2021 was the year when a ransomware attack brought to a halt the nation’s largest gasoline pipeline, crippling fuel distribution across the Eastern United States, all the way from New York to Texas. Every sector of the economy, from energy to healthcare to education, faces regular cybersecurity threats from increasingly sophisticated criminals and hostile state actors. Even the cybersecurity of Wisconsin’s dairy industry has been compromised, causing a shortage in cream cheese. It is truly a never-ending battle, and 2022 marks a new chapter in the story of cybersecurity. Let’s see what we can expect around the corner.
When famous bank robber Willie Sutton was asked why he robs banks, he is said to have replied, “because that’s where the money is.” It’s been 70 years since his apprehension, and criminals still seem to be operating on the same logic. Last year the financial sector was the most affected by phishing attacks, absorbing nearly a quarter of all such attacks combined. SaaS and webmail followed at a close third, just behind social media hijackings.
Like all forms of social engineering, phishing is an enduring method of attack, because phishers understand the weakest part of any security system is the human component.
These attacks will continue for years to come, but their effectiveness may wane. Society is developing an immune response, it seems, as younger generations show greater resilience against phishing attempts. Older workers still exhibit a high susceptibility to phishing emails, but diligent training from IT teams with simulated phishing attacks can help keep a workplace vigilant.
The federal government has been warning private operators of critical infrastructure for years about the threats to their operations. Even the aforementioned Colonial Pipeline was warned by the Department of Homeland Security that it was being targeted by cyber criminals months in advance of the line’s shutdown. This was a preventable attack, and one that prevailed because the company hung on to an inactive VPN with stolen login credentials that could have been deprecated by password updates, two-factor authentication (2FA), or hygienic deletion of old accounts.
But of course, every attack is preventable. And inevitably, an attack will be successful. At which point, companies need to be prepared and resilient. If a business finds itself the victim of a ransomware attack, it needs to have in place a business continuity plan (BCP): a comprehensive set of rehearsed and documented strategies to keep essential services working until full capabilities have been restored.
Ransomware attacks are designed to put pressure on the victim and make them sweat until they pay up. The better your business is prepared for such an attack, the more time you’ll have to recover and avoid paying the ransom. BCPs will be of growing importance as more vital businesses find their operations threatened by ransomware.
When ransomware sweeps through a network, it encrypts all the data it touches, making it irretrievable until conditions are met. Worse still is the threat of deletion. This infection can also spread to backed up data if the information is not sufficiently protected.
Magnetic data tapes have seen a resurgence in recent years as the large-volume storage medium of archival data. Besides its low cost per gig, data tapes have the added benefit of being isolated from network connectivity and free from the nefarious meddling of would-be attackers. Though the technology is quite old, it hasn’t grown stale. Newer iterations of tape decks speed up the backup and retrieval processes, making a labor-intensive storage medium more accessible to the daily or weekly tasks of archiving.
Believe it or not, the company car could be the next victim of a cyber attack. Just as ransomware can encrypt company data, rendering it useless until the company ponies up some cash, physical assets can be taken out of play too.
Just a few years ago, cybersecurity researchers demonstrated that essential vehicle controls could be hijacked via an entry point on a wifi signal broadcast from the car’s tire pressure monitor. Since then, automotive manufactures have addressed many vulnerabilities that have been raised, but many still remain.
As vehicles become more computerized, companies need to consider selecting vendors for fleet vehicles that have demonstrated aggressive, preventative thinking on hardening vehicle electronics. This is especially true for electric vehicles whose batteries may provide a future target for clever cybercriminals. Even charging stations have been identified as a potentially vulnerable spreading point for a theoretical car virus.
This is an emerging frontier in the unending cyber war, and enterprises with large fleets will want to posture themselves for readiness, maintaining conversations with suppliers about diligent security updates to electric cars.
Taking Work Home
By now everyone with the luxury of working from a keyboard has spent the past two years writing emails in their pajamas. Despite the benefits of remote work, it creates security vulnerabilities that can leave a company’s data open to malicious attacks. New controls will need to be imposed to ensure data integrity—that data is being transmitted over appropriate, secure channels and that it isn’t being observed by inappropriate parties. For instance, many in the national security realm were able to adapt by working via VPN but were still obligated to handle sensitive, cleared material in person in the office.
Some of these challenges will be mitigated as people return to the workplace. But of course, different companies are striking different balances, and remote work looks like it’s here to stay in one fashion or another. Cyber criminals aren’t stupid, and you can expect their strategies to adapt to the expectation that sensitive work-related data doesn’t just live in a company’s servers; it’s also in the employees’ homes.
Foreign powers are relentlessly mustering the next barrage of cyber attacks on our governmental and corporate entities, and we do the same in return. Operate at a certain scale, and your organization will find itself a target (whether passively or actively) of data theft, espionage, or other state-driven cyber crimes. Companies working in sectors of critical infrastructure, such as energy or healthcare, are receiving more frequent and more complex attacks every year.
In 2018, the U.S. government got into a bitter spat with Chinese electronics firm Huawei that entailed allegations of corporate spying, hardware-level cyber espionage, network infiltrations, data theft, sabotage—the list goes on. Partially at issue was whether the chip manufacturer had embedded backdoors into its hardware, potentially enabling the company to collect undetectable packets of information from its customers. While many questions remain unanswered, the event highlights the uncertainty behind purchasing large volumes of computer hardware from competitors on the geopolitical stage.
The lines between state and non-state actors are not always clear, and in many cases hackers conduct their work proceeds with state sponsorship and training. Many attacks were powered with open-source tools with government origins. As the cybersecurity arms race escalates, companies will need to adopt greater access control measures, advanced authentication techniques such as 2FA or passwordless authentication, and zero trust policies to protect data and services from foreign threats.
Read next: Best Vulnerability Management Tools