Global cybersecurity leader Palo Alto Networks has released its predictions of what will be the trends that will shape the digital landscape for this coming 2022.
This year, we saw the sustained acceleration of innovation and digital transformation as organizations continued to navigate the effects of the global pandemic. Cyber attackers became more sophisticated. The impact of ransomware attacks also reached an unprecedented scale, threatening thousands of organizations worldwide and holding critical infrastructure hostage.
With the pandemic-induced shift in digital behavior and adoption here to stay, looking ahead, organizations should remain vigilant of the emerging trends listed below to ensure they have the appropriate solutions in place to stay ahead of threats.
Prediction 1: The meteoric rise of bitcoin will create a well-funded adversary
The Asia-Pacific region has seen a prominent increase in ransomware attacks. The 2021 Unit 42 Ransomware Threat Report revealed that the average ransom paid by an organization in the first half of 2021 was US$570,000 — an 82% increase from the year before. This demonstrates how cybercriminals continue to profit and dominate the cyber threat landscape.
Cryptocurrency fuels the ransomware economy and due to its rising value and anonymity in ransomware payments, cybercriminals will have more funds and resources to launch bigger attacks on critical infrastructure. Beyond monetary loss for businesses, the systems, and services that entire populations depend on could be crippled.
We can also expect cybercriminals to take data exploitation to the next level with “shameware” attacks — double extortion in ransomware campaigns — to inflict lasting reputational damage on targets who do not accede to their ransom demands. We will also see quadruple extortion tactics rising to the forefront, as threat attackers add pressure points to coerce their victims into paying up.
Prediction 2: As physical and digital lines blur, who or what we trust will impact our security even more
The Web 3.0 era will bring more human-smart devices interaction via geolocation, computer vision, and biometric or commands. The ubiquity of IoT devices in our everyday lives has further blurred the lines between our physical and online worlds. Web 3.0 will make data breaches and other cyberattacks a lot more impactful, as these attacks are on cars, buildings, and physical lives and could lead to far-reaching consequences in the real world.
As early as now, organizations are making progress in shoring up their cybersecurity defense in the Web 3.0 era.
Prediction 3: The API economy will usher in a new era of digital fraud and exploits
While digital banking brings greater convenience and accessibility, it is not without potential risks. The rise of open banking and solid fintech growth in the region coupled with poor programming done at the API level can have serious repercussions as they are the glue that holds most digital apps and software together. New services like Buy Now Pay Later are no exception.
Any security misconfigurations in APIs could be exploited as an entryway for cybercriminals to gain access to personal data, manipulate a transaction, or shut down a key service. Such data is of great value to attackers, who can not only sell the information on the dark web but can also use it to carry out spear-phishing, account takeover attacks, or business email system compromise.
Financial institutions can build customer trust and enhance anti-fraud measures by including customer education as part of their security strategy. Special care should be given to groups like the elderly, who may be more susceptible to fraud as new users of digital banking platforms.
On the backend, financial institutions need to integrate security into all stages of the software delivery process and ensure that they have visibility on their entire API ecosystem. This approach, also known as DevSecOps or “shift left” security, ensures that software is tested for security problems before it goes public, allowing IT teams to plan for any security issues that might appear after deployment.
Prediction 4: Attackers will set their eyes on countries’ critical digital infrastructure
Critical infrastructure, with its confidential and lucrative data, is a key target for cybercriminals. We have witnessed several high-profile attacks in the region, including attacks that have shut down New Zealand’s Stock Exchange and disrupted the operations of Taiwan’s state-owned energy company.
These attacks exposed a damaging weakness on critical infrastructure: the rate at which cybersecurity protocols are implemented is significantly slower than the rate of digitalization. Time-sensitive and highly lucrative critical infrastructure will see more attacks from cybercriminals that can easily exploit weaknesses within their digital systems.
The interconnectedness of supply chain and business applications creates further complications as cyber attackers can infiltrate critical infrastructure from the periphery. In other words, organizations that have taken the necessary precautions to secure themselves might still be exposed to threats through third-party vendors and partners.
Prediction 5: A borderless workforce needs a borderless solution
Threat actors have switched their focus from targeting corporate headquarters or branches to attacking individual homes. As more people settle into their home offices, the number of corporate-issued devices increases correspondingly, these can include video conferencing equipment, IP phones, printers, and more. All of these devices can be points of vulnerability if they are not adequately configured and secured.
As remote work becomes a critical long-term strategy for most organizations, they need to extend their corporate networks and bring unified security policy management to their work-from-home employees.
This should include the deployment of new integrated solutions like secure access service edge (SASE) that combine security, networking, and digital experience management. The best of SASE solutions brings about not just security but also operational efficiency. Organizations can enjoy operational efficiency as SASE centralizes the security of remote sites and users to the cloud where it can be managed holistically.
A Zero Trust mindset will also have to become an important part of this new security paradigm where organizations will need to “trust nothing and validate everything”. It will be essential to continuously validate every stage of a digital interaction across multiple locations to give organizations the peace of mind and assurance they need in today’s digital workforce.
We can also expect a lot more harmonization, or application rationalization, around the all-remote-access technologies that people use, such as VPNs, which can be complex to work out. Conversely, with a home environment, there will be more expectations from both organizations and employees for remote work solutions to be simple to both deploy and manage.