Cyber Security Predictions for 2022
Normally, I am not a fan of year-end predictions, but as of late I have found them to be a good way to reflect upon what we have seen in terms of cyber security and what I expect to see for the future. As a CISO, I always want to make sure we have the correct people, processes, and technology in place to prepare for upcoming issues. These are some of the cyber security trends I see continuing and some of the emerging areas we are going to be watching in 2022.
These have only gotten worse, and we do not see them letting up anytime soon. They are an easy way to make money for criminals, and the risk of getting caught is fairly low. Law enforcement is starting to crack down on the more egregious attacks (think Colonial Pipeline), but that will only shift the criminals’ approach from one large attack to attacking multiple mid-size and small companies. The response from law enforcement is not as strong, and the payout is still pretty good.
Spear Phishing/Whale Phishing
We continue to see targeted attacks against specific people within companies. Typically, they want someone who has access to money. For example, if someone in accounts payable gets their email compromised, they will have their emails downloaded and their address book copied. The attackers will then try to convince vendors to route the money to a new bank, oftentimes successfully. They will also review the address book to see if they can spam someone in the address book to get their email compromised. This is what is currently happening, and many times they stop there. We expect to see an increase in ransomware on the users that have been compromised as the threat actors already have a foothold.
Flashy Attacks, but Fewer
We still expect to see flashy attacks that garner news headlines, but we expe