Virtualization Technology News and Information
Forescout 2022 Predictions: From Ransomware & Supply Chain Risks to Operational Technology & IoT

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

From Ransomware & Supply Chain Risks to Operational Technology & IoT

By members of the Forescout team

As we look ahead to 2022, we should pause to reflect on the trends of the past year. Ransomware and supply chain attacks have become two of the top concerns for organizations, following a series of high-profile attacks, such as those conducted against Colonial Pipeline, SolarWinds, and Kaseya.

In 2021, our Project Memoria revealed close to 100 different vulnerabilities in common TCP/IP stacks, affecting hundreds of operational technology (OT) vendors. Given that TCP/IP stacks are foundational pieces of software that implement basic network communications for all IP-connected devices, we expect to see this area of vulnerability continue.

With ransomware, supply chain attacks, operational technology and connected devices as most top of mind, here are the six most relevant cybersecurity predictions for 2022:

1. An Increase in Ransomware Attacks Leads to Increased Regulation

Ransomware has been filling the headlines for the past few years, and attack statistics keep going up, so there is no reason to believe that this trend will reverse any time soon. Malicious actors will continue to find new vulnerabilities to exploit - they are almost certainly looking at operational technology and IoT devices as targets after witnessing the impact of the Colonial Pipeline ransomware attack.

Conversely, after witnessing the impact of the Colonial Pipeline ransomware attack, the government has been spurred into action. President Biden issued an Executive Order on Improving the Nation's Cybersecurity, and a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, but industry regulation has been voluntary.

As a result of these national conversations, cybersecurity will enter into the highest levels of discussion, from the White House to board rooms. Consequently, many industries and organizations will see a major cybersecurity hiring pushing to make sure they have the resources they need both to implement protection across IT/IoT/OT networks, and to report cybersecurity incidents as needed.

2. Attackers Return to Connected Devices and IoT

Attacks tend to be cyclical. As organizations rush to respond to the latest threats by implementing the newest solutions, attackers respond by turning their attention to less protected attack surfaces. These days, attackers enjoy having a wider attack surface to exploit, as a direct result of employees working remotely without the proper network and device protections in place.

Additionally, operational technology, connected devices, and IoT tend to be less well protected than most IT environments. For example, the Mirai botnet was able to launch the largest DDoS attacks in history by compromising IoT security cameras. Likewise, highly motivated ransomware groups could seek to compromise critical connected devices, such as medical systems, with a denial-of-service attack in addition to the data encryption.

These expanded attack surfaces require new compliance mandates and security initiatives to protect these critical ‘things' on critical networks. IT and security leaders will re-evaluate their IT assets and security posture for attack surface reduction and management, both internally and through third-party vulnerabilities. This should manifest as increased adoption of zero trust security strategies.

3. The Cybersecurity Skills Shortage Drives the Acceptance of Automation

There has been a notable and ongoing skills shortage in IT security, which is even more drastic for OT security. Very few professionals or college curriculums focus on OT cybersecurity, and that will take years to fix. As a result, enterprises will need to rely on more automation in their decision making, including a heavy focus on visualization and analytics of all available data.

With the growing market of data analysis and incident response solutions, the challenge in 2022 will shift from technology to management processes for efficient incident response. Many organizations may lean into sharing their SOC capabilities with managed service providers (MSPs) to help bridge the gap of this cybersecurity skills shortage.

With so many point solutions in place, but so few people to manage them, enterprises have been struggling to incorporate enterprise-wide cybersecurity. For that reason, in 2022 there should be a shift away from stand-alone cybersecurity solutions towards platform-based solutions or tools that easily integrate with others.

4. IT/OT Convergence Demands Greater OT Asset Visibility 

As more organizations become aware of the cybersecurity risks for operational technology, CISOs will begin taking accountability for OT cybersecurity in 2022. CISOs are already leading these conversations within mature organizations, so we expect the rest of the world to follow their way in 2022 - it will be mandated by senior leadership.

An enhanced focus on OT asset visibility will lead to the greater use of software bills of materials (SBOMs) - a list of all the components in software. With the many ongoing initiatives and government oversight for cybersecurity in critical sectors, SBOMs will be instrumental in providing transparency for software. There are already a handful of commercial options for production, maintenance, and consumption use cases of SBOM. It represents a natural expansion of the asset visibility capability wherein visibility is not only on devices but also their components.

5. A Path to Zero Trust

As the demand for zero trust solutions reaches an all-time high, security vendors have been capitalizing on the hype. Hundreds of vendors have been making claims about their zero trust capabilities even when they provide little to no actual contribution to the architecture. This demand will continue into 2022 with executive and board-level pressure to implement zero trust, but most organizations will have to sift through much more noise to determine which solutions can actually help them.

At a more granular security operations level, enterprises will prepare to contain or isolate security breaches in sensible timeframes (WRT/TTR). To do so, they will enable security and network control orchestrations based upon dynamic policies which get triggered through correlation of real-time insights from various data sources.

A primary challenge that organizations need to overcome is that more solutions focus on policy enforcement point (PEP) instead of policy decision point (PDP), which means organizations lack the macro-level insights they need to enforce their security policies. Furthermore, agent-based zero trust PEP solutions cannot usually be deployed across all connected devices, leaving large swaths of the network isolated from a zero trust architecture.

6. Supply Chain Vulnerabilities Remain a Focus

After the huge impact of the SolarWinds and Kaseya attacks, 2022 will see more supply-chain attacks, where malicious actors target a service provider to gain access to several (up to thousands) of their customers simultaneously. This may include attacks initiated by private criminal entities or by nation-states.

Security researchers and software vendors will continue to find widespread vulnerabilities affecting fundamental components in the software supply chain. TCP/IP stacks and RTOSes have been the main target for the past couple of years, but there could also be an enlarged focus on common implementations of application-layer protocols as well as industry-specific SDKs, such as for IoT connectivity, wireless protocol stacks, and libraries used in OT devices.

Organizations will need to adapt quickly to the expansion of cybersecurity threats in 2022, especially when it comes to protecting critical OT infrastructure. As hybrid work has clearly become the norm across industries and more OT devices connect to corporate networks each day, IT and OT security leaders will need to consolidate teams, policies, tools, and reporting to both protect their organizations and to comply with the inevitable flood of new regulations coming down the pike.


To learn more about the work of research team, please visit our Forescout Research Labs page.

Published Friday, December 10, 2021 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>