Virtualization Technology News and Information
IBM 2022 Predictions: Cybercriminals Are Coming for Your Data - Where You Keep it May Determine If They Succeed

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Cybercriminals Are Coming for Your Data - Where You Keep it May Determine If They Succeed

By Nick Rossmann, Global Threat Intelligence Lead, IBM X-Force

During the last two years, many organizations have come face to face with the shortcomings of their digital infrastructure. Some rushed to cloud not considering a measured approach to their adoption, while others hesitated to lean into the cloud advantage, digging their heels into their on-premises infrastructure. The driver behind these decisions was a sense of urgency to adapt when it should've been a sense of urgency to adapt securely. Going into 2022, it's critical that organizations show the same sense of urgency when it comes to security, as they did with adapting to the era of COVID-19, because cyber threats are only becoming more dangerous.

All cyberattacks have one common target - data. Whether adversaries seek to access data for espionage, encrypt and steal it for money or destroy it, data is always their end target. So first and foremost, organizations need to critically assess and determine where their data lies - and this answer varies based on the data residing within a business environment. Why? Because a business needs to function - and it needs to function competitively, therefore, security and productivity must support each other, not cancel one another.

That may mean that certain data, indeed, needs to stay on premises for more oversight, and that doing so won't interfere with effectively mining it, while other data can better serve business purposes in the cloud, with proper security and policy controls surrounding it. This is essential to deal with some of the top security concerns looming ahead in 2022, including:

Someone Else's Ransomware Attack, May Become Your Problem

We've seen ransomware evolve time and time again, with the most recent tactics ransomware aggressors use being the double extortion tactic, whereby not only do attackers encrypt data for ransom, but they also threaten to leak it if the ransom demand isn't met. But the world is only growing more interconnected, and supply chains have never before been so interlocked, meaning that many organizations can be "held hostage" by a single company's ransomware attack.

In 2022, we will begin to see the rise of triple extortion ransomware attacks, whereby a ransomware attack experienced by one business, becomes an extortion threat for its business partner. Ransomware attackers won't stop at extorting the victim organization for ransom, they will extort its business partners whose data it holds or business partners who cannot afford the supply chain disruption. In other words, we will see certain businesses faced with the dilemma, do we pay our supplier's ransom, or can our operations afford and withstand our supplier's downtime?

Like I said, data is always the target, so cybercriminals will seek to increase the ROI from their attacks. The ripple effect of triple extortion ransomware attacks will force businesses to scrutinize and audit their supply chains' access to their data and the security and policy controls surrounding their trusted relationships.

New Cybercrime Hideouts in Blockchain Will Make Zero Trust Models a Business Imperative

With enterprises and consumers increasingly relying on blockchain for their supply chain management, digital transactions or even NFTs, we'll begin to see attackers too turn to its legitimate use to stay under the radar for longer. We've already seen glimpses of similar instances appearing in late 2021. Just as cybercriminals use collaboration platforms to obfuscate their malicious traffics, in 2022 will we see blockchain become a more common "tool" used by cybercriminals to aid in avoiding detection and extending attackers' stealth.

This will make it increasingly harder for defenders to discern malicious activity on the network, making it even more important for businesses to continuously operate on the assumption of compromise. Ultimately, if an attacker is on a corporate network in stealth, they cannot be easily detected and therefore all activity must be scrutinized. We cannot continue to view cyberattacks as big, noisy events - the most successful ones are the ones you don't even know are occurring, and therefore a zero-trust security architecture must permeate every business environment at all times.

Data Auditing Will Increase - But Not Quick Enough

With attackers' focus now extending to cloud environments, amid the rise of Linux-based malware and container targeting, we will begin to see more companies opting to "spread" their data across multiple environments. Recognizing that not all data should reside on premises or in clouds, businesses will shift more toward a hybrid cloud approach, that can allow them to better manage and protect their data, placing proper security controls around critical data. 

As such, we will begin to see more "data introspection" exercises with businesses critically (re)thinking their data protection strategies. This might include modernizing their core architectures to provide the necessary transaction speed, encryption, and privacy to thrive responsibly or designing their cloud security environments to be open and interoperable in order to extend security visibility, and threat detection and response across their hybrid architectures.

An absolute infrastructure is not the answer, a hybrid one built on zero trust principles is. The more companies understand this, the better they can safeguard their data against cyber threats in 2022.



Nick Rossmann 

Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force, leads the threat intelligence teams that support clients and incident response at IBM. Prior to IBM, he held various roles in the private and public sector, such as FireEye, where he managed its threat intelligence production, as well as the U.S. intelligence community.

Published Wednesday, December 01, 2021 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>