How will the new year (2022) impact IoT and OT security in the Middle East and what new trends should we be aware of? Sectrio’s threat research team offers answers.
Rise of geopolitical threats in 2022
With the worsening geopolitical situation in the Middle East, we can expect new levels of APT activity. Most of this activity will target critical infrastructure including those connected to shipping, power, and communications.
The cost of cyberattacks will go up
The average ransom demand in the region has been increasing by USD 500,000 (pre-negotiation) in the last three years. This number is expected to rise this year as well.
Cyberattacks and reconnaissance attacks on IoT and OT deployments will intensify
Based on past patterns, we expect cyberattacks on UAE, Saudi Arabia, Oman, Turkey, and Bahrain to rise in the first half of 2022. Health and safety systems, ICS, SCADA, PLC, IoT devices, and networks will be targeted extensively by hackers.
New malware will dominate H1 2022
New and more sophisticated and stealthy malware will be launched by hackers to target manufacturing and utility infrastructure. H2 will see the emergence of more variants. Ransom will be the key objective of malware developers. Crypto mining malware will also make a significant impact on businesses this year.
Network and device vulnerabilities will get more attention from hackers and businesses
While hackers will try and exploit these, businesses should try to get more disciplined in adhering to patching and vulnerability scanning schedules.
2022 will be the year of cyber threat intelligence
Towards the second half of 2021, many businesses were seen shopping for threat intelligence feeds. This exercise will intensify in 2022 as regional businesses seek to improve their threat hunting and detection capabilities.
Compliance and standards
Compliance mandates will move from a voluntary exercise to a compulsory one for all sectors. This means that regional governments will ask businesses to ramp their cybersecurity measures to align with existing standards like IEC 62443 or new ones that will be enacted.
The year of reporting
As we have seen in the US, reporting after a cybersecurity incident will be made mandatory with clear guidelines on who should know what and when.
Supply chain vetting and internal security practices will turn mainstream and streamlined
This year, the supply chain situation will stabilize across the region with the adoption of new cybersecurity practices to deepen resilience and to ensure that these are not disrupted from within.
Attack surfaces will continue to expand
Thanks to digital transformation and automation across sectors, more and more attack surfaces will emerge for threats to exploit. Digital transformation in sectors such as manufacturing should be undertaken with care and diligence to prevent these from opening gaps in the overall cybersecurity posture of businesses.
More IoT and OT cyberattacks will grab headlines
Businesses will find it difficult to contain information on such attacks and thus we will see a rise in the appearance of such reports in the media.
Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now.
Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business