2021 was certainly the year of big breaches. The size of breaches and the volume of cyberattacks went up significantly this year. How will the year 2022 pan out and what will be the major trends to watch out for? Our threat research team has put together a few cybersecurity predictions based on the data we have analyzed in 2021.
Cybersecurity in 2022
Focus on compliance: we expect more governments and regulators to frame regulation around critical infrastructure cybersecurity. As we have seen in the US and Singapore, government agencies are now actively encouraging businesses and critical infrastructure operators to adopt more stringent cybersecurity policies and operate with more visibility into their networks, devices, and infrastructure. This trend is expected to gain momentum in 2022 with many more pieces of legislation that will come through. Unfortunately, a few of these will be in reaction to a few major cyberattacks on critical infrastructure.
Ransomware will continue to dominate: along with new ransomware, there will be newer variants of existing ransomware released by hackers to target data at rest and in motion. Increasingly, hackers are not releasing stolen data on various forums like before. This means that they are either selling it to other hackers or retaining it to target the same business in the future. Ransomware is getting plenty of R&D attention from hackers and because of cybersecurity gaps, hackers can easily slip them into critical and non-critical infrastructure to exploit vulnerabilities and/or previously disclosed but unattended security issues.
Big year for IoT cybersecurity and countermeasures: with a huge number of IoT devices coming online in the last two years, IoT deployments are finally receiving some level of security attention. It is still early days but 2022 should see a major rise in investments in IoT cybersecurity along with a slew of measures to improve cybersecurity.
OT cybersecurity may face more issues due to devices: as OT-based enterprises refuse to eliminate older (unpatched) devices from their infrastructure, these will pose a bigger security challenge in 2022.
Year of personalized cyberattacks: in the year 2022, hackers will target specific individuals within businesses using multiple channels including phone calls, emails, social media messages, and even SMS messages to create more breach opportunities. The role of insiders is growing and this trend will continue in 2022.
The threshold for APT actors will be lowered: in 2021, we saw APT actors becoming active during episodes such as sporting events and even swearing-in of lawmakers. APT actors are becoming more impatient and their state-backed handlers also want to ensure that these hackers keep upskilling themselves through real-world attacks. 2022 will see more APT action across the globe with the hotspots being the US, India, Israel. UK, Singapore, UAE, Ukraine, Germany, New Zealand, and Australia. These countries will be the preferred targets for APT groups. Read more in this from our weekly threat monitor.
Cyber terrorists will target more supply chains: supply chains linked to pharmaceutical companies, defense hardware, and manufacturing will be targeted by APT and sponsored independent groups. If the business involved can take more measures to push security at all levels, most of these attacks can be prevented.
Powerplants, power transmission cables, and water treatment plants will be targeted more often: these entities have been the favorite of hackers in 2021 and they will continue to be targeted in 2022.