Companies have never been as vulnerable as they are today. The widespread move to the home office has significantly increased the number of attacks, their sophistication and the effects of phishing and social engineering attacks. The same goes for ransomware attacks. In 2021 there was also increased activity by state threat actors.
The forecasts of the security specialist Ivanti provide an answer as to how developments will continue in the coming year.
Ransomware attackers are changing their tactics
Ransomware has developed rapidly and will continue to be responsible for the majority of all cyber attacks in 2022. It can be expected that blackmailers will change their tactics, expand their attack arsenal and focus more on unpatched vulnerabilities in the company. However, companies have massively improved their data backup, not least in view of the number and severity of attacks in the past year.
Threat actors will react to this and increasingly forego the use of ransomware tools. Instead, they go straight to data theft and subsequent corporate blackmail. The number of attacks will continue to increase in critical infrastructure sectors such as the energy sector, healthcare or the food supply chain. The latter in particular still has a lot of catching up to do in terms of IT security.
Nation-state attacks are subsiding
Even if state-supported threat actors do not cease their operations, it can be assumed that they will be less present in 2022 than this year. On the one hand, the tightening of cybersecurity guidelines and requirements driven by many countries is having a positive effect. On the other hand, many tools and techniques of state-supported threat actors have been uncovered in the past few months. This means that you must first invest time in updating your kits and refining your techniques. It is also to be expected that they will look for new attack vectors in the next wave. For example, their focus will increasingly be on managed service providers who provide IT and security services for companies, and less directly on companies.
Phishing attackers are using new channels
The phishing problem should and could have been solved a long time ago. The entire IT industry has to be chalked up: According to a recent survey by Ivanti, 73% of German respondents said that their company was a victim of a phishing attack in the past year. Far more sophisticated phishing activities can be expected in 2022. For example, threat actors will increasingly target marketing firms and focus on vulnerabilities in tools used by email marketers. The logic behind this: Marketing emails come from known sources and the chance is high that the recipient will trust them - and ultimately click on a malicious link.
Risk-based weak point analysis becomes a hygiene factor
Most successful attacks are the result of poor cyber hygiene. Even advanced attacks, such as attacks on a supply chain or ransomware, often begin with basic tactics such as social engineering, phishing or the exploitation of vulnerabilities in unpatched software. Against the background of increasingly complex environments, there will be no way around the automation of cyber hygiene in 2022. One way to achieve this is to use a combination of risk-based vulnerability prioritization and automatic patch intelligence. This allows companies to identify weak points, to prioritize them according to their potential risk and then to accelerate the elimination.
EDR will replace virus and vulnerability scanners
Traditional vulnerabilities and anti-virus scanners will continue to lose importance over the next year. They are increasingly being replaced by endpoint detection and response (EDR) solutions. Identity and user behavior analysis tools are also likely to revive, which were actually launched far too early. It can be expected that new technologies for user analysis will appear under new acronyms in 2022 - but more likely in the second half of the year.
Central identity management is becoming essential
In view of the nationwide home office requirement for the coming months, security teams will have to continue to work on keeping the working environment under control. As far as home networks are concerned, the increasing number of networked IoT devices remains a key problem. In the home office, they are the ideal gateway for hackers - and thus a latent risk for company resources. Remote offboarding is also complex in terms of security. After all, it is not enough for an employee to send their work laptop back to the employer. Virtual access to cloud resources must also be prevented. Not least because of this, securing identities through Zero Trust will become more and more important in the coming year.
More at Ivanti.com
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.