IBM’s Predictions for 2022
By Jennifer Gregory | 5 minute read
After the challenging year of 2021, we look forward to what’s next in 2022. Over the past two years, we’ve seen a tremendous shift in how consumers and businesses accomplish tasks with the continued shift to digital and cloud. As a result of disappearing perimeters and increased digital data, cybersecurity attacks have, not surprisingly, increased. How did cybersecurity trends change in 2021, and what will they do in 2022?
In 2022, we will continue to see the cybersecurity landscape evolve. To help you get ready for what’s ahead, we talked to four experts at IBM X-Force to get their predictions about what to expect in 2022 in terms of cybersecurity.
Nick Rossmann, Former Global Threat Intelligence Lead at IBM X-Force
Ransomware attacks will become more relentless in their quest to scale up revenue and do so fast. In 2022, we will start seeing more and more triple extortion ransomware, which is when a ransomware attack experienced by one business becomes an extortion threat for its business partner. Ransomware attackers won’t stop at extorting the victim organization for ransom. Instead, they will also extort its business partners whose data it holds or business partners who cannot afford the supply chain disruption.
In 2021, the world felt the brunt of supply chain bottlenecks due to COVID-19 restrictions. Cyber criminals recognize this and will seek to capitalize on our heavy reliance on supply chains, both on a consumer and enterprise level. Supply chains have many blind spots or cracks that attackers can take advantage of. Ransomware attacks will be a threat, not only to companies as individual entities but to their supply chains as a whole, making these types of attacks a top concern for the board.
The surge of cyberattacks coupled with the massive expansion of online accounts is creating a recipe for continuous disruption if we consider consumers’ current weak password practices. Weak passwords serve as a pathway to breaches, which then lead to new compromised passwords for attackers to use to execute another attack, creating a vicious cycle.
The maturation of artificial intelligence and biometric technology will present more and more options for consumers to rely on alternative forms of authentication to access their accounts. We’re already seeing this with Face ID, fingerprints or other forms of biometric authentication becoming a more common option from providers. Realistically, consumers can’t rely on remembering or managing 20+ different passwords, and many don’t use password managers. It’ll come down to convenience, and as more convenient forms of authentication become more secure, we will see more adoption.
With enterprises and consumers increasingly relying on blockchain for their supply chain management, digital transactions or even NFTs, we’ll begin to see attackers too turn to its legitimate use to stay under the radar for longer. In 2022, we’ll see blockchain become a more common tool used by cyber criminals to obfuscate their malicious traffic, avoid detection and extend attackers’ stealth, making it increasingly harder for defenders to discern malicious activity on the network.
With attackers’ focus now extending to cloud environments, amid the rise of Linux-based malware and container targeting, we will begin to see more companies opting to spread their data across multiple environments. Recognizing that not all data should reside on-premises or in clouds, businesses will shift more toward a hybrid cloud approach that can allow them to better manage and protect their data, placing proper security controls around critical data.
Charles Henderson, Head of IBM X-Force
For years, chief information officers and chief information security officers have been advocating for more security resources, often to no avail. But the growing momentum in government around security mandates will force businesses to allocate more resources to security in the coming years. In 2022, we will see security budgets recover and grow, amid businesses’ fear of regulatory fines and setbacks if mandatory security requirements aren’t met.
As governments around the world double down on cybersecurity regulations, businesses will need to navigate conflicting government expectations. While security mandates are an important step in creating a baseline cyber resilience standard, the regional nature of regulations will create adherence challenges to global businesses faced with conflicting security requirements. Not only will we begin to see organizations struggle to be compliant, but we will also inadvertently see mandates struggle to be effective.
More and more businesses are realizing that to build customer trust they must establish zero tolerance for trust in their security strategy. In 2022, we will start to see government and private industry scrutinize their trusted relationships more, and re-evaluate the ‘who, what, why’ regarding access to their data. Not only will we start seeing more auditing of user access, but application access to data as well.
Laurance Dine, Global Partner, IBM X-Force Incident Response
Law enforcement activation and government actions are putting pressure on ransomware syndicates. With recent ransomware group takedowns and indictments showing the full power and effect that law enforcement can have, in 2022 we will see cyber criminal groups shift more of their targeting to regions that do not have the security resources, defenses and government cyber strategy to stop them, observing an increase in attacks. Conversely, nations such as the US or UK may see a decrease in cyber crime incidents, amid attackers’ fears of drawing attention that places them at the center of law enforcement’s target scope.
Over the holidays, organizations worldwide slowed down and many found themselves in environment transitions, with some returning to pre-pandemic in-office models and others extending their hybrid workforce. These distractions create opportunities for cyber criminals to infiltrate networks without raising suspicions. As 2022 continues on, we will see breach disclosures and cyberattacks with initial compromise tracking back to early in the year.
Limor Kessem, Executive Security Advisor, IBM Security
Cloud will become the battleground for all types of attacks. With malware developers all racing to program in cross-platform languages, target Linux-based machines and opting for new and less familiar programming languages, the cloud is where everyone is going. It is not new that cyber criminals follow the crowds, but it is going to be more significant than ever in 2022.
Extortion is about pressure, and pressure is about leverage. In 2022, we are bound to see more pressure tactics applied by ransomware gangs, including encryption, data hostage situations and direct denial of service (DDoS) attacks. Any tactic that can paralyze operations will hasten the possibility of payment. But, with government efforts around limiting payment to ransomware gangs, and sanctioning cryptocurrency changes that facilitate it, companies may find themselves in a new situation. Unable to pay the ransom and looking to response operations, this can put disaster recovery – from all aspects – front and center of ransomware incident response.
With increasing sanctions on adversarial nation-states in 2021, the pressure on economically restricted countries will grow and give rise to more financially motivated attacks by advanced persistent threat groups.
All of the predictions from our experts point to the same theme – the increase in digital transformation and remote/hybrid work has changed both how attacks happen and how organizations can reduce their vulnerabilities. Organizations that continue using the same cybersecurity processes and tools are likely to struggle to keep their organizations. By proactively moving to a zero trust approach, organizations can build a strategy that works for whatever 2022 and the future hold for us.