Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
Welcome to the Year of the Tiger! According to 2022 Chinese Zodiac Predictions: What Will The Year Of The Tiger Bring?, tigers are powerful and bold, with the ability to do everything on a grand scale. “Tiger years are times of change…2022 is the Year of the Water Tiger — and this means it’s a year made for bold action.” Last year — the Year of the Ox — was a year of pandemic lockdowns and work-from-home protocols, it was “all about hard work and pragmatism.” What will 2022 bring? When it comes to cybersecurity, what trends are industry experts forecasting for the year ahead?
Dare we take a quick look back? “No one could have predicted the sheer chaos the cybersecurity industry would experience over the course of 2021,” writes ThreatPost’s Becky Bracken. Bracken rounds up what trends are in store for 2022:
- There Will Be Growing Government Interest, Influence in Cybersecurity. The federal government is currently working to identify where it can most effectively deploy resources to shore up defenses against cyberattacks. “Congress will deliberate about how the federal government can help manage systemic cybersecurity risks to the U.S. economy and society, to include mission-critical functions in key sectors like healthcare, elections and energy,” states Jonathan Reiber, senior director of cybersecurity strategy and policy at AttackIQ.
- Social-Engineering Endures. People are still going to do the easiest thing, regardless of its impact to the organization’s security posture. And cybercriminals will continue to count on this to make their social-engineering scams work. “Cybersecurity is a problem for which everyone is responsible, but few comprehend how much harm their individual actions may cause,” says Stairwell’s Mike Wiacek.
- Supply Chain is the New Ransomware. This year, the industry will start to shift the way it looks at ransomware, realizing it’s not the ransomware itself that’s the problem, it’s the entry point, according to Ian McShane at Arctic Wolf. According to Zscaler, Cyber Oregon sponsor, the number of supply-chain ransomware attacks isn’t likely to abate over the next 12 months. “Supply-chain ransomware is a particular concern due to the ability for a single breach to impact hundreds or thousands of end companies. Tech companies experienced a 2,300 percent increase in attacks in 2021, and we don’t foresee any relief in 2022,” states Zscaler’s CISO and vice president of security research and operations, Deepen Desai.
- Ransomware-as-a-Service Actors Pivoting to SMBs, Prospering. Ransomware-as-a-service (RaaS) has helped make digital extortion a booming business, and 2022 is likely to be another banner year for ransomware threat actors. “It’s become abundantly clear that cyberattackers don’t discriminate based on the size of their targets. Small businesses and mid-market enterprises have proven to be just as lucrative for things like ransomware attacks,” comments McShane.
- Cybersecurity Industry Needs Better Coordination in 2022. When it comes to the cybersecurity community, there is more work to be done to shore up the entire ecosystem. That means larger companies sharing tools and talent with SMBs without resources to protect themselves alone, among other actions.
- Ransomware will increase as cybercriminals professionalize and leverage the supply chain. Ransomware is the biggest security threat to most organizations today. As bad as the prominent ransomware and supply chain attacks of the past couple of years have been, they’ll be worse together. Planning for the inevitability of ransomware attacks is essential to reducing the time and cost of recovery.
- Additional large breaches are likely to occur, and cyber hygiene will be an organization’s best defense. COVID-19 extended every enterprise through its employees’ home Wi-Fi setup; now basic security diligence is the new perimeter. Consistent security practices including multi-factor authentication, full patching, and asset identification can help prevent major breaches.
Fortinet’s Alain Sanchez, EMEA CISO, and Joe Robertson, director of information security, discuss the biggest cybersecurity trends for 2022 via a Fortinet blog post (Fortinet is also a Cyber Oregon sponsor):
- An acceleration of the trends we saw at the end of 2021
- Ransomware isn’t going away
- More attacks on different types of targets, not just typical IT targets — for example, operational technology (OT) will be targeted more frequently
- More adoption of integrated platforms
- The convergence of networking and security coupled with integrated cybersecurity platforms
In her Infosecurity Magazine article, Cate Pye with PA Consulting outlines critical areas that organizations across industries need to continue building on in 2022:
- Resilience. In 2022, the idea of being resilient throughout the supply chain and continuing to operate in the digital space regardless of the physical will become more of a focus. The optimism that we will get back to normal is replaced by realizing that this is the new normal and that organizations have to design their systems and processes to make the most of it.
- Secure by design. “Secure-by-design” has to become a reality. This is as much the responsibility of the manufacturers and users as it is of the government. The government needs to set the standards, but the industry should design security in whether they are asked to. In parallel, consumers should be using the systems as they were intended and valuing their own data security.
- Skills. Globally we have been short of cyber skills by about 40% for several years. This indicates that we are looking at a “lagging” skills market and will always be short of scarce skills as the demand for digital and cyber skills grows. So, we need to look in non-traditional pools and train people to generate scarce cyber skills in 2022. Click here for the latest cybersecurity supply and demand map across the United States.
- Technology. There are many tech trends that will impact 2022, but the key ones to call out are artificial intelligence (AI), Cloud, and Quantum.
- AI – The discussion will move even more to the ethics and governance of AI and how we protect the datasets upon which it bases decisions.
- Cloud – The cloud is still someone else’s server, and there has to be a mutual understanding of what your data needs and the security your cloud provider offers. We are likely to see more complex multi-cloud environments to enable data to be physically located within countries where required. This will add to the complexity of cyber monitoring and security.
- Quantum – While not yet widely available, a quantum capability is coming. There is a potential for rogue actors to capture encrypted information (IP, government data, and so on) now in the anticipation that quantum will enable its decryption in a few years.
“A Tiger year can also bring unexpected good news and turn crazy dreams into glorious reality,” encourages Harper’s Bazaar Singapore. In fact, we’ve heard that Cyber Oregon supporter, PKI Solutions, has big plans for 2022 with the development of an exciting new PKI Performance and Alerting product for the enterprise about which Gartner Research says, “there’s a real need… and (we) haven’t seen this yet from anyone else.” With the positive energy driving innovative product development in our industry and cybersecurity trends like these, here’s to all the positives that the “Year of the Tiger” can bring!