“The risk from human operated ransomware is only going to increase for enterprises in 2022. In the past decade, ransomware has evolved dramatically from the early crypto locker variants to wormable variants such as WannaCrypt and not NotPetya and is now a thriving criminal enterprise underpinned by skilled human operators. I fear the next evolution will be the further automation of attacks as offensive security approaches continue to develop faster than their defensive counterparts. Using machine learning and automation is a natural progression and might remove some of the mistakes that allow us to currently detect and respond to these attacks.”
Petko Stoyanov, Global Chief Technology Officer, Forcepoint:
Ransomware
“Ransomware has become the sleeper agent of cybersecurity. In the case of ransomware, everyone thinks the often disastrous and harmful effects happen immediately. If I’m your colleague and email you a document, chances are you’d open it. Once activated, the malware could overwhelm and compromise your system in seconds, if that’s the intent. But not always. More often, the malicious ransomware code could incubate and stay hidden for months, only to be activated on a certain time, like a specific day, even timed to the phase of the moon. And over the course of months, the malware can slowly spread, encrypting things—not all at once but little by little—taking things that were once good and exploiting them to do bad things throughout the organization or ecosystem.”
Milad Aslaner, Senior Director, Cyber Defence Strategy, SentinelOne:
Ransomware
“The top risk to enterprise security in 2022 has to be ransomware, as it can be so devastating. It is insidious, damaging to finances and reputations, and for many organisations almost an inevitability – it’s almost become a question of ‘when’ they will be attacked, rather than ‘if’. Related to this issue is risk surrounding the supply chain. A single security failure by one company can now result in hundreds of thousands of subsequent infections and attacks – including subsequent ransomware attacks.”
Jayant Thakre, Vice President of Products, SonicWall:
Ransomware
“I expect increased exploitation of vulnerabilities in 2022, leading to endpoint resource hijacking through malware, data theft, and attacker tenacity. Most breaches will exploit vulnerabilities for which a patch was available but not applied. Effective ransomware attacks will target easy areas such as weak passwords, phishing emails, and employee education. The latest figures show us that ransomware is escalating at record pace. By mid-2021, the total amount of ransomware attacks had far surpassed the 2020’s record-breaking numbers. It is highly unlikely that this will slow down in 2022.”
Ryan Kovar, Distinguished Security Strategist, Splunk:
Ransomware/Supply Chain
“The greatest security threat of 2022 will be the combination of ransomware and supply chain attacks. It’s no longer about if you’re going to get hit with a ransomware attack — it’s when. Through attacking the supply chain, attackers can hold an organisation’s data for ransom, and research indicates that two-thirds of ransomware attacks are enacted by low-level grifters who bought ransomware tools off the dark web. This ease of access makes ransomware a popular and rapidly growing favourite among cyber crooks. With the ongoing supply chain crisis leaving supply lines more vulnerable than ever, organisations must prepare themselves for the inevitability of ransomware attacks to their supply chains.”
Vinay Pidathala, Director of Security Research, Menlo Security:
Ransomware
The rise of ransomware— and how to fight back
“Ransomware isn’t going away anytime soon. Right now, we’re seeing ransomware attacks from every angle - from misconfigured cloud applications and external facing assets – to vulnerable email attachments and links. As the proliferation of cloud and digital transformation continues, we will see even more exploitation of the cloud. Once attackers infiltrate systems, they then wait to find the right assets, steal credentials and encrypt important emails. We aren’t even close to being better protected. Business continuity and disaster recovery strategies will need to improve to a point where enterprises can sustain an attack and have the right tools. Only then will we see the cost of ransomware go down.”
Marc Lueck, CISO EMEA, Zscaler:
Ransomware
“Ransomware extortion acceleration will continue to be the dominant security threat for the foreseeable future. This is fundamentally because it's very effective, and preys on an organisation’s immaturity. Ransomware attacks will continue to become even more sophisticated and disruptive, meaning organisations will need to focus on prevention and recovery to protect data and assets, and avert significant financial and operational risk. Going forward, we can expect organisations to drive zero-trust deployment in response to the continuing threat of ransomware and other cybercrimes.”
Chris Huggett, SVP EMEA, Sungard Availability Services:
Double extortion ransomware
“Double-extortion ransomware has become one of the top cyber security threats facing organisations and will continue to cause damage in 2022. It is a growing tactic among cybercriminals that allow criminals to not only demand a ransom for the stolen data, but also use it as a faux pledge to keep it from being released publicly.”
Heather Gantt-Evans, CISO, SailPoint:
Ransomware
“Ransomware is going to continue to evolve. We are now seeing ransomware converging with hacktivism, where companies are being hit with ransomware just due to the hacker's perceptions of a businesses' values, industry, or actions. In these situations, the hackers are not even requesting a ransom or offering to decrypt the data. We also see that ransomware gangs now have the funds to purchase zero-day vulnerabilities that previously were only accessible to nation states. In 2022, Ransomware-as-a-Service will continue to make ransomware more accessible to a wider range of attackers, while also paying company insiders to deploy ransomware at their place of employment. Nation states are going to continue to invest heavily in compromising identities and using "live off the land" attacks that are very difficult to detect because they do not use malware but instead use native operating system features to carry out their attacks.”
Ravi Bindra, Chief Security Architect, SoftwareONE:
Ransomware
“Ransomware attacks have become a heavily used and hugely fruitful tactic for cybercriminals, and unfortunately this trend looks set to continue. Over the past 12 months, the world has seen bad cyber actors get smarter and quicker at retooling their tactics to capitalise on supply chain vulnerabilities, with supply chain attacks experiencing a 37% year-over-year increase since 2020. These actors have noted these successful tactics, including those making headlines tied to ransomware, and we don’t expect that to change in 2022… Expect ransomware attacks to grow in sophistication, as these attacks wield the potential to wreak more havoc for companies of all sizes across the globe.”
Lewis Pope, Head Security Nerd, N-able:
Rasomware-as-a-service
“Many companies and IT defenders focus on preventing attacks by Advanced Persistent Threat (APT) groups, cybercrime gangs and other professional threat actors. But it’s the rise of under-skilled hackers that also deserves to be on everyone’s radars. New developments like the commoditisation of Ransomware as a Service and Access as a Service has pushed the bar for entry so low that a rise in the number and complexity of attacks perpetuated by under-skilled hackers is likely inevitable—they can get started in minutes and the tools and knowledge available means that these under-skilled threat actors can have the confidence, warranted or not, to launch attacks at any size of business.”
Carl Wearn, Head Of E-Crime, Mimecast:
Ransomware
“The biggest security threat in 2022 will be ransomware, which will likely have devastating effects on businesses, governments, and public services. Recent Mimecast research found that these types of cyberattacks impact companies in a variety of ways, including direct and indirect costs, and job losses. To put things in perspective, the average ransom payment in the UK is £628,606; companies lose out 6 days’ worth of work to ransomware attacks on average; and 39% of executives think they could lose their jobs over a successful ransomware attack. These impacts show that the problem is complex, and the risk is rising, meaning all organisations need the strongest possible protections in place.”
Derek Manky, Chief of Security Insights and Global Threat Alliances at FortiGuard Labs
Ransomware
“In 2022, CISOs can expect to see continued growth in ransomware, combined with the discovery of new malware targeting newly discovered vulnerabilities or zero-days. These attacks will focus on new hybrid networks and work environments, remote workers and evolving connectivity options, and new business-critical applications deployed in the cloud and accessed from anywhere. CISOs should also gear up for a growing sophistication and volume of attacks due to the expanding Crime-as-a-Service market. In addition to the continued sale of ransomware and other malware-as-a-service offerings, new criminal solutions are likely to emerge, including phishing and botnets-as-a-service and an increase in the sale of access to pre-compromised targets.”
Patrick Wragg, Cyber Threat Response Manager, Integrity360:
Ransomware 2.0
“Ransomware attacks are not only using more complex strains that can infect a system and traverse throughout an entire network, but threat actors like Ragnar Locker are increasing the damage by both holding data hostage AND threatening to release it to the public if the ransom isn’t paid. This means prevention is critical. If an attacker successfully gains access to your systems and encrypts them, you are likely left with one solution: pay a ransom. However, there is no guarantee that the hacker will give you a decryption key. The best course of action is to be proactive. Take inventory of all data assets; monitor access to them to identify malicious behaviour; use the law of least privilege when granting administrative authorisation to employees; continually monitor, patch and update all software and/or devices, and regularly back up critical data assets. Then you can truly reduce the chance of an attack.”
John Graham-Cumming, CTO, Cloudflare:
Ransomware
“We expect ransom-based attacks to continue being popular in 2022. Perennial favourites like DDoS attacks will also be the order of the day through the year. And as COVID-related working restrictions remain in place and the workforce continues to work flexibly, companies will need to move to zero trust models that no longer treat the corporate network as a secure citadel. The future is clearly hybrid working in and out of offices, and security needs to reflect that new reality."
Simon Eyre, CISO, Drawbridge:
Ransomware
“We don't expect to see 'one' single threat, realistically, we believe that organisations need to be bullish in their approach to preparing for multiple cyber threats. That being said, we do believe that we'll see additional data exfiltration and data leak threats as more sophisticated ransomware attacks garner sharp scrutiny from governments and concern from businesses… As we have seen through recent attacks, vendor and supply chain attacks are increasing and will continue to threaten businesses throughout 2022.”
Supply Chain
Jason Schmitt, General Manager, Synopsys Software Integrity Group:
Supply chain
“Software supply chain risk management will rapidly emerge as a crucial discipline and top 3 investment area for CISOs as they realise the extent to which they lack visibility into software trust and have underinvested in software security programs relative to the extent of the threat to the business. Cryptocurrency volatility and adoption will both increase, making them an even more attractive playground for malicious forces looking to extract ransom from data heists, as well as attempting to profit from manipulating and stealing cryptocurrencies.”
James Alliband, Senior Security Strategist, VMware:
Supply chain
“In 2022, we will witness a major supply chain attack on a global attack. Colonial Pipeline was possibly the start of an attack vector that really affects us as humans. Humans operating in supply chains are the weakest link and biggest target for bad actors. The UK, for instance, has shown that we panic when there is any kind of shortage or a semblance of shortage, with the sheer panic around fuel and toilet roll shortages key examples. Bad actors – the opportunists they are - exploit vulnerabilities and may want to capitalise on this panic to cause disruption on a global scale.”
Walter Heck, CTO, HeleCloud:
Supply chain
“It is undeniable that terrorism has gone digital, and the supply chain attacks in 2021 have caused havoc around the globe. These cyberattacks don’t just impact the targeted business, as they often cause a ripple effect that harms everyone along the supply chain, including partners, providers, customers. Realistically, these supply chain attacks will only continue to grow in 2022.”
Heather Hinton, Chief Information Security Officer, RingCentral:
Supply chain risk management poses one of the biggest security threats in 2022
“We all know that we are only as strong as the weakest link in our overall supply chain. Ultimately, extra attention is going to be placed on not only businesses’ security, but the disciplines that vendors put on their suppliers and partners also. The demands from customers are clear in that regard. If vendors do not offer a reliable source of security, with evidence of security maturity, throughout their supply chain, customers will simply look elsewhere.”
Adam Seamons, Systems & Security Engineer, GRC International Group:
Supply chain
