Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Cybercriminals Are Coming for Your Data - Where You Keep it May Determine If They Succeed
By Nick Rossmann,
Global Threat Intelligence Lead, IBM X-Force
During the last two
years, many organizations have come face to face with the shortcomings of their
digital infrastructure. Some rushed to cloud not considering a measured
approach to their adoption, while others hesitated to lean into the cloud
advantage, digging their heels into their on-premises infrastructure. The
driver behind these decisions was a sense of urgency to adapt when it should've
been a sense of urgency to adapt securely. Going into 2022, it's critical
that organizations show the same sense of urgency when it comes to security, as
they did with adapting to the era of COVID-19, because cyber threats are only
becoming more dangerous.
All cyberattacks have
one common target - data. Whether adversaries seek to access data for
espionage, encrypt and steal it for money or destroy it, data is always their
end target. So first and foremost, organizations need to critically assess and
determine where their data lies - and this answer varies based on the data
residing within a business environment. Why? Because a business needs to
function - and it needs to function competitively, therefore, security and
productivity must support each other, not cancel one another.
That may mean that
certain data, indeed, needs to stay on premises for more oversight, and that
doing so won't interfere with effectively mining it, while other data can
better serve business purposes in the cloud, with proper security and policy
controls surrounding it. This is essential to deal with some of the top security
concerns looming ahead in 2022, including:
Someone Else's
Ransomware Attack, May Become Your Problem
We've seen ransomware
evolve time and time again, with the most recent tactics ransomware aggressors
use being the double extortion tactic, whereby not only do attackers encrypt
data for ransom, but they also threaten to leak it if the ransom demand isn't
met. But the world is only growing more interconnected, and supply chains have
never before been so interlocked, meaning that many organizations can be "held
hostage" by a single company's ransomware attack.
In 2022, we will begin
to see the rise of triple extortion ransomware attacks, whereby a ransomware attack experienced by one business,
becomes an extortion threat for its business partner. Ransomware attackers
won't stop at extorting the victim organization for ransom, they will extort
its business partners whose data it holds or business partners who cannot
afford the supply chain disruption. In other words, we will see certain
businesses faced with the dilemma, do we pay our supplier's ransom, or can our
operations afford and withstand our supplier's downtime?
Like I said, data is
always the target, so cybercriminals will seek to increase the ROI from their
attacks. The ripple effect of triple extortion ransomware attacks will force
businesses to scrutinize and audit their supply chains' access to their data
and the security and policy controls surrounding their trusted relationships.
New Cybercrime
Hideouts in Blockchain Will Make Zero Trust Models a Business Imperative
With
enterprises and consumers increasingly relying on blockchain for their supply
chain management, digital transactions or even NFTs, we'll begin to see
attackers too turn to its legitimate use to stay under the radar for
longer. We've already seen glimpses of similar instances appearing in late 2021. Just as
cybercriminals use collaboration platforms to obfuscate their malicious
traffics, in 2022 will we see blockchain become a more common "tool"
used by cybercriminals to aid in avoiding detection and extending attackers'
stealth.
This
will make it increasingly harder for defenders to discern malicious activity on
the network, making it even more important for businesses to continuously
operate on the assumption of compromise. Ultimately, if an attacker is on a
corporate network in stealth, they cannot be easily detected and therefore all
activity must be scrutinized. We cannot continue to view cyberattacks as big,
noisy events - the most successful ones are the ones you don't even know are occurring,
and therefore a zero-trust security architecture must permeate every business
environment at all times.
Data Auditing Will
Increase - But Not Quick Enough
With
attackers' focus now extending to cloud environments, amid the rise of
Linux-based malware and container targeting, we will begin to see more
companies opting to "spread" their data across multiple environments.
Recognizing that not all data should reside on premises or in clouds,
businesses will shift more toward a hybrid cloud approach, that can allow
them to better manage and protect their data, placing proper security controls
around critical data.
As such, we will begin
to see more "data introspection" exercises with businesses critically
(re)thinking their data protection strategies. This might include modernizing
their core architectures to provide the necessary transaction speed, encryption,
and privacy to thrive responsibly or designing their cloud security
environments to be open and interoperable in order to extend security
visibility, and threat detection and response across their hybrid
architectures.
An absolute infrastructure
is not the answer, a hybrid one built on zero trust principles is. The more
companies understand this, the better they can safeguard their data against
cyber threats in 2022.
##
ABOUT THE AUTHOR
Nick Rossmann, Global Threat Intelligence
Lead, IBM Security X-Force, leads the threat intelligence teams that support
clients and incident response at IBM. Prior to IBM, he held various roles in
the private and public sector, such as FireEye, where he managed its threat
intelligence production, as well as the U.S. intelligence community.