Cyberattacks are not a recent phenomenon, but their risk is growing. 2021 has proven that these hacks are occurring more frequently and that even the most sophisticated organisations can be threatened. The reality is that these cyberattacks will continue to be an enormous threat in 2022.
Below, we have collated predictions from top cybersecurity executives on how to navigate these new challenges and ensure that your business stays safe in 2022.
Philip Gradwell, Chief Economist at Chainalysis
Covid accelerated crypto, like it accelerated all digital trends, so crypto in 2022 will be shaped by the progression of the pandemic. With Omicron, it seems we are entering a 'risk-off' cycle, but in a world where economics and finance have been totally transformed by unprecedented monetary expansion since March 2020. So crypto demand from risk-sensitive investors will likely decrease, while it will likely increase from investors who think we are in a new monetary paradigm and so believe that new monetary technology is a good bet. Into this mix we should add retail investors. Many have made gains on their assets but may now be facing financial pressures, from new restrictions, inflation, to the end of government support programmes. The temptation to cash in those gains will be high.
Bitcoin will see a new wave of buyers. Institutional investors have been watching bitcoin closely in 2021, given its all time highs. If my conversations are anything to go by, many have gone further: building strategies and selecting service providers. Now they are raising funds with a crypto allocation, which could be deployed in 2022 - especially if ESG concerns can be met. The big question is whether the institutions that entered in Q4 of 2020 and Q1 2021- the majority of recent, new institutional buyers - decide to sell to this next wave. If so, then the price pressure will be muted as new demand is balanced by their sales. But if everyone continues to hold, then price pressure could increase significantly given the supply of bitcoin that is readily available to buy is at historical lows.
The race is on to be the app store for crypto. In 2021, consumer's options to buy crypto were greater than ever before, as fintechs competed with crypto exchanges. But also in 2021, DeFi and NFTs demonstrated that more can be done with crypto than just investing. However, these use cases are only available outside of the main consumer services. A major lesson of Web 2.0 was that consumers love platforms, and I don't think that is going to change for Web 3.0. Currently there is no crypto platform that owns the customer relationship and aggregates suppliers. I predict that in 2022, many companies will race to build this platform, with Coinbase in the lead as it integrates DeFi and NFTs.
Mike Sentonas, CTO at Crowdstrike
This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold. However, in 2022, we expect to see the extortion/exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion.
We're seeing an entire underground economy being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that's being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can't get their ransomware to execute past the encryption stage, they'll pivot and find other ways to gain access to the data to sell for a profit anyway.
In today's world, if you get hit by ransomware, you can expect to get hit by double extortion. And, ransomware actors will continue to innovate and evolve to find new ways to monetize their victims.
Nick Mills, General Manager EMEA, CircleCI
Survival of the Automated: Automation and continuous validation will be key to software innovation
"Software development, particularly processes related to continuous integration and deployment, will become even more reliant on automation, as the complexity of software dependencies and supply chains becomes an increasingly intricate lacework of collaboration between global developers and loosely coupled architectures. The growing adoption of cloud storage, service-oriented architectures, third-party API-based services, and open source code, makes modern software development monumentally complex.
"Therefore, continuous validation - that is, constantly validating that all software changes and dependencies are working - will become absolutely critical to how software teams integrate and manage changes before code hits production, ensuring they deliver and maintain high quality software applications."
David Maidment, Senior Director Secure Device Ecosystem, Arm (a PSA Certified co-founder)
As the growing number of IoT devices has soared, the ecosystem has uncovered a number of security challenges in the bid to make devices more secure, while adhering to the maturing regulatory landscape. In the last three years, an ecosystem of over 50 partners have collaborated around PSA Certified in order to provide a common framework around IoT security, which is critical to our connected future. Having a program that encourages broad adherence to regulations and that drives a common language in the growing ecosystem is vital.
In 2022, we expect perceptions of IoT security to shift from it being a cost to a necessary value. With laws, regulations and baseline requirements changing the way we see security, there's a growing recognition of the importance of best-practice security and the risks of inaction. Third-party evaluation and certification frameworks will continue to play an increasingly central role in driving consistency across markets and to building trust and assurance in connected devices.
This coming year, we anticipate that the ecosystem will take proactive IoT measures to protect devices based on the Root of Trust. Moving away from siloed approaches to hardware security, leveraging cross-industry collaboration and embracing a secure-by-design culture will act as a catalyst for trusted IoT deployment at scale.
Thomas LaRock, Head Geek, SolarWinds
"Securing the enterprise in 2022 by normalizing risk aversion: Cybercrime has reached a new peak with the onslaught of ransomware attacks and data breaches in the last several months. The 2021 SolarWinds IT Trends Report details how organizations experienced medium exposure to enterprise IT risk over the past year. Although the survey respondents felt their existing risk mitigation and management policies/procedures were sufficient, it's absolutely critical for organizations and tech pros to adopt a mentality where even "medium" risk exposure is unacceptable.
"We expect to see two trends emerge in 2022 in response to the evolving threat landscape. As the rate of attacks continues to accelerate in lockstep with hackers' attack methodologies and schemes developing at scale, more tech professionals and organizations will look to cloud service providers, managed service providers (MSPs) and managed security service providers (MSSPs), and other third-party security tools (like those offered by Microsoft 365® subscriptions) to supplement their own IT policies and keep pace with the new, more effective security measures.
"Tech pros and the IT community at large will better secure the enterprise by normalizing a sense of risk aversion—that is, moving from simply accepting the current exposure to a mindset where any level of risk exposure is unacceptable. This means beginning to evaluate and implement the principles of a secure enterprise, starting first and foremost with understanding security compromises will happen as cyber hackers deploy more sophisticated attacks. Tech pros should also implement detection, monitoring, alerts, and response along the kill chain and engage in red team/tabletop exercises to measure effectiveness."
Guy Podjarny, Co-Founder & President, Snyk
"2021 proved that supply chains are more susceptible than ever to cyber attacks. The risk is growing largely because of the increasing reliance on proprietary and open source code and is compounded by the speed and complexity of modern apps, as well as the increasing sophistication of potential intruders. In 2022 we'd expect to see this trend continue, with geopolitical tensions still high and COVID continuing to drive businesses to become digital and embrace cloud faster.
However, there are things developers can do to mitigate further risk. They need to identify and fix weaknesses in the components they use, and invest in strong security hygiene practices. Security teams should embrace a DevSecOps approach, focusing on helping the people doing the work make secure decisions and investing in breaking silos and increasing automation.
While developers can't stop people from attempting to hack and exploit their systems, they can stop them from succeeding. Putting security at the heart of the development process is the only way to achieve that at scale."