Cybersecurity forensics teams are obsessed with the past. Only by finding out the minute details of an incident, from start to finish, can organizations develop effective strategies for ensuring a repeat event doesn’t happen. Sometimes this requires them to go back in time months, to the point when threat actors made their first moves. In a similar way, reviewing the previous 12 months of big-picture cybersecurity trends can help IT and security leaders better formulate a strategy for the coming year.
It’s even more important at a time when the threat landscape is moving at a record pace following the once-in-a-generation events of 2020. In short, there’s no time to relax. So here are five of the key trends we’ve seen over 2021 which are likely to bleed into the coming year.
- Supply chains under attack
Accellion, Kaseya, SolarWinds: the past 12 months witnessed a surge in digital supply chain attacks designed to cause maximum damage for minimum effort. Threat actors have become increasingly adept at probing for weaknesses in third-party organizations to get what they want. Accellion and Kaseya were the work of the ransomware groups now rivaling small nation-states in their capabilities and revenue. SolarWinds was attributed to Russia. No matter what the source, organizations must find ways to better vet these supply chains, manage the risks, and put additional controls in place where necessary.
One October report claimed 93% of global organizations suffered a direct supply chain breach over the previous year—with the average number of breaches surging 37%. It’s time to take action.
- Ransomware everywhere?
Just how bad was 2021 for ransomware? The simple answer is: it depends on which vendor’s figures you believe. Some boasted triple-digit growth year-on-year. Others claimed a reduction in overall volumes but warned that attacks are becoming more targeted. One under-reported fact is that most attacks hit not the big-name oil pipelines, food supply chains, and IT companies that make the headlines, but regular SMBs. The costs associated with downtime can cripple these smaller organizations, notwithstanding ransom demands.
Yet according to Gartner, over 90% of attacks are preventable. Developing the people, process, and technology to follow industry best practices should be a priority for every organization in 2021. And with insurers now reducing coverage levels and mandating some of these best practices, there’s hope that the bar will be raised significantly in the coming year.
- From remote work to hybrid work
We all know the story of 2020. Mass remote working and digital investment led to an explosion in unmanaged endpoints, poorly secured and misconfigured cloud infrastructure, and distracted employees, which the bad guys ruthlessly exploited. So what was new in 2021? On the one hand, more of the same. Digital transformation continued apace, while remote working began to segue into hybrid working. The good news is that organizations have had time to plan their security response. The bad: hybrid working will present even more opportunities for attackers.
Reducing the attack surface will therefore be a key task going forward—whether it means improving security training or buying cloud security posture management and web app firewall technologies. Many attack techniques haven’t changed a huge amount over the past 12 months. So IT security leaders can’t say they weren’t warned.
- Skills shortages are falling, but more must be done
The good news from 2021 is that persistent cybersecurity skills shortages appear to be declining. The global figure fell to 2.7 million professionals, the second year in a row it shrunk. This was largely ascribed to 700,000 new recruits to the sector over the year and lower demand from APAC, where economic recovery has been slow. If it continues to fall and government efforts to improve the talent pipeline from education-to-work succeed, it could help firms battling staff shortages on the cyber front line.
However, long term there are concerns. The size of the global workforce is still 65% below what it needs to be, and demand from North America and Europe remains as high as ever, especially in areas such as cloud security. There are also concerns over persistent discrimination and career development opportunities for women and minorities, at least in the UK.
- Emboldened nation-states inspire organized criminals
Nation-states appeared to pump more resources than ever into campaigns over the past year. The SolarWinds attacks set the tone for 2021. Over 1000 government operatives are said to have worked on the campaign, which led to the breach of nine US government departments. It’s not just the traditional duo of China and Russia that caused problems in 2021, but also North Korea, Iran, and many smaller states accused of using off-the-shelf spyware to target journalists, activists, and politicians.
Perhaps most concerning is that state-backed efforts are increasingly inspiring financially motivated cybercrime. The Hafnium attacks in March which exploited four zero-day bugs in Microsoft Exchange Server were soon picked up by more than 10 APT groups. And the Kaseya supply chain ransomware attack appeared to use similar tactics to SolarWinds. Increasingly the lines between state spying and organized crime are blurring. One report claimed half (50%) of nation-state attacks now feature low-grade tools bought from the cybercrime underground. And over half (58%) of experts believe it’s becoming more common for governments to recruit cyber-criminals for their own campaigns.
Where this leads is anyone’s guess. But whatever happens, 2022 is set to be another crucial year for corporate cybersecurity leaders.
Phil Muncaster compte plus de 12 ans d'expérience en tant que rédacteur et éditeur dans le domaine de la technologie. Pendant sa carrière, il a contribué à quelques grands titres du secteur, notamment Computing, The Register, V3 et MIT Technology Review. Après une immersion d'un peu plus de deux ans au cœur de la scène technologique asiatique à Hong Kong, il est de retour à Londres, où il s'intéresse désormais de près à la sécurité de l'information.