Simon Eyre, CISO, Drawbridge
2021 changed the cybersecurity landscape as businesses were forced to deal with large-scale and sophisticated cyberattacks while the world continued to battle the lasting effects of the Covid19 pandemic.
As we began embracing’ the new normal’ in 2021, businesses had to accept permanent changes to how they operate, communicate and manage their operations. And while these changes were afoot, cybercriminals worked to exploit new vulnerabilities created by this unprecedented shift in how we work and operate. As a result, we witnessed a sharp increase in cyber-attacks across every industry, ranging from the Kaseya attack to the Colonial Pipeline shutdown. One thing remains clear: today’s cybercriminals are consistently evolving their tactics and methods -and businesses must respond in kind. To prepare and ensure they can withstand the uncertainty that lies ahead, they must understand how the cyber landscape will evolve in 2022.
What’s next
As we enter 2022, many of the threats we experienced this year are likely to continue. The increased number of successful attacks this year has shown cybercriminals one main thing: their tactics are working and working well. From 2019 to 2020, the average ransom paid during ransomware attacks increased by 171%. Monetization of cyberattacks will continue driving successful attack execution into 2022.
Traditional ransomware attacks have gained heightened attention from governing bodies globally. We are beginning to see some of the regulatory and policy implications of increased awareness. In the United States, Congress has introduced over 100 cybersecurity related bills this year. Further, in 2023, the EU’s Digital Operational Resilience Act (DORA) is expected to come into effect. Government intervention in cybersecurity matters ramped up in 2021 and likely will continue into 2022.
We’ll also see additional data exfiltration and data leak threats in 2022. Aside from the reputational damage such attacks can create, businesses realize these escalating incidents can also significantly impact privacy/and or intellectual property and have a cascading effect on their broader client and partner ecosystems.
How to prepare
To minimize potential damages and stay ahead of cybercriminals, businesses must take proactive actions around data control, vulnerability management, third-party risk and internal training. Data migrations to SaaS and Cloud Services are powerful tools but only after sufficient due diligence on their cybersecurity posture and correct deployment. Businesses must understand their comprehensive data flow processing and third-party risk landscape, specifically what vendors are involved in what aspects of their business. If business leaders truly understand data flow, they can apply the correct risk assessment mitigations to the appropriate data and vendors.
They must also ensure protections for social engineering attacks, which can have severe impacts on your cyber resilience. Businesses should prioritize policies such as required two-factor authentication and regular employee cybersecurity training sessions to defend against and mitigate the damages caused by these attacks. Staff training as an administrative control and vulnerability management as a technical control are the last lines of defense against socially engineered attacks.
The great resignation – how to retain talent
Maintaining a team of top cybersecurity talent is critical to shore up your proactive cybersecurity defenses. Great cybersecurity talent tends to come from those who have an innate passion for the field, and to keep that going, it also requires constant education to stay abreast of the ever-evolving threat landscape. Businesses shouldn’t underestimate the time it takes to stay sharp in cyber and must buttress their employee with ongoing training and research.
Cyber experts cannot do everything themselves; they need support from the business, especially the C-suite to ensure they can properly perform and protect the business. Changes to cybersecurity policies need buy-in from the executive team to push permanent changes and remain compliant. Cyber teams will tend to lose faith in the company if it’s not clear everyone is on board with implementing the needed changes to secure the organization.
The Role of regulators
As governments around the globe focus more on cybersecurity and join the discourse on issues, regulations will continue to evolve. We’ve already seen more prescriptive requirements from the Securities and Exchange Commission (SEC) and Monetary Authority of Singapore (MAS) around cybersecurity and the likes of the Financial Conduct Authority (FCA) stepping up their expectations for Operational Resilience.
Governing bodies are also carefully monitoring the impact of hybrid working, with regulators striving to ensure this rapid transformation hasn’t affected firms’ cyber and operational requirements. Collaboration with working groups, regulators and specialist cybersecurity vendors is the primary method we see to understand the current and future requirements. With constantly changing regulatory requirements, communication will be more vital than ever.
Don’t make the same mistake twice
2021 was a roller-coaster for the Ransomware-as-a-Service Industry. While there were significant pay-outs and public attacks, we’ve also witnessed some attackers being brought to justice. Not only has the US Government offer a $10m reward for locating the leaders of the REvil ransomware operators, but it managed to reclaim multiple payments and conduct several arrests – particularly against those responsible for the Kaseya ransomware attack.
Multiple ransomware operators relaunched themselves this year in a bid to escape the increased pressure they’ve faced. The bold increase in government action could result in significant changes to ransomware attacks in 2022, all while there has been a renewed call against paying out ransoms. In many cases, businesses may face legal action for paying and unintentionally supporting terrorist affiliated organizations. To prevent being stuck in a predicament where your business must weigh the pros and cons of paying a ransom, it’s imperative that you put the proper plan in place now.
The future is here
The ongoing effects of the pandemic combined with a spate of high-profile cyber-attacks and global supply chain shortages have shown us the true interconnectedness of the world – and how an attack on one business can have a cascading effect on customers, partners and other third parties. As 2021 comes to a close, now is the time to reflect and assess where your organization fell short and where it succeeded with your cyber programs and prepare to defend your business against what will be a rigorous and evolving threat landscape. If your business understands the new cybersecurity trends and you continuously educate your team on new threats and protective measures, you can ensure business will be ready for whatever strikes next.