We are living in the middle of an arms race in cybersecurity. Adversaries are leading the way, while the good guys reconfigure and retool, and the cycle continues. What does the crystal ball look like for the cybersecurity and risk management world of 2022?
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Manufacturers are introducing remote operations capacity for OT systems, allowing employees, contractors, and trusted third parties to operate on-site infrastructure from anywhere in the world. While the benefits are multifaceted, the risks to critical infrastructure are real.
Brazil's Health Ministry is looking at extended downtime for the system that processes Covid-19 vaccination data as it attempts to recover from two ransomware attacks that came just four days apart.
Organisations which have chosen the long run tackling digital transformation over the prompt adoption strategy and try to mate it with their established internal tactics have experienced fewer ransomware attacks.
WordFence discovered over 13.7 million cyber attacks targeting four vulnerable plugins and 15 Epsilon framework themes in 36 hours hitting 1.6 million WordPress websites.
Leveraging the Hancitor malware, the ransomware gang earned $43.9 m after compromising 49 critical infrastructure entities in finance, government, healthcare, manufacturing, and IT.
Kronos, a payroll provider known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline due to a ransomware attack. There is speculation that the Log4Shell vulnerability was involved.
The latest Gone Phishin' event, finds that about 20% of the subjects were compromised by a simulated phishing email; almost 15% did not recognize a malicious download site. Larger organizations, or those that would be expected to have more robust security training programs, tended to fare the worst.
BitMart crypto exchange was victimized with a total loss of about $196 million. BitMart has said that it will compensate victims of the crypto theft, but it is using its own internal estimate of $150 million in losses as a guideline.
Companies opening the door to remote work are going to have to rethink security. As workers enjoy more flexibility to work from wherever they want, security teams must learn to mitigate the threats that come with such a shift.










