Virtualization Technology News and Information
Mitiga 2022 Predictions: New Cybercriminal Capabilities and Talent Challenges Ahead

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

New Cybercriminal Capabilities and Talent Challenges Ahead

By Tal Mozes, co-founder and CEO of Mitiga

Before the pandemic hit almost two years ago, many businesses were planning a shift to the cloud and a digital transformation journey. COVID-19 accelerated that shift and transformed the global business landscape, providing new opportunities for cybercriminals and challenges in finding talent with expertise in cloud environments, especially those who have cybersecurity experience.

As we plan for 2022, we need to think about what's coming next and how to best prepare for the year ahead. What new technologies will take over, and how will we train and hire new talent to face new challenges in the year ahead?

1) DarkCloud Is Coming. Get Ready for a Stormy 2022

The Darknet - which originally described computers on ARPANET that were hidden and programmed to receive messages, but did not respond to or acknowledge anything - is going to be succeeded by the DarkCloud. Criminals will use an invisible cloud to attack organizations in 2022, taking full advantage of the cloud's capabilities for on demand scale and ubiquitous accessibility. Ransomware and malware are already available as a service, and will use cloud native technologies to attack cloud infrastructure at scale.

2) Cyber Insurance Will Require Incident Readiness

The cyber insurance market will drive better cybersecurity, requiring organizations to prove that they are effectively implementing cybersecurity and following best practices before accepting new cyber insurance clients. Losses resulting from data breaches, ransomware, and other cybersecurity incidents will require proof of readiness before insurance firms will pay out.

3) Three Ransomware Trends to Watch in 2022

While attackers and defenders continue to learn new skills and technologies to stay ahead of each other, governments will enter the fray, increasing pressure towards cyber criminals conducting ransomware attacks. Continuing the ransomware trend of 2020 and 2021, pressure will increase in three key ways:

  1. Regulators will increase the responsibility and accountability of victims of ransomware for their part in the game.
  2. Boards of directors will bear personal responsibility if their organization is a victim of ransomware, increasing the importance of preparedness for risk, cyber risk, and ransomware.
  3. Attackers will become more sophisticated. Upping the ante from encryption to double extortion will no longer be enough. Now attackers will have enough data and environment access to be able to conduct denial of service attacks, making it that much harder for organizations struggling with DDoS (on top of encryption and extortion) to return to business as usual.

4) More Cloud = Bigger Resource Gap

As organizations increasingly accelerate their shift to cloud, there's going to be an even bigger gap between the demand for talent and the people who have the necessary skills in cloud environments, cloud-native cybersecurity, and incident response in the cloud. Many incident responders today know how to do traditional IR, but cannot adapt to the new techniques needed for cloud IR. If they don't respond to this new cloud-first world, they'll become irrelevant and an even greater talent gap will result.

5) New Cyber Talent Will Turn to Hacking

The industry has complained for years about the lack of talent in cybersecurity, and yet it's not valuing new graduates and bootcamp students. Entry level jobs require three to five years of experience, leaving many students who learned how to pen test and hack with time on their hands and no job opportunities. Unless the industry finds ways to train and mentor these eager students - and helps them transition successfully into the field, they'll find the cybercriminal industry all too ready to take them in.

6) Increased Attacks on SaaS

As the coronavirus cases continue to drop and then peak again, many organizations are recognizing that the pandemic still isn't behind us. As they re-prioritize working from home for their employees, organizations will seek new tech for better remote collaboration and onboarding. To take advantage of this new tech, cybercriminals will increasingly attack through 3rd party applications, impacting thousands of vendors.

7) Pandemic Increases Pressure on CISOs to Improve Readiness

As the pandemic drags on, increasing pressure on organizations to move more applications and services to the cloud, it will also increase pressure on CISOs. Chief Information Security Officers are already struggling with insufficient budget and talent, and now their environments are changing far more frequently than they can keep up with. Choosing between what they can implement now and what they can (responsibly) leave for later will lead them to focus on how to increase readiness and resilience in their organizations.

There's no crystal ball that guarantees what we'll see in 2022, but we'll certainly see a year filled with new pressures and opportunities. Embracing and training new entrants into the cybersecurity field will help us tackle many of the challenges we anticipate facing, and we hope other organizations will join us in welcoming new cybersecurity talent. To overcome other challenges ahead, we believe that adopting a readiness mindset will help them prepare for cybersecurity events and bounce back to business as usual quickly.



Tal Mozes 

Tal Mozes is co-founder and CEO of Mitiga. the cloud incident response company. He is a serial-entrepreneur with multiple exits, including Hacktics, acquired by Ernst & Young. As Partner at EY, Tal headed EMEA Cyber Threat Management for the financial sector. He also led EY's Americas Cybersecurity Centre of Excellence.

Published Tuesday, November 23, 2021 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>