revenue generating activities. Worldwide, companies are less confident in the stability of their revenues and are understandably reticent to invest in new IT initiatives.
Particularly, strategic, long-term investments like security are going to be an even more difficult sale. Implementing a new cybersecurity strategy can be an expensive and expansive undertaking, requiring immediate and ongoing expenditures of time, money, and people — all resources pandemic-battered organizations have in short supply right now.
This will leave many businesses vulnerable and more at risk for bad security news this year. While each year is different than the last when it comes to cybersecurity, a convergence of pandemic-influenced factors — an expanded attack surface, continued remote work, security staff cuts, increasingly bold threat actors — is setting up 2022 to be a year with an uncommon increase in risk. While the COVID-19 recession has many businesses fighting for survival, under-investment in secure foundations for their success may be an unexpected source of existential crises.
5. Organizations will have to rethink their investment in security tools.
As the challenge of meeting modern cyber threats has become increasingly complicated, organizations have incrementally invested in an array of prevention and detection tools. As a result, most security portfolios are comprised of a tool inventory that is too populous and complex to manage. Security tools make up a disproportionate amount of shelfware, and security professionals report that nearly 30 percent of security investments are underutilized or not being used at all.
These security tools are gathering dust for any number of reasons: The purchaser may have misunderstood the product, acquired it to satisfy compliance requirements, or installed but later abandoned it. Ultimately, most shelfware results from a lack of IT resources — security teams don’t have enough time or people to properly implement all the security hardware and software they have, or those people do not have a sufficient understanding of the tools to use and manage them properly. Whatever the reason, shelfware not only wastes money, but it weakens security by siphoning resources that could have been spent more effectively elsewhere.
To guard against cybersecurity threats in 2022 and get the most from their budget, organizations will have to re-evaluate their approach to expanding their security capabilities. Tools should be constituent elements within a larger security strategy, and that strategy should define desired security outcomes that guide both tooling purchases and staffing decisions. Most importantly, organizations will need to accept that adding tools does not automatically translate to better protection. A recent study concluded that the more security tools an organization uses, the less effective their defenses are, and found that companies’ response efforts are often hindered by complexity caused by fragmented toolsets.
Managed Detection and Response (MDR) is essential.
The breadth and complexity of these challenges has increased the likelihood that some attacks will succeed, making effective detection and response more necessary than ever. Organizations need to decide whether this is a capability they will deliver from within their own teams, or if they will partner with a dedicated third-party MDR provider. Effective detection and response requires deep, consistent visibility across all assets, and must be informed by a continuous flow of threat intelligence on new and evolving threats. Few organizations have the necessary resources and expertise in-house to execute effective detection and response.
In these cases, it makes sense to partner with an MDR provider. MDR services proactively monitor, detect, and respond to new vulnerabilities and threats across an organization to reduce the likelihood or impact of successful attacks. MDR emphasizes complete visibility into an organization’s network, endpoints, servers, and cloud to recognize when an unauthorized event is taking place anywhere in the environment. Using automation and human expertise in tandem, MDR delivers services tailored to an organization’s unique needs.
While some traditional MSSPs are renaming their existing solutions as MDR, and new MDR providers are announcing themselves almost daily, these offerings must be evaluated on the outcomes that MDR should provide. The MDR Manifesto can help. It objectively describes the requirements for MDR and was created with input from analysts, experts, partners, and practitioners in the security space. Complementing current security practices with an MDR solution is one of the best ways to address the convergence of threats to come in the new year.