It’s that time of year once again – to take a look ahead at what we can expect in cyber threats and cybersecurity trends for the new calendar year. The effects of the global pandemic continue to impact not just our health but our global economy, and cyber-attackers are just as persistent as those fighting for our wellbeing. Not surprisingly, ransomware is expected to remain a top cybersecurity threat for businesses worldwide. As supply chain challenges grow due to the pandemic, attackers are expected to also grow, evolve, and further automate attacks against suppliers. Vigilance is crucial, layered security is key, and even traditional methods of prevention have an important role to play in defending against these cyber attack trends – provided we are doing our part in keeping them tuned and our cybersecurity programs current.
Development Operations in criminal enterprises will continue to proliferate as attacker tools grow in demand. CyberArk Labs anticipates malware as a service (MaaS) to be as popular as legitimate software, with cloud infrastructures used to develop exploits in much the same way businesses use them. Mandiant reports that this activity will become more complex due to “outsourcing in malicious operations via mechanisms such as ransomware affiliate programs, exploit vendors, commercial contractors, malware vendors and freelancers,” with no signs of slowing down in 2022.
However, CyberArk states “[j]ust like any other enterprise, they’ll face new security challenges in managing multi-tenant SaaS applications, securing remote access to sensitive systems and data and more.”
Security research firms like CyberArk Labs also expect an increase in cybersecurity threats against open-source libraries, which often go undetected and can be executed quickly. These attacks can allow for 1.) credential theft and 2.) access to create backdoor functions to install ransomware, which in turn is expected to continue to trend upward. Ransomware has become a lucrative business, with criminals operating from locations outside legal jurisdictions. Mandiant reports that attackers will continue to leverage multiple extortion in ransomware attacks and will even try to recruit insiders to carry out the ransom demands.
“Deepfake” is a combination of “deep learning” and “fake”. This method of manipulating media started in 2017 using new artificial intelligence technology to create videos or photos of people doing things they didn’t actually do. It has quickly grown and improved in sophistication – to where it is expected to be used to bypass authentication and identification systems as well as facilitate business email compromise schemes and social engineering attacks. Mandiant’s report states that “the effectiveness of deepfakes in information operations has been discussed in the cybersecurity community, but state sponsored and financially motivated actors have also demonstrated growing interest in this technology.”
The fact that cyberattacks continue to grow in sophistication does not necessarily mean we have to abandon how we’re currently protecting our technology environments. For starters, we must remain vigilant. It is imperative that everyone understands the cyber threats that could impact business operations and how to best defend against them. It is also imperative to maintain focus on the traditional protection methods and ensure they are configured for optimal effectiveness1:
Conduct ongoing cybersecurity awareness training to help reduce the risk of individuals inadvertently providing access credentials or clicking on malicious links or attachments. This is a critical component of any comprehensive information security program.
Your risk appetite is the ultimate measure of preparedness. Having proactive measures in place depends on the cybersecurity threats to your business and your tolerance for disruptions.
Who We Serve
What We Offer