Cybersecurity Predictions for 2022

Cybersecurity Predictions

With 2022 being just around the corner, it’s crucial to start thinking about which key cybersecurity trends to look out for. Below are 5 cybersecurity predictions for 2022:

1. Growing popularity of using internal abusers

As cybersecurity products are getting a stronger grip on IT assets, the use of an internal abuser will become more popular. This will be further amplified due to the economic difficulties, which make the financial benefits for those willing to cooperate more appealing.

Frustrated employees, especially those in IT/cybersecurity departments with high privileges, pose the greatest threat as they are fully aware of the enterprise’s “blind spots” and how to exploit them.

As #WFH continues to be dominant, data-leakage ransomware attacks will continue to grow as the required effort to generate legitimate proof-of-data is ridiculously low. Enterprises do not have control of who is looking over the shoulder of their employees while they work from home, and whether they have malicious intent.

2. Supply chain attacks

Events such as SolarWinds and log4j, among others, emphasized just how vulnerable our infrastructure is to supply chain attacks. The original concept of a Trojan horse will continue to flourish in 2022. As we’ve seen, sometimes going through the “main entrance” hidden within a legitimate application or appliance may prove to be the best option.

3. Embedded devices

We all witnessed the impact that the logs4j had on the IT and cybersecurity markets. The good news though is that there are things you can actually do in order to patch, update and reduce the risk.

But what will happen when a similar vulnerability is found in hardware assets, where patching and updating won’t be all that simple?  Attackers understand the challenges and are aware of the different source code packages scanning products out there. They may focus their efforts on devices with embedded applications that are more difficult to patch.

4. Legacy Devices

Some devices, especially in the healthcare industry, where medical devices go through a rigorous certification process, are extremely difficult to modify. This is because it may require the device to get resubmitted for FDA approval. The constraint leaves a long trail of unpatched, unsecured legacy devices in the infrastructure. The risk is further amplified since some medical devices use popular platforms (i.e., Raspberry Pi) that are constantly getting challenged by potential attackers.

5. Camouflaged devices

As some countries ban the use of certain vendors (i.e., US section 889b), it may push vendors/system integrators/OEM to use those unauthorized network devices while reconfiguring their MAC identity and other unique parameters (i.e., SNMP EOIDs) as to not get flagged out by various asset monitoring solutions. Following this path will support potential attackers’ efforts, as well as bring financial gains to those vendors who are willing to take the risk.