Supply Chains Attacks, Ransomware, Clouds, Zero Trust, and More Challenges Since the White House issued an on Cybersecurity in May 2021 to send a clear message about the government's priorities, Cybersecurity has become the main character again. The main goal is Executive Order to create a nationwide commitment to enforcing Cybersecurity best practices. The reason behind this message is the rise of national cybercrime, which is becoming — all these advancements make Cybersecurity crucial for all organizations and nations. more sophisticated, organized, professionalized, and diversified This article will highlight the potential threat vectors and protections that may have a large-scale and global impact in 2022. Those are: Supply Chains Attacks Ransomware Trend API Security AppSec Cloud Security Zero Trust Adoption More Supply Chains Attacks That Keeps Security Pros Up At Night Last year was the year of cybercrime — major cybersecurity incidents like the SolarWinds breach (Sun Bursts) and the Colonial Pipeline ransomware attack have Moreover, Kaseya's supply chain attack taught us all how scalable and serious such an attack can undergo. raised cybersecurity awareness among the public opinions and CXOs. The company acknowledged that hackers injected malicious code into its products used by tens of thousands of victims, including high-profile targets such as military and public government sectors. In addition, supply (i.e., that is why IoT devices are at risk) chain attackers can take various paths to slip malicious code or components into a trusted piece of software or hardware . Later this year, just before Christmas, Log4Shell had happened, a tool popular among the open-source community. Unfortunately, open-source components are increasingly used as a vector for malicious actors since they've seen massive penetration in enterprise environments in recent years while still lacking a lot in terms of security standards. https://hackernoon.com/0-day-log4shell-is-serious-but-its-just-the-tip-of-the-iceberg When compromising a tool like Log4j, attackers can capture sensitive data from hundreds or thousands of downstream users. This simple fact radically changed the economics of these types of attacks. because they often contain secrets that are very easy to leverage to gain access to valuable systems. Code repositories have become high-value targets for attackers 2021 was arguably the year of the supply chain attack, and this trend will continue. In addition, we might even see minor, less obvious supply chain attacks using the developer environment as a "gateway," especially as the former become increasingly complex and interdependent. SMBs Will Be Ransomware's Next Prey The increase in ransomware-related activities throughout 2021 concerned the government, manufacturing, and financial sectors. Attackers were looking for high-potential payouts, and this strategy has proved prosperous. According to an analysis by cybersecurity company (Q1, 2021), the average ransom payment in the first three months of 2021 was USD220,298 — Coveware's Quarterly Ransomware Report a significant rise from USD154,108 in the last quarter of 2020. Yet as smaller businesses transition online and ransomware becomes refined as a cybercrime commodity, the economic landscape evolves. As a result, the odds are that SMBs will become an economically viable mark for cybercriminals looking for vulnerable systems (the effect would be amplified by supply chains attacks). Another compelling factor is — As the price is too high that pushes the victim to give up the data, the attacker gets nothing. Therefore, the most profitable method is to increase the percentage of victims instead of the price of each hack. In other words, ransom price and the willingness to pay negatively correlate. the victim's willingness to pay Some interesting findings: In other words, a smaller company pays less in absolute amount but higher in the percentage of their revenue. Smaller companies generally pay more from a rate-of-return point of view. API is the New Endpoint APIs have become the central nervous system of modern applications, bringing critical information and data from one part of the application to another or from one application to another. As a result, API security should be the priority when securing applications. In the study by , nearly 4.7 million web application-connected cyber security incidents. They discover that attacks are increasing, on average, by 22% each quarter. The worst thing is the blossoming rate for such attacks continues to grow with a 67.9% surge from Q2 2021 to Q3. Imperva Research Labs Web App Attacks Surge, Increasing Data Breaches The result of this surge in web app attacks is a dramatic increase in data breaches incidents. also found that 50% of all data breaches began with web applications earlier this year. Imperva Research Labs With the number of violations increased by 30% annually and the number of records stolen is going up by a staggering 224%, it's estimated that 40 billion records will be compromised by the end of 2021, with web application vulnerabilities likely responsible for around 20 billion. AppSec Will Be The Top Priority for Enterprises With digital transformation, a top concern for many organizations today, application security (AppSec) is more important than ever for CISOs/CSOs. Why? For three reasons: as mentioned above, as supply chains get more complex, the DevOps pipeline attack surface extends. It is arguably more important as many companies have accelerated their digital transformation initiatives as buyer preferences move toward digital channels. , which was conducted after stay-at-home orders began, finds that 61% of IT and DevOps leaders — with 58% also increasing spending. And nearly two-thirds of these initiatives fall into the areas of Agile and DevOps. A study conducted by OpsRamp expect to accelerate their digital transformation initiatives and projects compared with earlier plans As a result, risk management becomes essentially ensures these pipelines are safe. But, developers and their privileged access will still be the perfect target for hackers. Therefore, newly hired leaders must account for AppSec from the start and build a comprehensive and strategic vision for software security. While security will be a top priority, nobody wants to slow down the development cycle. On the other hand, security tools need to focus on developer productivity, so finding the perfect balance between these objectives will be at the heart of AppSec policies. More Cloud Adoptions, More Challenges Introducing cloud technology has forced everyone to reevaluate Cybersecurity. Your data and applications might be floating between local and remote systems — and always internet-accessible. Now consider a team responsible for multiple cloud environments. Not only do they have to navigate the dozens of AWS services available, but; they also need to become experts in Azure Security Center or Google Cloud security services. The complexity of the task grows exponentially as cloud vendors are introduced. As organizations move to multiple cloud providers, the multi-cloud misconfiguration may become the next source of cloud vulnerabilities and attack surfaces. Unfortunately, malicious actors realize the value of cloud-based targets and increasingly investigate them for exploits. Furthermore, despite cloud providers holding many security roles on behalf of clients — they do not manage everything. All that leaves even non-technical users with the duty to self-educate on cloud security. The CISA's Cloud Security Technical Reference Architecture (CSTRA) was an excellent document for federal agencies and other "cloud-wannabe" organizations. In Cybersecurity, the also compliments security goals like pushing Cloud Security Posture Management (CSPM) and Zero Trust. In addition, this CSTRA document is a starting point for further discussions for evangelizing cloud security best practices. Zero-Trust Architecture Maturity Will Gain Momentum Zero trust has gone mainstream, for a good reason. The collective rise in advanced attacks, cloud adoption, and remote work had companies learn that they urgently needed to revamp their digital security postures. Organizations can't physically control every device their employees use anymore. Zero Trust is a security mindset centered on the idea that their perimeters and, alternatively, must verify anything and everything trying to connect before granting access. organizations should not automatically trust anything inside or outside A zero trust architecture (ZTA) is an enterprise's cybersecurity strategy that involves zero trust concepts and embraces Among the helpful resources available to security teams is the . component relationships, workflow planning, and access policies. National Institute of Standards and Technology's (NIST) (ZTA) Zero Trust Architecture The NIST document, , describing the architecture covers: SP800–207 zero trust basics, logical components of ZTA, deployment scenarios/use cases, and threats associated with ZTA. It also covers possible interactions with existing federal guidance and migrating to ZTA. The non-profit IDSA has also published the vendor-neutral , collaboratively developed by 30+ identity and security vendors, solution providers, and customer advisory board members. The framework consists of , providing an additional identity security focus. Identity Defined Security Framework identity security best practices and outcomes and direct mapping to the NIST zero trust architecture Another resource is the , prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. The reference architecture Department of Defense (DoD) Zero Trust Reference Architecture describes standards and capabilities, and DoD noted that the architecture would evolve as zero trust requirements, technology, and best practices develop and mature. By utilizing available resources and deploying best practices, organizations can build and maintain a zero-trust cybersecurity program to help protect against growing threats in this distributed environment. In 2022 we should see continuous progress made in this trend across sectors. Conclusion — Be Prepared The cybersecurity sector is faced with considerable challenges in the coming years — as cybercrime and especially state-sponsored threats are . Unfortunately, even some of the best-defended infrastructures suffered breaches last year, showing that there is always a long way to go in all things related to cyber fortification. increasingly targeting the most vulnerable part of both the public and private sectors The good news is that the stakes have undoubtedly . As a result, most entities will benefit from accelerated programs to implement, enforce, or review security best practices next year. driven public opinions and governments in the proper direction Lastly, organizations are also eager to adopt bespoke cybersecurity solutions and frameworks, such as Zero Trust, better to address the complexities of tomorrow's cyber supply chains. Will 2022 be a peaceful year for cyberattacks, or will these new attack surfaces become a critical threat? The future will show, but organizations should not wait and prepare for eventualities. Thank you for reading. May InfoSec be with you🖖. Also Published Here

Chain

Google

Nationwide

Target

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running.

Cybersecurity Predictions For 2022

Too Long; Didn't Read

Companies Mentioned

Coin Mentioned

@z3nch4n

RELATED STORIES