With organizations continuing to embrace digital platforms, there are a significant number of vulnerabilities they failed to address while hurrying the launch of the product. This provides opportunities for threat actors to execute their malicious intent. Going in to 2022, IT leaders should watch out for cyber threats that are likely to dominate the enterprise environment.
The last couple of years have been stressful for CISOs. With organizations speeding their adoption of digital technologies, in an effort to operate within a COVID-19 environment, they have failed to take the necessary steps to secure their infrastructure. This has led to a significant surge in cyber-attacks. While the restrictions seemed to fade, organizations have begun to embrace hybrid work, creating more cybersecurity challenges for CISOs. In 2022, organizations are likely to witness more of the cyber-attacks in addition to them threatening the business operations.
Here are a few threats that they should look out in 2022:
Third-party/supply chain attacks
2021 has witnessed a number of supply-chain attacks – that is, attacks where an attack was launched against an organization and then cascaded to other organizations with which they have a relationship. “We expect this trend to continue as companies seek to diversify their supply chains in order to establish greater resiliency in the face of unpredictable global events,” says Matthew Gracey- McMinn, Head of Threat Research, Netacea. He adds, “Attackers are also keen to use this method, as by compromising one supplier with relatively weak security they can then cascade this attack into breaches of multiple related organizations, some of which may have much stronger security models.”
Also Read: Three Compliance Mistakes CISOs should Avoid
Increasing Ransomware attacks
Ransomware attack has become one the most popular choice of attack among threat actors. In 2022, they are likely to balloon in both sophistication and numbers. Matthew Gracey-McMinn believes the financial returns on ransomware are significant, with the average cost of ransomware attacks rising significantly in 2020-21 (though the exact number is hard to pin down due to businesses being reluctant to admit to paying ransoms). He states, “Similarly, attackers are developing the ransomware marketplace, with Ransomware as a Service (RAAS) now being on offer, and specializations developing in the marketplace (e.g., access brokers sell access to compromised networks, which ransomware groups can purchase to save themselves the time and effort involved in obtaining initial access to a network). The financial severity of ransomware attacks is being recognized by companies offering cyber insurance – they are increasing premiums while decreasing coverage, in order to offset their own losses.”
Mobile phone attacks
Mobile phones have become an ever-ubiquitous part of the information technology landscape, even in today’s enterprise environment. They are growing in capability, with ever more advanced hardware and applications. However, the surge in applications and developments in hardware creates new opportunities for attackers. “From a hardware perspective, the rollout of 5G communications networks and increase in the power and capabilities of such phones will allow for new and faster avenues for attack against phones, as well increase the value to attackers when they are compromised.
Similarly, the ever increasing number of applications individuals are encouraged to install creates new opportunities for compromise through apps that may not be properly secure or by convincing users to download malicious apps. As phones become increasingly important to day-to-day life, being used for everything from banking to shopping, attackers have more reason to try and compromise them, and, with their increased capabilities, compromising them means attackers can now more easily use them as a launchpad or botnet for future attacks. All of this will encourage attackers to up their focus on APIs more generally over the coming year,” says Matthew Gracey- McMinn.
For more such updates follow us on Google News ITsecuritywire News