As we look ahead to 2022, we should pause to reflect on the trends of the past year. Ransomware and supply chain attacks have become two of the top concerns for organizations following a series of high-profile attacks, such as those conducted against Colonial Pipeline, SolarWinds and Kaseya.
In 2021, our Project Memoria revealed close to 100 different vulnerabilities in common TCP/IP stacks, affecting hundreds of operational technology (OT) vendors. Given that TCP/IP stacks are foundational pieces of software that implement basic network communications for all IP-connected devices, we expect to see this area of vulnerability continue.
With ransomware, supply chain attacks, operational technology and connected devices as the most top of mind, here are the six most relevant cybersecurity predictions for 2022.
1. An Increase in Ransomware Attacks Leads to Increased Regulation
Ransomware has been filling the headlines for the past few years, and attack statistics keep going up, so there is no reason to believe this trend will reverse any time soon. Malicious actors will continue to find new vulnerabilities to exploit – they are almost certainly looking at operational technology and IoT devices as targets after witnessing the impact of the Colonial Pipeline ransomware attack.
Conversely, after witnessing the impact of the Colonial Pipeline ransomware attack, the U.S. government has been spurred into action. President Biden issued an Executive Order on Improving the Nation’s Cybersecurity and a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, but industry regulation has been voluntary.
As a result of these national conversations, cybersecurity will enter into the highest levels of discussion from the White House to boardrooms. Consequently, many industries and organizations will see a major cybersecurity hiring push to make sure they have the resources they need both to implement protection across IT/IoT/OT networks and to report cybersecurity incidents as needed.
2. Attackers Return to Connected Devices and IoT
Attacks tend to be cyclical. As organizations rush to respond to the latest threats by implementing the newest solutions, attackers respond by turning their attention to less-protected attack surfaces. Attackers currently enjoy having a wider attack surface to exploit as a direct result of employees working remotely without the proper network and device protections in place.
Additionally, operational technology, connected devices and IoT tend to be less protected than most IT environments. For example, the Mirai botnet was able to launch the largest DDoS attacks in history by compromising IoT security cameras. Likewise, highly motivated ransomware groups could seek to compromise critical connected devices, such as medical systems, with a denial-of-service attack in addition to data encryption.
These expanded attack surfaces require new compliance mandates and security initiatives to protect these critical ‘things’ on critical networks. IT and security leaders will re-evaluate their IT assets and security postures for attack surface reduction and management, both internally and through third-party vulnerabilities. This should manifest as increased adoption of zero trust security strategies.
3. The Cybersecurity Skills Shortage Drives the Acceptance of Automation
There has been a notable and ongoing skills shortage in IT security, which is even more drastic for OT security. Very few professionals or college curriculums focus on OT cybersecurity, and that will take years to fix. As a result, enterprises will need to rely on more automation in their decision-making, including a heavy focus on visualization and analytics of all available data.
With the growing market of data analysis and incident response solutions, the challenge in 2022 will shift from technology to management processes for efficient incident response. Many organizations may lean into sharing their SOC capabilities with managed service providers (MSPs) to help bridge the gap of this cybersecurity skills shortage.
With so many point solutions in place but so few people to manage them, enterprises have been struggling to incorporate enterprise-wide cybersecurity. For that reason, in 2022 there should be a shift away from stand-alone cybersecurity solutions toward platform-based solutions or tools that easily integrate with others.
4. IT/OT Convergence Demands Greater OT Asset Visibility
As more organizations become aware of the cybersecurity risks for operational technology, Chief Information Security Officers (CISOs) will begin taking accountability for OT cybersecurity in 2022. CISOs are already leading these conversations in mature organizations, so we expect the rest of the world to follow their way in 2022 – it will be mandated by senior leadership.
An enhanced focus on OT asset visibility will lead to the greater use of software bills of materials (SBOMs) – a list of all the components in software. With the many ongoing initiatives and government oversight for cybersecurity in critical sectors, SBOMs will be instrumental in providing transparency for software. There are already a handful of commercial options for production, maintenance and consumption use cases of SBOM. It represents a natural expansion of the asset visibility capability wherein visibility is not only on devices but also their components.
5. A Path to Zero Trust
As the demand for zero trust solutions reaches an all-time high, security vendors have been capitalizing on the hype. Hundreds of vendors have been making claims about their zero trust capabilities even when they provide little-to-no actual contribution to the architecture. This demand will continue into 2022 with executive and board-level pressure to implement zero trust, but most organizations will have to sift through much more noise to determine which solutions can actually help them.
At a more granular security operations level, enterprises will prepare to contain or isolate security breaches in sensible timeframes (WRT/TTR). To do so, they will enable security and network control orchestrations based on dynamic policies that get triggered through correlation of real-time insights from various data sources.
A primary challenge organizations need to overcome is that more solutions focus on policy enforcement point (PEP) instead of policy decision point (PDP), which means organizations lack the macro-level insights they need to enforce their security policies. Furthermore, agent-based zero trust PEP solutions cannot typically be deployed across all connected devices, leaving large swaths of the network isolated from a zero trust architecture.
6. Supply Chain Vulnerabilities Remain a Focus
After the huge impact of the SolarWinds and Kaseya attacks, 2022 will see more supply chain attacks in which malicious actors target a service provider to gain access to several –up to thousands – of their customers simultaneously. This may include attacks initiated by private criminal entities or by nation-states.
Security researchers and software vendors will continue to find widespread vulnerabilities affecting fundamental components in the software supply chain. TCP/IP stacks and Real-Time Operating Systems (RTOSs) have been the main target for the past few years, but there could also be an enlarged focus on common implementations of application-layer protocols and industry-specific SDKs, such as for IoT connectivity, wireless protocol stacks and libraries used in OT devices.
Organizations will need to adapt quickly to the expansion of cybersecurity threats in 2022, particularly to protect critical OT infrastructure. As hybrid work has clearly become the norm across industries and more OT devices connect to corporate networks each day, IT and OT security leaders will need to consolidate teams, policies, tools and reporting to both protect their organizations and to comply with the inevitable flood of new regulations coming down the pike.
To learn more about the work of our research team, please visit the Forescout Research Labspage.