Ransomware will shift – and threat actors will hit even greater lows.

As the U.S. government cracks down on gangs of ransomware, expect attacks to shift to Europe and elsewhere in 2022 as threat actors reach easier targets in countries where government retaliation is less likely. While we will continue to see large multi-million dollar ransom payments, there will likely be a larger amount of smaller bounties using multiple extortion tactics as threat actors find ways to increase the likelihood of a payout while staying under the public radar. Expect violations of smaller ICS targets, including those in the food industry, as these have smaller budgets for security but face the same challenges as larger ICS installations.

As threat actors develop their tactics, victims will also change their responses. Governments and private companies are likely to take more aggressive action the more organizations fight back. Law enforcement agencies will step up efforts to reclaim Bitcoin and increase bounties for information leading to the arrest of cyber criminals. On the private side, it can be expected that more and more companies will take matters into their own hands and hire cyber detectives and white hat hackers to find and defeat cyber attackers.

Nation-state attacks will increase.

With increasing global pressure, 2022 will be a record year for nation-state attacks in number and severity. Russia will continue to be a leading player against the US, Ukraine and other nations. Expect Chinese attacks to increase in volume and aggression as hostilities escalate over technology bans, financial pressures and diplomatic boycotts of the Winter Olympics. And with tensions mounting in the Middle East, the likelihood is high that a Stuxnet-like attack will cripple or seriously damage Iran’s nuclear weapons program.

Defense of critical infrastructures will mature significantly – thanks in part to advances in public and private collaborative efforts to strengthen defense.

Government policies, mandates and laws combined with self-government at the sector level will help establish and enforce a standard basis for cybersecurity of critical infrastructures. Standards and best practices (such as ISA and NIST) are more in focus. The needle will move a lot, but it will still not be fast enough to keep up with the innovation of our opponents.

Public / private sector efforts will begin to transform the landscape from 2022 – thanks in part to significant advances made by Jen Easterly To establish CISA as the central point of cooperation and coordination within the infosec community. However, it will be a few more years before significant improvements are made in terms of meaningful countermeasures. A sign of this progress will be new open solutions for the exchange of information. This includes options that do not compromise private data and enable public and private sector organizations to work together to strengthen defenses.

An evolving Purdue model will include Zero Trust.

In 2021, Zero Trust appeared in OT talks – but without a clear definition of what it means or how it is used. In 2022, Zero Trust will become a more strategic discussion in OT cybersecurity as companies evolve their security frameworks to address a new reality of distributed architectures and the IoT. Zero trust policies will begin by addressing device restrictions and design unsafe PLCs, IoT sensors and controllers. At a minimum, OT cybersecurity providers must consider transparency and compliance with zero trust guidelines on all OT and IoT devices. This will transform an evolving Purdue model into a more conscious adoption of Zero Trust.

Hyper-convergence and the ever-expanding surface of attack.

With the massive introduction of IoT devices and the blurring of the boundaries between IT and OT, the attack surface is only getting larger. From 2022, 5G will enable people who have not been connected to be connected and bring even more devices into the network. In return, we see an increased risk for critical infrastructure and ICS. While cloud adoption in OT environments won’t be universal, cloud-based cybersecurity solutions will find their way into the mix for many as CISOs and security professionals look for ways to build cybersecurity across the enterprise and scale it quickly. Expect more companies to abandon isolated security strategies and adopt hyper-converged solutions that create an effective bridge between IT, OT and IoT to fully address cyber-physical risk.

SBOMs and security certifications become the standard tariff.

When 2021 ended with the massive Disclosure of open source vulnerabilities in Log4J – and after the massive software supply chain hacks from SolarWinds and Kaseya – all in a record year for ICS-CERT vulnerability disclosure, expect the vast majority of industrial and critical infrastructure companies to demand more transparency and higher product safety standards – and Accountability from their software providers and other third party providers. Software Bill of Materials (SBOMs) and increased vendor responsibility are becoming the standard tariff in RFPs and contracts.

The developing market will reach new heights.

Hundreds of millions of dollars were invested in some private OT / ICS companies in 2021. There will be more investment in 2022, but it will wear off as the year progresses as the top 3 OT industry leaders split from the crowd. The macroeconomic environment (higher interest rates + inflation) will intensify this tapering.

IoT providers will continue to target OT opportunities, but will find that OT providers may have more success expanding into their IoT turf. We’ll likely continue to see some technology acquisitions to help larger security vendors complete or expand their portfolios.

2022: the year of the defender

While there is no doubt that cyber threats will keep increasing and evolving, I’ll be putting my money on the defenders in 2022. We made an important turn last year. The threat scenarios we’ve discussed for years – and even those we haven’t had – have become a reality. At the same time, IT and OT organizations have continued to grow together and become stronger. Likewise, your perspective and approach to cybersecurity. The cybersecurity of industrial and critical infrastructures has the highest priority today, which in more and more cases requires and maintains the resources necessary for success. The private and public sectors – and even the provider community – are coming together to support the cause. Building a secure future is a daunting task based on our experience with hundreds of customers, partners and colleagues. Around the world, our global defenders are equipped for this task.

Source link
#Year #Defender #Predictions #IoT #Security

Leave a Reply