Well, it’s safe to say that the past 12 months have been unprecedented for the cybersecurity community. From the aftermath of SolarWinds and the Colonial Pipeline attack to the developing Log4j crisis, the chaos of 2021 affected all corners of the cyber world. With 2022 on the horizon, we brought together a collection of IronNet executives, analysts, and experts to provide insights on the trends and tactics that most likely will shape the next year of cybersecurity. Here are their Top 10 predictions for 2022.
- 2022 will be the year of government policy
Several new initiatives were developed by the U.S. government in 2021 to strengthen America’s cybersecurity posture, ranging from President Biden’s Executive Order, CISA’s Joint Cyber Defense Collective, and the Cyberspace Solarium Commission, to stricter regulations on incident reporting and the creation of the first-ever National Cyber Director position. The effectiveness of those initiatives, however, still remains to be seen. The immediate impact of this enhanced focus on cybersecurity will be a critical situation to monitor throughout 2022. – Anthony Grenga, IronNet VP of Cyber Operations
- Ransomware actors will adopt new tactics for cloud environments
In 2022, ransomware actors will begin to pivot from Windows-based ransomware strategies in order to cast a wider net and better position themselves to infiltrate cloud environments. Targeting platform-as-a-service and software-as-a-service entities will require attackers to adopt and deploy new tactics such as Linux ransomware and cluster-based ransomware. The U.S. cybersecurity community will need to enhance its defense capabilities in cloud environments to effectively combat them. – Bill Swearingen, IronNet Security Strategist - The threat landscape will include a broader scope of malware
Ransomware represents only one facet of a larger malware problem across the threat landscape. The success rate of cyberattacks in 2021 enabled cybercriminal organizations to invest large sums of capital for funding future hacking efforts. And with additional resources to leverage, expect adversaries to deploy a broader scope of malware in 2022 —leading to breaches that are increasingly difficult to detect and defend against. – Anthony Grenga, IronNet VP of Cyber Operations - Ransomware attacks will escalate without proper sanctions and accountability for nation-states that host attackers
The U.S. government’s response to ransomware attacks, while significant, still hasn’t effectively succeeded in deterring cybercriminal organizations and, in particular, the governments that permit them to operate in their jurisdictions. Until nation-states are held fully accountable for the activities of ransomware attacks emanating from within their borders via broader sanctions, law enforcement action, and perhaps more substantive responses, both the direct ransomware attacks and the ransomware-as-a-service (RaaS) digital extortion efforts will continue to inflict chaos on the public and private sectors in the United States. Moreover, given the limited consequences stemming from the major cyberattacks of 2021, nation-states and their proxies are likely to be more inclined to test the boundaries with increased potential for disruptive and destructive attacks. As a result, we should expect to see an increase in incidents similar to the Colonial Pipeline attack, which temporarily cut off fuel supplies to the East Coast, and the JBS attack, which had the potential to significantly disrupt food supplies. – Jamil Jaffer, IronNet SVP for Strategy, Partnerships & Corporate Development
- Threat actors will increasingly target global Consumer & Packaged Goods (CPG) Supply Chains
In contrast to the significant scope of attacks on large players in the cyber and other critical infrastructure supply chains in 2021, 2022 will likely feature a key increase of attacks on smaller entities in these critical supply chains. The pandemic revealed the extent of the U.S. economy’s reliance on global sources of both raw and finished goods, as have the more recent ripple effects we’ve seen arising out of related global supply chain disruptions. The same challenge is increasingly true in key parts of our critical infrastructure supply chains. As such, it is safe to assume our adversaries have noticed this fact and may very well respond in 2022 with higher volumes of attacks on key parts of both critical infrastructure and other important supply chains. Indeed, it is very possible that rather than exclusively targeting major manufacturers and distributors of goods and services, threat actors will also focus on smaller providers that are critical to the functions of the entire supply chain ecosystem. The reasoning is simple: they are high-value targets that may lack tools and funding needed to defend themselves. Attackers may seek to capitalize on that imbalance and target exfiltration points in an effort to gain access to the wider supply chain network; this fact highlights the critical need for large and small players to work together to collectively defend one another as we look to combat this new trend. – Jamil Jaffer, IronNet SVP for Strategy, Partnerships & Corporate Development
- Software entities will remain highly vulnerable
Threat actors will attempt to capitalize on vulnerabilities in the software supply chain to infiltrate the customers and partners they serve. The rise in software supply chain threats (such as recent exploitation of the Logj4 vulnerability) will heighten the need to ensure coding is carefully constructed and meticulously monitored as a primary focus of extensive security follow-ups. – Peter Rydzynski, IronNet Principal Threat Analyst
- Attacks on e-commerce and cryptocurrency exchanges will rise
The pandemic caused small businesses to rapidly accelerate their use of e-commerce in 2021 to compete with digital retail giants (e.g., Amazon) and remain profitable. With limited security resources to leverage, these enterprises will not be capable of defending against an uptick in attacks on their omni-channel platforms. In a similar realm, cryptocurrency exchanges are going to have a rough year as well. Cybercriminals will place a heavy emphasis on exploiting flaws and vulnerabilities in smart contracts, DeFi logic, and the underlying infrastructure of cryptocurrency exchanges. – Bill Swearingen, IronNet Security Strategist
- The private sector will further embrace Collective Defense approaches
With increased understanding that a siloed approach to cyber defense is no longer viable amidst an evolving threat landscape, 2022 will usher in a resurgence of collaboration across the private sector. More organizations will shift toward Collective and Collaborative Defense, concepts that encompass both the core intelligence sharing that enables Collective Defense as well as the active collaboration and joint work needed among companies, industries, and governments to address the very real and evolving cyber threats we face. The White House Cybersecurity Summit in August that brought together the Biden Administration with the CEOs of key private sector companies was a positive step in the right direction, and in 2022, it is critical that we action the commitments made there and build on that progress by leveraging private sector innovation and expertise to help the federal government proactively combat our adversaries in the cyber domain. – Jamil Jaffer, IronNet SVP for Strategy, Partnerships & Corporate Development - Operating with an “already breached” Zero Trust mindset will separate 2022’s cyber winners from losers
The cybersecurity winners of 2022 will be the organizations that operate with the viewpoint that a network breach isn’t just plausible, it’s inevitable. In turn, their cyber defense strategies will prioritize mitigation over detection in order to alleviate compromises as quickly as possible and secure high-value assets. In addition, the winners will have actively worked to identify both perimeter and internal network threats while searching for indicators of enemy activity before anomalies are flagged. Moreover, it will be imperative for entities to establish a senior executive-level cybersecurity position with equal power to the Chief Information Officer and Chief Technology Officer. By leveling the playing field for resources and implementing more expertise into cyber-related decision making, organizations will better position themselves to formulate effective defense strategies that strengthen their cybersecurity posture against the evolving threat landscape – Peter Rydzynski, IronNet Principal Threat Analyst
- 2FA and SSO will separate 2022’s cyber winners from losers
The majority of successful ransomware attacks are the result of compromised passwords due to a lack of two-factor authentication (2FA) usage. So while it may sound simple in nature, making a commitment to consistent two-factor authentication and single sign-on practices will dictate what companies rise above their peers as cyber winners in 2022. All critical network access points should require two-factor authentication by default. In addition, single sign-on (SSO) authentication schemes can help reduce the rate of human error – allowing users to use one set of log-in credentials to access multiple applications. – Anthony Grenga, IronNet VP of Cyber Operations
In case you missed it: the biggest cyber story of 2021
Nearly a year ago the security world worked through a first-of-its-kind supply chain vulnerability during the SolarWinds/SUNBURST incident response. Now at the end of 2021, a different type of supply chain vulnerability impacting our software supply chain is affecting systems across the internet — with exploitations identified in the wild. Learn more in “Log4j: new software supply chain vulnerability unfolding as this holiday’s cyber nightmare,” by The IronNet Threat Research Team with lead contributions by Peter Rydzynski and Brent Eskridge, Ph.D.