Cybersecurity trends in 2022
Supply chains, IoT devices and health care are in the sights of cyber criminals adopting ever more aggressive tactics and insurance will be harder to get, leaving organisations badly exposed Threats and trends in cybersecurity Supply chains, IoT devices and health care are in the sights of cyber criminals adopting ever more aggressive tactics and insurance will be harder to get, leaving organisations badly exposed, says Sapien Cyber CEO Glenn Murray. Smart cities and the Internet of Things have created a hyperconnected society but cybercriminals are exploiting these networks because there is no focus on security. Cybercriminal activity is now taking advantage of the highly connected world we live in and the vulnerability of IoT devices are going to come under scrutiny in 2022. IoT devices are rarely well protected and proving to be the weak link to exploit networks. Health care will be the number one target for cyber-attacks and ransomware, with medical IoT devices targeted in the coming year. Cyber security attacks are growing in frequency and audacity in Australia during 2021, with multiple high-profile threats to steal data and shut down systems. Criminals came within minutes of shutting down Queensland power stations capable of lighting three million homes and one of Tasmania’s biggest employers was attacked for the second time this year. Even in December, the details of up to 80,000 workers were accessed in a cyber attack on a payroll software provider in South Australia. In the coming 12 months, companies and organisations need to understand the threats to their business and networks, and be prepared the fallout from not taking preventative action. Businesses may be uninsurable Businesses that are not locking the metaphorical doors on their networks risk facing higher insurance premiums, or worse – finding themselves uninsurable. The directive is coming from the top. This year, the Australian Prudential Regulatory Authority (APRA) started directing Australian insurers to review their cyber risk profile and reconsider whether insurers are themselves underplaying risk. Global ransomware attacks doubled in 2021 after a 170% spike in the previous year, and the size of ransom demanded also continues to climb. With attacks higher in yield and sophistication, insurance firms have been paying out in a big way on existing policies, and there is also a trend to attacking companies with good insurance coverage. This has inevitably led to a crackdown on businesses not taking responsibility and underwriters are transferring some of that risk back to the insured party. It will become increasingly necessary for businesses to demonstrate appropriate cyber security risk management for insurers to have their back. Get a clear picture of the problems Weakness in networks comes not just from ever increasing ‘zero-day attacks’ but also from older vulnerabilities due to poor patching programs, and this patch gap in operational technology environments will be exploited in 2022. Businesses need to get across the weaknesses and threats present in their network and that come from threat monitoring. But when you have all that data, what do you do with it? As the saying goes, value is drawn not from how much information is in a presentation but how much of the information is retained. Visualisation gives meaning to data – it’s the key delivery mechanism. By seeing the threats and weaknesses in networks, and partnering with experts, organisations can better manage and measure cyber security risk. Think about a gas wellhead control panel – all the information about pressure, flow and other key metrics is available whenever access is needed, and changes in patterns that could lead to problems can be addressed. It’s no different to cyber security threat monitoring. Business leaders don’t need to know how security is tracking every moment of the day, but there will be processes to alert them if there is a problem or emergency. Shore up your supply chains 2021 was another tumultuous year for supply chains, with sea and air freight prices soaring thanks to COVID-19, port closures and container shortages, not to mention the Suez Canal delays. The world’s eyes were on the United States in May over the havoc caused by the Colonial Pipeline attack, which opened eyes to critical infrastructure operational technology vulnerabilities. The ransomware attack crippled the computer system that controlled supplies of oil, petrol, and jet fuel to the south-eastern United States, forcing authorities to pay a ransom. Some of the ransom was later recovered but companies would be unwise to bank on this outcome in an attack. An extortion model will be the next level of escalation, where cybercriminals would seek access to targets through the company’s own supply chain and hold critical data to ransom, then leak the attack to media for maximum visibility. Critical infrastructure will become a focal point in Australia in the coming year, with many businesses discovering they are deemed critical by new legislation which was passed in November. Under the Critical Infrastructure Bill, companies will be forced to disclose cyber attacks and company directors could potentially be held liable if they cannot demonstrate that sufficient action was taken to defend the organisation. That will not be an easy scenario to deal with. Supply chain layers and complexity can accumulate like a babushka doll, presenting a greater surface area for cracks to appear and be exploited by cyber criminals. Secure renewable energy networks Australia has one of the highest uptakes of solar energy in the world, with data from the Clean Energy Regulator showing more than 2.68 million systems have been installed. Renewable energy is scaling up as well. Microgrids – small scale electricity systems driven by solar panels, battery storage and other infrastructure – provide reliable electricity and optimise energy generation and usage. But these types of systems can be vulnerable to cyber threats if they are not properly secured and while many are closed systems, some also provide services back to a major grid as a final backup. An attack that leaked into a major grid would be a disaster, lowering energy production or overloading batteries connected to solar-plus-storage systems, placing health and lives at risk. Demand for security by design in such systems needs to increase, to build resilience into devices and technology, and this is best done by bringing together technology engineers and cyber security experts. Cryptocurrency and ransomware Cryptocurrency will continue to be an enabler of cyber crime, incubating a network of invisible people who make attacks that can’t been seen and seek currency that is not visible or easily traceable. A trend is emerging in steal and sell ransomware, which means that criminals are not only seeking a ransom but extorting the target organisation by selling the data to competitors. Cybercriminal are now stealing data before organisations are even aware they are in the network, then executing the ransomware – a technique so successful it is expected to escalate in 2022. Ransomware attacks can be defended against. A client recently faced an extortion threat where for every day that a ransom was not paid, the price rose by 0.2 bitcoins. But when the attackers returned to up the ante, they found nothing. The infected network was fixed and moved to a new location and business went on as usual. But the successful defence above only worked because the client was prepared. Their system was properly monitored, they had servers backed up in separate locations. Law enforcement agencies are making some progressing in tracking down cyber crooks but while crypto remains unregulated and difficult to trace, there will always be people ready to exploit it and make quick money.