A few days ago, Kacy Zurkus, the content planner of the RSA Conference, released the 2022 cybersecurity forecast based on the thinking of the conference expert committee, covering supply chain security, ransomware, security personnel supply, etc. The security internal parameters are compiled as follows:
Enterprise cleans up system dependencies
Ransomware will spread to the Internet of Things
Ransomware surges from North Korea or Iran
U.S. Government Holds Accountability of Poorly Secure Vendors
A shortage of cybersecurity professionals will spark a crisis
The relationship between companies and suppliers begins to shift towards altruism
Check for weak points in system dependencies
In early October 2021, Facebook experienced an hours-long outage. This reminds us of a stark truth: we already have many dependencies integrated into the system, but we are largely unaware of the impact of those dependencies if there is no downtime.
“Society and dependencies are like stacking Lego blocks, and we don’t really know what it really looks like until one of the blocks is pulled out,” said Hugh Thompson, chair of the RSA Conference Program Committee. Years will inevitably be removed. We now need to consider the impact of each building block on the whole, after all, no one wants to see a tower come crashing down.
Ransomware spreads to the Internet of Things
Ransomware remains in the spotlight. Caroline Wong, chief strategy officer at Cobalt, predicts that we will see malicious groups continue to expand and professionalize ransomware attacks. Wong, however, said she expects some changes to ransomware, especially with regard to the Internet of Things.
“Consumers are no strangers to ransomware. Although they are psychologically prepared, they are still nervous and terrified of it. While some victims’ data may not technically be beyond recovery, Attackers will still use social engineering techniques to trick victims into paying the ransom.”
In 2022, we will likely see malicious actors exploiting vulnerabilities in IoT devices on a regular basis, Wong said. “In previous ransomware, hackers would encrypt the victim’s data and withhold it until a ransom was paid. But this type of attack is different, usually the attacker takes over communication capabilities through an IoT device, exploiting the victim fear and anxiety of the victims and manipulate their behavior through social engineering (i.e. force them to pay the ransom).”
An adversary outside of Russia can cause problems
Dmitri Alperovitch, chairman of Silverado Policy Accelerator, said, “Everyone realizes that Russia has become a safe haven for ransomware attackers. And enemies of other countries, especially North Korea, are watching this closely. Over the next 12 months, We will see a surge in ransomware from North Korea or Iran.
“Our concern is that these other countries will have less experience, making them more likely to make mistakes,” said Ed Skoudis, president of the SANS Institute of Technology. “Lack of experience and lack of skill,” Skoudis said. “I do think we might see a serious ransomware attack (unintentional or intentional) that could destroy a federal government agency and its ability to function.”
Someone gets a court summons
Accountability is a wide-ranging idea, and we want to see everyone accountable to protect the large digital ecosystems on which we depend, and those who fail to meet security requirements will be held accountable.
“Next year we will likely see the federal government sue a federal contractor for their poor security,” Alperovitch said.
Lack of skills will cause a crisis
While cybersecurity initiatives are being implemented across the education sector, Skoudis predicts,
“As technology proliferates and becomes more complex and sophisticated, the scarcity of cybersecurity professionals and expertise will increase, potentially leading to a crisis. The complexity of cloud environments and multi-cloud architectures is growing It’s hard to handle, and we lack a sufficient number of good people.”
Begin a shift towards altruism
This prediction has to do with whether we will spend time identifying weaknesses in system dependencies. The very act of considering potential systemic failures acknowledges that we are interdependent and accountable to each other.
Wendy Nather, head of CISO consulting at Cisco, said many discussions around dependence now focus on shaming victims for not doing their part. “Now we’re talking about legislation to push suppliers to do their jobs. It’s not just a supply chain issue, it’s ‘what should we give each other?’ Because these relationships are not one-way. They’re not just supply chain, but an ecosystem.”
By 2022, we hope to see more awareness of the mutual benefits of our relationships with our suppliers. There is no class system where others can take the blame. “We both have loaded weapons around each other’s waists, so don’t miss out,” Nather said.