What will happen to cybersecurity in 2022?

Bernard Montel, EMEA Technical Director and Cybersecurity Strategist at Tenable, shares his predictions for the new year.


This is a contributed article by Bernard Montel, EMEA Technical Director and Cybersecurity Strategist at Tenable.

2021 has been a year of unrest, and growing demands on the digital ecosystem have led to a spike in cybersecurity attacks estimated to have set organisations back by approximately $6 trillion, according to Cybersecurity Ventures. In even more worrying news, global cybercrime costs expect to grow by 15% over the next five years, reaching $10.5 trillion in losses annually by 2025.

When securing digital assets, security leaders must cover all their bases to stay ahead of the bad actors on the other side of the screen.

Critical infrastructure attacks will get physical
Bad actors are moving away from targeting just operational technology, and are aiming to compromise IT systems. Low cost but high impact attacks such as ransomware remain the primary strategy bad actors adopt in crippling business operations. Security leaders should pay attention to vulnerable infrastructures, where Active Directory is a key target. Organisations will also have to ensure that the risk cybersecurity breaches pose to their business is understood across all teams, from stakeholders to employees, to promote and protect investments made in improving digital systems.

Misconfigured Active Directory spells trouble for businesses
Active Directory (AD) remains central to data retention, organisation, and distribution in a world populated by hybrid work and digital integration of even the most mundane daily tasks. However, since becoming the baseline for SaaS and cloud computing expansion within corporations from a variety of industries, AD has proven a lucrative target for bad actors in recent years.

Major incidents such as the Zerologon vulnerability and the Solorigate backdoor malware have proven the threat AD misconfiguration poses. Unfortunately, bad actors are the greediest when it comes to AD attacks, aiming for the Domain Controller which can easily be accessed through a vulnerable patch. In 2022, bad actors will continue to leverage misconfigured AD to create chaos in systems that are not protected.

Domino Attacks will continue to increase in frequency and ferocity

The SolarWinds and Kaseya attacks heightened concern around the integrity of the software supply chain. Threat actors quickly realised they could capitalise on a domino effect, by compromising one system to expose many more victims. As organisations continue to accelerate their innovation projects or migrate to the cloud to meet the demands of hybrid work models, third-party interdependencies (e.g. software-as-a-service) will continue to expand, and attacks to increase. Organisations must understand how reliance on third parties, even those offering security-as-a-service, has the potential to increase risk. 

Companies should take time to evaluate what and, perhaps even more importantly, who they’re delegating to, and what security precautions are in place. In tandem, think about security when developing applications, before anything is put into production or uploaded to the cloud.

Hybrid working breeds vulnerabilities
With only one-third of remote workers strictly following their organisation’s security guidelines, employees have become an easy target for bad actors. Each worker has an average of eight devices connected to the home network, meaning that attack opportunities are constantly multiplying. By accessing even one device which lacks proper protection, bad actors can eventually access the corporate network. Therefore, it is important that employees are made aware of these attacks, and shown what steps need to be taken to protect shared digital systems.

Organisations should prioritise education in light of cloud migration
Forward-thinking companies will push to educate all stakeholders about the implications of cybersecurity attacks, to protect enterprises. This will be crucial in reaching optimised digital security across cloud systems. With nearly half of organisations moving business-critical functions to the cloud due to the pandemic, such initiatives come as no surprise.

The crucial role security teams play in ensuring cyber hygiene is still recognised. Still, an important step in maintaining security will be to acknowledge the importance of having a cohesive malware protection strategy across all aspects of the business. Every department of an organisation leaves a digital imprint within the wider cloud system, so common safety and cyber-prevention techniques must be shared and taught. 

Bad actors switch towards a cost-benefit strategy
Ransomware operators will change their strategy when picking their targets in 2022, becoming more selective and thinking more about the legal implications of their attacks. If organisations want to outsmart adversaries, they should consider making attacks on their systems appear too difficult, costly and risky. If the reward they could reap does not cover the cost of the investment they would need to make, threat actors are far less likely to pursue it.

We cannot concretely predict what will happen in 2022 – the COVID-19 pandemic put a stop to that kind of thinking – but prioritising key areas will be sure to save money and time for CISOs. Infrastructure, AD and cloud-based assets are inevitably vulnerable to cyberattacks in 2022, and businesses must work hard to catch threats before they do serious damage.

With over 20 years in the security industry, Bernard Montel is Technical Director at Tenable. His expertise includes cryptography, Identity & Access Management, and SOC domains. He has published numerous articles and is regularly invited to speak about cybersecurity providing insight into current cybersecurity threats, cyber risk management, and cyber exposure. Before joining Tenable, Montel held the position of EMEA Field CTO for RSA, where he played a leading role within its Threat Detection & Response department. He has significant experience advising both large and medium size organisations on cybersecurity best practices.