Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

Evolving Cyber Threats Will Require Industry Collaboration

By James Gimbi, Director at MOXFIVE

No criminal model has made a more conspicuous impact on how businesses think about cyber resilience than enterprise ransomware. Over the last few years, threat actors shifted their focus from stealthy and sustained data theft to crippling operations for a quick payoff, forcing organizations to invest in cybersecurity to just protect their ability to do business.

This year's high-profile breaches thrust destructive attacks into the spotlight, forcing senior leaders to reconsider their ability to prevent what they can and respond to the inevitable. We wanted to share a few changes we expect to see in 2022 as victims, governments, and bad actors alike respond to a dynamic landscape.

Cybersecurity will be entwined with business relationships and strategy

Boards and senior leaders now recognize high profile, disruptive ransomware attacks as an operational and strategic risk. In the next year, we expect firms to take even greater interest in the cybersecurity of their suppliers, partners, and peers through more rigorous upstream and downstream cyber diligence and third-party risk programs. Cyber posture and resilience will also play a more central role in M&A activity, bringing tangible consequences to growth and transaction opportunities.

Organizations will seek outside expertise

Pressure from business-to-business diligence, cyber insurance carriers, and savvy leadership will cause many organizations to seek outside expertise to mitigate ransomware risk in 2022. Well-equipped firms will focus on thoughtful process, thorough deployment, and rigorous testing as they come to understand that developing resilient posture is not a purely technological problem. Firms that lack fundamental resilience technology will invest, but would do well to temper expectations from their new technologies alone. Many ransomware incidents we see could have been prevented if not for the victim's flawed assumptions about their security tooling.

The cyberattack playbook will expand

As victims and policymakers more directly address the ransomware threat, bad actors will experiment with their attack playbooks to protect their bottom line. We will see wide variance in tooling, targeting, negotiations tactics, and ransom sizing. For example, some threat groups will lean in to monetizing stolen data while others will shy away from data theft entirely to eliminate ambiguity for their victims. Ransomware operators are not a monolith and organizations that tap into expertise with a birds-eye view on the threat landscape will be best positioned for resilience and response.

We'll see the real impact of sanctions and regulations

We will come to better understand the real-world impact of government sanctions and ransomware payment bans in 2022. We may find that well-resourced companies resist paying ransoms, especially firms that rely on outside support like breach counsel, forensics, and recovery teams. At the same time, sanctioned threat groups are professional criminals - they will experiment to protect their profits, perhaps leading to a higher attack volume and intensity, more sensitive targets, or sophisticated tradecraft to hamper attribution. While the current Administration has demonstrated thoughtfulness with regards to these payment bans, we will still need to study how these policies impact the behavior of both the organizations they are designed to protect and the bad actors they are meant to dissuade.

Unfortunately, one prediction we can be sure of is that destructive attacks will be the predominant model as long as attackers can operate without consequence. But as industry and governments understand the threat more clearly and elevate cyber resilience as a core business priority, we can look forward to positive trends in the impact of enterprise ransomware as we approach 2023.

##

ABOUT THE AUTHOR

James Gimbi brings ten years of breach response, cybersecurity strategy, and public interest technology experience to MOXFIVE. His blended expertise helps corporate and government clients reduce cyber risk and tackle complex threats.

Prior to MOXFIVE, James guided security strategy for client leadership at the Boston Consulting Group (BCG). James previously advanced bipartisan privacy and tech policy initiatives as a policy advisor in the United States Senate and investigated state sponsored and criminal cyber attacks across defense, finance, healthcare, and government as a Principal Consultant at Mandiant. James authored cyber supply chain risk management guidance with NIST's Computer Security Division, published research on covert channels, and holds a B.S. with honors in Information Security from the Rochester Institute of Technology.