Three threats to enterprise security in 2022

2021 saw the rise of many new types of cyber threats that would give many Chief Information Security Officers sleepless nights. From the likes of state-sponsored snooping such as Pegasus, to hacker groups exploiting vulnerabilities in code such as the infamous Apache Log4j vulnerability, which is still ongoing. With many technologies and trends expected to boom in the coming year, TechCircle lists out the topmost threat predictions for 2022.    

Ransomware continues to wreak havoc

2021 was the year of ransomware attacks and it took many forms, including adapting the as-a-service route. Ransomware as a service was on the rise and will continue well into 2022. The attacks range from extortion on valuable data, to penetrating the software supply chain, according to Barracuda Networks.

“Figuring out how to slow that down by encouraging collaboration between governments and developing alliances with vendors will be critical in the year ahead,” Barracuda networks said in its recent threat report for 2022. 

Also read: India sees 30-fold spike on DDoS attacks amid festive season: Report

“In 2022, we can expect that cybercrime cartels will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world,” said Tom Kellermann, head of cybersecurity strategy at VMware, in a blogpost by the company on 2022 cybersecurity trends. 

Critical Infrastructures and supply chains will remain in focus 

The pandemic showed that cybercriminals didn’t flinch in exploiting the pandemic situation, targeting the vaccine supply chain, as well as attacking the healthcare system. Infact, a study by Gartner earlier this month showed that atleast 30% of all critical infrastructures will experience one major attack by 2025.  

The Gartner report warned that overlooking operational technology securities of these critical infrastructures would make them soft targets to cybercriminals, with the potential to pose a threat to the nation as a whole.

Similarly, Supply chains can be complex with multiple endpoints, securing which can be a big challenge for enterprises in 2022.

According to HP, supply chain attacks are likely to continue to present new opportunities to threat actors in 2022, making the integrity of the supply chain vital. HP, also warned that criminals will launch attacks quicker than organisations, which can be mitigated through investing in secure software development cycles. 

Filling the dearth of cybersecurity professionals 

The current cybersecurity talent shortage could lead to a security crisis and create new opportunities.  ‘The great resignation’ earlier this year has made security challenges even more troublesome.   

Also read: India jumps to 4th place in global spam calls

“2022 businesses will rely more on their vendors to provide automated tools and services, like XDR (extended detection and response) and Managed detection and response (MDR). Managed services providers will become a critical resource as well,” Barracuda networks said. 

A 2021 study by the Information security systems association showed that Information security teams are aware of the gaps in skillsets.  95% of those surveyed in the study on 500 security experts said that skills shortage has not improved in recent years. 59% also added that their companies could do a lot more to address this skill gap. 

Barracuda also said that 2022 will have more security positions filled by individuals with backgrounds different from workers in orthodox cybersecurity roles, and also with different skillsets.