It is not an overstatement to say that COVID-19 has affected every facet of our personal and professional life as we are in the second year of the pandemic. The pandemic has changed the game in terms of enterprise security trends.
Today, millions of employees use residential Wi-Fi to access business networks or cloud-based applications. Remote access is used by IT professionals to troubleshoot mission-critical systems. The strain on supply systems is beginning to fracture. And the bad guys aren't wasting any time in taking advantage of these possible weaknesses.
The scope and sophistication of assaults are regrettably only anticipated to increase in 2022, so here are the hot and not-so-hot security trends for the year.
9 hot and cold cybersecurity trends:
Hot – Ransomware
Hot – Cryptomining/Cryptojacking
Hot – Deepfakes
Hot – Videoconferencing attacks
Cold – VPNs
Hot – IoT and OT attacks
Hot – Supply chain attacks
Hot – XDR
Cold – Passwords
Hot: Ransomware Isn’t Going Away! Ransomware attacks are on the rise and show no signs of slowing down. These attacks have grown exponentially and will continue to rise – largely due to the pandemic, as we’ve seen the massive amount of online growth and increased digital environments. The shift to work-at-home left organizations scrambling to strengthen their cybersecurity posture. Now, organizations have to deal with their employees' multitasking both professionally and personally from multiple devices in an environment that may or may not be secure. Organizations focus on implementing cyber-hygiene, including training and education for the entire organization to help mitigate phishing attacks. Organizations should be proactive in securing data and should consider implementing a zero-trust security model. Hot: Cryptomining/Cryptojacking Ramps Up Cryptojacking, ransomware’s less flashy cousin, occurs when attackers use ransomware-style phishing attacks to breach an organization to mine cryptocurrency using the organization’s compute resources. One advantage for the attacker is that they can remain undetected for a long time. Since no ransom was sought and no personally identifiable information was stolen, companies don’t have to disclose what was hacked. That makes it difficult to quantify the cost of the intrusion since the damages are things like lost compute capabilities, slower performance, and higher electric bills. However, as cryptocurrencies appreciate in value, there’s more incentive for attackers to commit cryptojacking. The ultimate payout consists of a reward (in cryptocurrency) for being the first to validate a new block of transactions. Cryptojacking is a growing and serious security threat because “It’s essentially a backdoor into your organization” that could be sold to others looking to launch ransomware or other types of attacks. Hot: Deepfakes Become Weaponized Deepfakes (think Photoshop on steroids) will become a hot security issue this year and beyond. Thus far, deepfakes have been seen primarily in the entertainment sphere, with doctored videos showing one actor’s face morphing into another. Or, with politicians being spoofed on video saying things that they clearly never said. Attackers will weaponize deepfake technology to compromise biometric access controls by spoofing someone’s face. The use of AI-based deepfakes has many other sinister possibilities in the enterprise realm. There has already been a case in which fraudsters spoofed the voice of a CEO and tricked a subordinate to transfer a large amount of money to a fake account. Beyond fraud, an attacker could create a video in which a CEO or other business executive is shown doing something embarrassing or illegal and use the deepfake for blackmail purposes. Hot: Attacks Against Conferencing Software With the pandemic showing no signs of slowing down, many employees are remaining at home, communicating with colleagues over teleconferencing and videoconferencing software. Attacks against those services will continue to be a concern. Organizations need to adopt formal corporate policies and procedures for staffers to follow to combat threat actors trying to piggyback on a session to eavesdrop on conversations and to view presentations that might contain sensitive information. Globe recommends that organizations take steps like scrubbing invitation lists, password-protecting video conferences, sending out passwords in a separate communication from the meeting invitation, having the moderator manually admit participants, and locking the meeting once it starts.. Cold: VPNs are Fading Away The pandemic put the spotlight on secure remote access for work-at-home employees, exposing the flaws of the traditional VPN. It’s not all that secure, it’s complex to manage, doesn’t provide a good user experience, and it’s part of the old-school perimeter model of security. It’s not that we’re throwing away VPNs, but when we look at ways to secure remote workers, VPNs are not something we want. We’d rather do a zero-trust remote access solution. VPNs provide a secure tunnel between the remote user and enterprise resources, but VPN technology can’t tell if the connecting device is already infected or if someone is using stolen credentials; it doesn’t provide application layer security, and it can’t provide role-based access control once a user connects to the network. Zero trust addresses all those issues. Hot: Attacks Against Iot And OT Attacks against internet of things (IoT) and operational technology (OT) infrastructure will heat up in 2022 across a variety of targets including critical infrastructure, traditional manufacturing facilities, even smart home networks. Attackers will target industrial sensors to cause physical damage that could result in assembly lines shutting down or services being interrupted. The pandemic has increased the prevalence of employees managing these systems via remote access, which provides a very good entry point for cybercriminals. Attackers may also conduct ransomware-type attacks that lock up a homeowner’s smart door lock or smart thermostat. In this scenario, the attacker is probably targeting the vendor that supplies the smart home technology. Hot: Supply Chain Attacks The supply chain is only as strong as its weakest link and that’s how hackers are going after high-value targets. The most infamous hack in recent times was the SolarWinds attack, a supply chain attack in which hackers leveraged a flaw in network monitoring software from SolarWinds to breach hundreds of companies. Supply chain attacks will remain a hot topic. He recommends that organizations pay special attention to third parties, partners, contractors, managed service providers and cloud service providers. Insist that these entities demonstrate that their security practices are sound and make sure to constantly verify that these organizations are adhering to their security policies. Hot: Extended Detection and Response (XDR) Extended detection and response (XDR) is a relatively new approach to threat detection and response that attempts to break down security siloes and provide a cloud-based service that encompasses multiple security-related data streams. XDR takes advantage of the power of cloud-based big data analytics to make sense of data from endpoint protection agents, email security, identity and access management, network management, cloud security, threat intelligence, threat hunting, etc. XDR is less about a specific product than it is about building a platform that can integrate the capabilities of multiple security tools to analyze a potential security threat in context. Cold: Passwords It’s been a longstanding truism that passwords are a weak form of security, but the industry has been slow to adopt alternatives – until now. Between the FIDO Alliance, Microsoft Hello, and strong pushes by industry heavyweights like Apple and Google, momentum is growing for password-less authentication based on biometrics (fingerprints or facial recognition). Fully passwordless solutions are preferable to two-factor authentication schemes that rely on passwords for one of the factors.
Blogging from the Dashboard
On the dashboard, you have everything you need to manage your blog in one place. You can create new posts, assign categories, adjust SEO and more. Click Create New Post to get started writing, adding images and formatting your post.
Blogging from the mobile app
Write posts, reply to comments, and manage your blog all on the go. Download the Wix Owner App from the dashboard to get started.
Blogging from your published site
Did you know that you can blog right from your published website? Once you publish your site, go to your website’s URL and log in to your site with your Wix account. There you can write and edit posts, manage comments, pin posts and more. Just click on the 3 dot icon ( ⠇) to see all the things you can do.
Comments