Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Misinformation, Multi-Layered Scams and Microservices, Oh My!
By Laurence Pitt, Global Security Strategy Director, Juniper Networks
Cyber threats come in many shapes and sizes and stem from
vulnerabilities most don't even realize until it's too late. While it's true
that the pandemic has exposed many of these over the last 18+ months, criminals
continue to find ways to exploit new vulnerabilities and spread misinformation,
leading to much larger scale consequences than we've seen thus far. 2022 will
teach us to cast a wider net when searching for and patching vulnerabilities
and will serve as a stern reminder to update cyber hygiene practices as if your
data depends on it (because it does!). Below are my thoughts on the "Three
Cyber Ms of 2022."
Misinformation will give cybercriminals yet another weapon: 2021 was
the year when cybercriminals took advantage of a pandemic to spread
misinformation, mostly around vaccines and taking advantage of our need for
normalcy to extort money with fake medicines, fake certifications and more. The
global scale of these campaigns allowed attackers to learn and profit
massively. To make matters worse, state actors including Russia, China and Iran
have got involved with shaping and manipulating vaccine narratives. I predict
that in 2022 these learnings will be used to spread even more complex
misinformation, perhaps even MiaaS (Misinformation As A Service??), to fleece
victims, slow economic recoveries, disrupt elections, and undermine other
country-based decision events. We must combat misinformation with truth to
avoid disastrous consequences with lasting implications for our governments.
Revamping personal cyber hygiene will be more important than ever in
2022: Identity theft is being used in more complicated scams, and unfortunately
people are still not keeping up with the need to secure ALL their accounts to
the highest level available. In 2021 there were stories of people having their
own home sold by a criminal, returning home to discover the new owners, and
losing out on hundreds of thousands of £/$. As you can imagine, these are
complex and multi-layered scams, but all rely on just one small vulnerability
to let them in - oversharing on social media, not using MFA (Multi-Factor
Authentication) when available, weak passwords or being too trusting when the
phone rings, etc. Personal cyber-awareness must increase in 2022. And
it's not just consumer data - weak or compromised passwords will account for
many breaches into corporate networks. This means that cyber hygiene must
be a consideration for individuals as well as enterprises as a whole (AKA,
don't skimp out on the cybersecurity training!).
Microservices will bring macro threats: Use of
cloud software is increasing exponentially with more people working remotely,
and as organizations begin to see the opportunity to reduce OPEX costs by using
someone else's hardware. One big advantage of cloud software is the ability for
applications to be upgraded simply, without downtime, by using microservices. While
this makes perfect sense from a development and agility perspective, it also expands
the overall attack surface. Since microservices communicate with each other via
APIs independent of machine architecture and programming language, attack
vectors are not hard to uncover. Needless to say, criminals have spotted this
opportunity, and it has in fact led to some toe-in-the-water level attacks
during 2021. As this trend toward microservices in the cloud continues in 2022,
expect to see similar growth in microservice level attacks as criminals turn
this to their advantage.
Between misinformation, multi-layered scams and
microservices with macro threats, there are plenty of risks to keep us all on
our toes in 2022. It seems that we say this every year, but it really is more
important than ever to anticipate, monitor and stop threats in their tracks to
avoid costly and challenging security setbacks in the enterprise and beyond.
##
ABOUT THE AUTHOR
Laurence
Pitt is Global Security Strategy Director at Juniper Networks. He has more than
twenty years of cybersecurity experience, having started out in systems design
and moved through product management in areas from endpoint security to managed
networks. In his role at Juniper, he articulates security clearly to business
and across the business, creating and having conversations to provoke careful
thought about process, policy and solutions. Security throughout the network is
a key area where Juniper can help as business moves to the cloud and undertakes
the challenge of digital transformation.