Mike Campfield, VP of Global Security Programs at ExtraHop assesses the top cyber-threats to watch out for in 2022.
The UK cybersecurity market was a major hub of activity in 2021. In fact, according to a recent report published by IBM and the Ponemon Institute, the average cost of a data breach amongst surveyed companies reached $4.24 million in 2021, the highest in 17 years.
Over the last 12 months we have seen record-breaking ransomware attacks take hold of unsuspecting organisations and bring critical national infrastructure to a standstill. The Colonial Pipeline attack, the attack on the world’s largest meat processing company JBS, the Irish Health Service Executive hack and the world’s biggest ransomware attack on record on software supplier Kaseya all happened in a year – and this is just to name a few.
With ransomware attacks continuing to rise, there is no doubt that 2022 is poised to be an interesting year. With UK businesses believing the worst is yet to come, a recent PwC survey revealed that 61% expected to see an increase of reportable ransomware incidents in 2022. As we start the new year faced with an immensely sophisticated landscape, it is therefore critical to know the top threats to watch out for.
Supply chain issues
The advanced techniques that are currently being deployed by cybercriminals allow attackers to infiltrate the entire supply chain without going through the front door. This makes them highly dangerous. The European Union Agency for Cybersecurity found that emerging supply chain attacks were found in 66% of instances focused on supplier’s code.
Supply chain attacks should be on the radar for any cybersecurity expert because the chain reaction that could be triggered by a single supplier can compromise a network of providers. These attacks exploit third party vulnerabilities to gain access to sensitive information or damage an organisation. In 62% of these incidents, malware is the attack technique cybercriminals resort to. The velocity of these attacks has also escalated over the past 12 months; security teams are at risk of being left behind if they do not start focusing on how to access and eliminate their blind spots, thus minimising risk as much as possible.
Throughout the course of 2022, insider threats will continue to be a growing concern to software supply chains. This is largely due to the increased difficulty in being able to control the security of third party organisations you are doing business with. Whilst many organisations have the best of intentions to work together to better serve their customers, not all of them have a strong level of security maturity nor the resources to do so in the safest way possible.
Companies need to ensure that their security is their own responsibility and they can no longer rely on third parties to do this for them. It is not a question of if we will see another major supply chain attack in the coming months, it is a question of when.
Legacy systems in healthcare
Legacy systems are a goldmine for cybercriminals and the healthcare sector is becoming increasingly targeted by threat actors due to the multitude of outdated and damaged systems still in use.
In 2021, healthcare systems across the world struggled as the COVID-19 pandemic hit. To make things worse, they also experienced a large increase in data breaches, costing around $9.23 million per incident – a $2 million increase from 2020. These data breaches can largely be attributed to the use of outdated systems which can often be difficult to update. The NHS is positioned for an overhaul of its systems as a newly released report looks at the challenges in implementing digital change.
Cybercriminals are not only able to adapt and evolve their tactics for accessing systems, they are becoming more sophisticated and are using advanced exploits which easily infiltrate legacy systems. The ease with which they are gaining access has been demonstrated by the ransomware attack on the Healthcare Service Executive service which caused a temporary shutdown of its IT system. In the days after the attacks, appointments dropped by 80% and 95% of all servers had to be restored.
Looking ahead to the next 12 months, if healthcare services do not update their unmanaged devices and legacy systems to implement stronger security policies on their technologies, they will be sitting ducks for cybercriminals.
Working from home: a whole new challenge
Enterprise remote infrastructure security has improved dramatically over the past year, especially during the COVID-19 pandemic. However, when devices leave a controlled environment, such as workplaces and wider corporate spaces, the physical security of the item can become compromised. Organisations can offer added protection to such devices, but once they have left the four walls of a physical building, it can become far more challenging to manage and secure protocols such as passwords and biometrics.
In 2021, the rapid shift to remote working and operations led to an increase in expensive data breaches. It costs organisations over $1 million on average when remote working was indicated as a reason for a data breach. Now, as the UK enters further uncertainty over COVID-19 and continues to introduce restrictions which influence everyday life, such as travel limitations and compulsory mask-wearing, it can be assumed that working from home could become even more prominent in 2022.
The Scientific Advisory Group for Emergencies (SAGE) has announced that experts believe remote working is a ‘highly relevant’ way to reduce transmission of the new variant. Taking this advice into 2022, it can be expected that cybercriminals will continue to take advantage of the lack of physical buildings and organisational security control. If companies need to enable remote working protocols it should not come at the cost of their security.
2022 and beyond
In order to mitigate risk, organisations should not neglect their network security. The bare minimum when it comes to cyber-protection will not be enough. Businesses need to be able to easily detect lateral movement within their networks or they will be blind to the criminal movement happening within their network. In 2022, ransomware is likely to be the biggest security issue, with advanced persistent threat (APT) actors being one of the largest threats.
Notable APTs include the infamous SolarWinds attack as well as the rise of the NSO Group’s Pegasus spyware which was recently used to hack US State Department employees. The former of these was branded one of “the largest and most sophisticated attacks the world has ever seen.”
In order to battle against these upcoming threats, organisations need to know what is happening and must be able to constantly monitor their entire network to help eliminate any and all blind spots. This also allows security teams to respond to threats without the need to sift through large amounts of data to find an anomaly in the network.
In addition, organisations need to leverage cloud-scale machine learning devices that can assist overworked cybersecurity teams. Cloud-scale technology analyses network traffic to help build a better picture of a normal network. Instead, machine-learning and AI-driven tools must be leveraged to assist in detecting bad actors before they get their hands on valuable information, shut down systems and demand payments.
To find out more information about the work that ExtraHop is doing to improve cybersecurity and to stop attackers from having an advantage, visit the company’s website here: https://www.extrahop.com/
This article was originally published in the January 2022 edition of Security Journal UK. To read your FREE digital copy, click here.