Vale 2021, hello 2022: on the brink of full-out cyberwar
Article by ThycoticCentrify, chief security scientist - advisory CISO, Joseph Carson.
The past year has seen a mass digital transformation. Most organisations have taken reactive approaches to keep employees productive while working remotely, and the balance between productivity and security is on a very fine line. Employees have also had to make difficult decisions, sometimes including the choice between staying productive and taking risks.
As organisations move to more strategic decision making and re-evaluate the risks of the difficult and unexpected accelerated transition, cyber threats have increased dramatically, and organisations are more exposed than ever.
So, what did we learn in 2021, and what will 2022 bring?
SPOILER ALERT: I believe we are truly on the brink of a full-out cyberwar!
The workplace has changed forever
We have always been moving towards remote working but not at the current scale. Technology advancements have enabled employees to perform their jobs from any location, but this means a major shift in the security landscape. Organisations have reopened their doors; however, many are struggling to convince employees to return, resulting in many considering the change to a permanent hybrid working environment.
We have now taken the next step in BYOD (bring your own device), moving to BYOO (bring your own office).
Ransomware evolving from threat to as-a-service
Ransomware has become a top threat as cybercriminals look for more lucrative returns. Cybercriminals are getting more sophisticated as ransom demands skyrocket. They can now access inexpensive hacking tools and expand their options for how and what they attack.
Ransomware has become so lucrative that developers have emerged to sell or lease their tools and expertise, offering Ransomware-as-a-Service (RaaS) in return for royalty payments. Ransomware could even evolve further into a subscription model where you pay not to be targeted.
In a survey and report on the state of ransomware in 2021, 64% of respondents admitted they were victims of an attack in the last year. Even more troubling is that 83% of those attacked felt compelled to pay the ransom. The silver lining is that 72% have seen cybersecurity budgets increase due to ransomware, and 93% are allocating budgets to fight ransomware specifically.
Governments facing down cybercriminals
Governments have taken a hard line on ransomware, some taking serious steps on targeting cyber criminals. The US government issued an executive order laying out the foundation for the public sector to prioritise cybersecurity and resiliency. It launched the National Cyber Investigative Joint Task Force (NCIJTF) on ransomware, while the UK government is investing in a new National Cyber Force (NCF). The Australian government also released its Ransomware Action Plan and is legislating to apply sanctions to malicious cyber actors.
It looks like the next wave of cyberattacks will result in a cyber counter-response!
The brink of cyberwar – the cyber Jedis strike back
I believe we are truly on the brink of full-out cyberwar, as governments decide they can no longer stand by and watch citizens and businesses fall victim to cyberattacks. This means they must and will strike back and could result in full-out cyberwar if the ripple effects spread out of control and more hackers join forces to collaborate and respond.
The result could be the introduction of a cyber treaty in 2022 that could push cybercriminals into fewer safe havens and unite countries to fight back against cybercrime. Global stability has been on edge for several years. However, the increase in cyberattacks and their impact on society means the balance of force is tipping.
Identity is the new perimeter, and access is the new security
For years we have known that the traditional security perimeter is no longer a reality. However, organisations have struggled to define the new perimeter. Cloud computing, hybrid working, endpoints, mobile apps and legacy on-premise systems have further complicated the challenge. Some organisations have attempted to enforce multiple edge perimeters, though this becomes a major challenge to manage and secure.
We must look at all of these touchpoints and determine the unifying factor. For most organisations, this is identity, one of the artefacts they can still control, and this means access has become the new perimeter security control. In 2022, organisations will get back in control by making Identity and Access Security a top priority. Privileged access has become the digital polygraph test to verify identities before enabling authorisation to resources.
Hacking e-sports become mainstream
For years gamers and streamers have been a growing trend on social media, with audiences wanting to know their secret techniques. Popularity continues, with top gamers raking in millions in commissions and sponsorships.
Hacking is now following that same path with the world's top hackers streaming their skills online, showing off new techniques and methods to bypass security, get the initial foothold, and then elevate privileges. Hacking gamification platforms are also on the rise as teams compete for L33T status at the top of the leaderboard. This trend will continue in 2022, and we will see hacking become an L33T E-Sport that viewers will pay to watch.
Zero trust becomes the baseline – future-proofing security risks
Zero Trust has topped cybersecurity priorities for the past few years. It's become an important framework to reduce known security risks and future risks. As organisations start looking into Zero Trust, it becomes clear that it is not a single solution you purchase or a task you check as complete. Zero Trust is a journey and a mindset on how you wish to operate your business securely. You don't become Zero Trust – you practice a Zero Trust mindset.
Organisations are looking to reduce the risks from cyberattacks and accept that security must become a living system within the business rather than the old legacy static approach. In 2022, Zero Trust can help organisations establish a baseline for security controls that need to be repeated and force cybercriminals into taking more risks. That results in cybercriminals making more noise, giving cyber defenders a chance to detect attackers early and prevent catastrophic cyberattacks.