What will be the single biggest security threat of 2022?

Our annual survey to find the biggest security threat of the year is back. As in previous years, we asked security professionals a simple question: what will be the single biggest enterprise security threat of 2022? Responses varied from a single sentence to multiple paragraphs, and naturally, many individuals highlighted problems that related to their own industry or solution. Some respondents offered more than one response, where possible these have been split by theme.

Ransomware cited as biggest threat

Ransomware is security professionals' single biggest concern this year—up from second place last year and fourth place in 2020. But as many of our experts point out, ransomware has evolved, with concern is now focused on targeted ransomware, ransomware-as-a-service, and 'double extortion'. CEO and Co-Founder of Cybereason Lior Div explains: “Ransomware as a threat is already established and well known… The risk that doesn’t get enough attention, and that defenders need to understand, is that ransomware has evolved. It started out as a variant of traditional malware—just a different way for threat actors to make a profit when compromising a target. What we see today is not that simple. We now have ransomware cartels—like REvil, Conti, DarkSide, and others—and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain.”

Supply chain concerns continue

The SolarWinds hack in 2020 put the supply chain at top of mind for many security professionals, so it was unsurprising that it was cited as the third biggest threat in last year’s survey. This year, supply chain threats are in second place, with a number of experts expecting threat actors to target specific industries or organisations – such as a major cloud provider.   

Concerns over remote working remain – but lessen

As predicted by our respondents last year, the far-reaching effects of the coronavirus pandemic continue, though security issues related to remote working policies—experts’ biggest concern last year—have dropped to third place.

Like last year, many of the comments centred around device security, the speed at which organisations were forced to adapt to remote working, or the need to accelerate digital transformation plans. Other comments this year expressed concern over unpatched systems – as James Hampson, Operations Director at Logicalis UKI explains, “Patch management isn't usually seen as something driving change, but it ensures that organisations aren’t leaving holes for cyber attackers to exploit.”

People problems and emerging tech round out top 5 concerns

Rounding out the top five security concerns for the upcoming year—and equal in number of comments—were people problems (in the top five for the fourth year) and concerns relating to emerging technology. Our 2020 survey cited people problems as the primary cause for concern, with human error and insider threats featuring alongside other people-related issues such as a lack of understanding of security risks, and—related—the cybersecurity skills gap.

Also worthy of note were the number of comments that cited nation state attacks. Don Smith, Senior Director of Cyber Intelligence at Secureworks believes espionage remains the key driver: “Hostile state activity will continue to focus primarily on espionage rather than on disruption/destruction. Several states, notably China, Russia, and Iran, will continue to conduct operations aimed at harvesting bulk data to support subsequent cyber operations and traditional espionage activities”, while ThycoticCentrify’s Joseph Carson says, “We are truly on the brink of a full-blown cyberwar”.

All 82 usable responses have been included below. Responses have been lightly edited for clarity and grouped into the following sections:

1. Ransomware - 29
2. Supply chain - 7
3. Remote working - 6
4. People - 6
5. Emerging tech (AI, Edge, 5G, Quantum) - 6
6. Nation state attacks - 5
7. Organisation/strategy – 5
8. Phishing/social engineering – 5
9. Other - 13

Ransomware

Carlos Morales, VP Solutions, Neustar Security Solutions: 

DDoS/ransomware-as-a-service, the rise of the cyber enterprise

“Cybercrime has become a lucrative and mature market… This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets. As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer.”

Lior Div, CEO and Co-Founder, Cybereason:

Ransomware 2.0

“Ransomware as a threat is already established and well known. Ransomware attacks occur on a daily basis and 2021 has seen multiple ransomware events that have had a significant impact. The risk that doesn’t get enough attention, and that defenders need to understand, is that ransomware has evolved. It started out as a variant of traditional malware—just a different way for threat actors to make a profit when compromising a target. What we see today is not that simple. We now have ransomware cartels—like REvil, Conti, DarkSide, and others—and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain… RansomOps take a low and slow approach—infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in the network for days, or even weeks.”

Neil Jones, Cybersecurity Evangelist, Egnyte:

Ransomware-as-a-service

“Ransomware-as-a-service (RaaS) will continue to grow and become more sophisticated over the next year. By September of 2021, the number of publicly reported data breaches had already surpassed the total of the previous year by 17%. This is not a new problem and with its increasing frequency it’s important for our leaders to understand how profitable an industry RaaS has become, and the risks they may be facing. We cannot underestimate the intelligence of these RaaS gangs. They are constantly overcoming systems and evolving with new technological advancements. Don’t let your company be fooled by false notions or assumptions about cybercriminals, especially that paying ransom will magically restore access to your company’s files. Instead, stay proactive and vigilant as you create and manage your cybersecurity systems.”

Andrew Rubin, CEO, Illumio:

Ransomware

“2022 will be all about ransomware... again. All crimes, including ransomware attacks, are done for one of two reasons: one, as a political statement, or two, for money. In 2021 we saw that ransomware can be both wildly successful and devastating (i.e., the attacks on Colonial Pipeline and Kaseya), in part because adversaries found a way to be highly efficient in their attacks – they can keep costs low and take advantage of a repeatable operating model. Because this model has become so effective, malicious actors will only accelerate their focus on ransomware in 2022. Until we eliminate or regulate the cryptocurrency economy, we will keep seeing the rise of ransomware into 2022 and beyond.”  

Ehsan Foroughi, CTO, Security Compass:

Ransomware

“I believe the single biggest cyber security threat to enterprises in 2022 will continue to be ransomware, through a combination of phishing attacks and software weaknesses, threatening the integrity of business data and disrupting business continuity.”

Jamie Smith, Head of Cyber Security, S-RM:

Ransomware

"Ransomware will continue to be the biggest security threat to organisations in 2022. Ransomware incidents result in the highest average loss compared to other types of cyber threat. On average, we found that large organisations have suffered USD 1.8 million in direct financial losses, and USD 2.3 million in indirect losses from their single largest cyber incidents to date. And it is those companies not proactively engaging in cyber security at board level that face greater security risks. "

David Carroll, MD, Nominet Cyber:

Ransomware

"Ransomware: Governments around the world will continue to take a more active role in cyber defence during 2022. Economic losses are mounting, supply chain attacks have compromised entire nations, and ransomware now poses one of the biggest security threats to enterprises and national security in 2022. With cyber now presenting a risk to lives as well as to economies, we are potentially reaching a tipping point where governments will increasingly step in to correct any perceived market failures."

Tris Morgan, Global Director Security Advisory & Cyber, BT:

Ransomware

“Typically, cyber attackers have kept blackmail and extortion attempts private to evade law enforcement, and to incentivise their victims to pay up and avoid the impact of it becoming publicly known. With cybersecurity now very much in the public eye though, this is likely to change, especially for major organisations. Going public with the threat of an attack will force businesses to deal with pressure from customers, government and regulators to avoid loss of sensitive data or operational impact, potentially increasingly the likelihood of them paying ransomware demands.”

Simon Walsh, Senior Engineer, Trend Micro:

Ransomware

“With such a lucrative business model and high success rate, 2022 will continue to see all roads lead to ransomware. Numbers will grow and attack methods will diversify and intensify to take advantage of recent changes in enterprise attack surfaces such as less secure home-working environments and nascent cloud infrastructure and services. Expect future ransomware attacks to escalate exploitation of the supply chain, rope in critical Operational Technology environments, and look to cryptocurrency not just as a method of victim payment but as a target in its own right.”

Tom Gillis, SVP and GM, Network and Advanced Security Business Group, VMware:

Double-extortion ransomware

“Threat actors will leverage stolen credentials to pull off a double-extortion ransomware attack against a Fortune 500 company. As organisations put network segmentation in place to stop the spread of ransomware, attackers have evolved to leverage trusted credentials to move throughout the network unabated. With a valid set of credentials, attackers can accomplish much of their nefarious activity without raising a single alarm. Some of the stealthiest credential attacks use native, authorised tools like PowerShell to gain access by appearing as legitimate activity. Once an attacker can move laterally across an organisation’s network, they have the keys to the kingdom in their ability to access sensitive customer information and corporate proprietary data. Enter the double-extortion ransomware attack, in which an attacker quietly exfiltrates this sensitive information before encrypting a victim’s files and threatening to make sensitive data public. This ensures financial gain for cybercriminals who force organisations to not only pay to decrypt their files, but to prevent harmful data from being sold or publicly disclosed.”

Kevin Curran, IEEE Senior Member and Professor of Cybersecurity, Ulster University:

 Ransomware

“Ransomware attacks are growing more sophisticated by the day and take great strides to remain under the radar of leading AV solutions. Once a network has been compromised, attackers further penetrate the connected internal network using exploits and automatic USB infection to encrypt files in addition to sending them outwards. The only solution to most of these is to pay the scammers. It is the deadliest scam at this moment and will increase due in part to the rise of cryptocurrencies which allows the scammers to remain anonymous.”

Mark Ruchie, Chief Information Security Officer, Entrust:

Ransomware

“Ransomware and supply chain attacks, which involve sneaking malicious code into a software update which is automatically pushed out to thousands of organisations, will plague the industry in 2022, with a focus on nation-state and crime group threats.”

Andy Barratt, UK Managing Director, Coalfire:

Ransomware

“Ransomware is poised to be the number-one threat once again in 2022, but firms are likely to cause themselves greater problems if they focus exclusively on preventing this type of outcome. Successful defence requires vigilance and the ability to respond to a variety of attack styles. The payload – often ransomware and data theft – will always grab the headlines but less-well documented is the huge range of attack and vulnerability combinations, or ‘kill chains’, that hackers leverage to achieve these outcomes. As such, the profile of businesses that succumb to attacks next year will remain a broad church.”

Gavin Knapp, Cyber Defence Technical Lead, Bridewell Consulting:

Ransomware