Cybersecurity Trends to Prepare for in 2022

  /  ICS Security   /  Cybersecurity   /  Cybersecurity Trends to Prepare for in 2022
cybersecurity

Cybersecurity Trends to Prepare for in 2022

Recap of Cybersecurity and Cyber Attacks in 2021

Dare I say that the past year has been…drumroll…unprecedented…in the realm of cybersecurity and cyber attacks? 

Here are some statistics to showcase what the industry has endured over the past 12 months:

  • With the trends over the previous year, ransomware costs are expected to reach $265 Billion by 2031, with a new attack happening every 2 seconds.
  • The first half of 2021 amounted to $416 million in ransomware costs, which is more than the entirety of 2020.
  • An alarming 97% of businesses have been impacted by a cybersecurity breach in their supply chain this year, and 93% admitted that they have suffered a direct breach because of weaknesses in their supply chain.
  • This year, IoT devices suffered an average of 5,200 cyber attacks each month.
  • In general, cybercrime is up 600% as a result of the COVID-19 pandemic, representing the greatest transfer of economic wealth in history.
  • According to IBM, it currently takes a company 197 days to discover a cybersecurity breach and up to 69 days to contain it. 
  • Companies that were able to contain a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days. 

To supplement our year-in-review, it’s also important to make note of the most impactful cyber attacks experienced to properly pivot our efforts in making improvements for a safer 2022.

The Top 5 Cyber Attacks of 2021

1. CNA Financial

One of the largest insurance companies in the U.S., CNA Financial Corporation, was forced into paying $40 million in March to regain control of its network after a ransomware attack. The cyber criminals used malware called Phoenix Locker, a variant of ransomware called ‘Hades’, originally created by a Russian cybercrime syndicate known as Evil Corp.

2. Colonial Pipeline

Colonial Pipeline had to pay a $5 million ransom after Russian-based bad actors from a group called “DarkSide” breached their IT network, essentially halting fuel deliveries up and down the East Coast.

3. JBS USA

JBS USA, the globe’s largest meat processing corporation, paid nearly $11 million in bitcoin after suffering a cyber attack that hacked their network, shutting down operations in Australia, Canada, and the U.S. 

4. Kaseya

Kaseya fell victim to a cyber attack in early July, facing hackers that took advantage of a vulnerability in their software against multiple managed service providers (MSPs) and their customers. It was estimated that nearly 1500 small to medium-sized companies experienced this compromise through their MSP. 

5. Brenntag

In April, German chemical distribution company Brenntag suffered the effects of another DarkSide ransomware attack, targeting its North America division and resulting in 150GB of stolen and irretrievable data.

Onward and Upward: What We Can Do Better in 2022

Here’s what our team of cybersecurity experts is predicting to be the top trends in the cybersecurity landscape for next year as we reflect on these past events around the industry. 

Security Monitoring

Many cyber attacks over the past 12 months occurred with too long of a time for the breaches to be contained or even identified, leading to an extended service disruption for customers. Reputations, bottom lines, and resources are negatively impacted with each minute that a breach goes undetected.

In 2022, it’s finally time to beat the bad actors to the punch. With software security and vulnerability monitoring, you can get ahead of vulnerabilities that can leave doors wide open for cyber criminals to take advantage of. Software scanning technologies are allowing software to pass tests while 50% of vulnerabilities and weaknesses in code are still present. This ratio should be left behind when the ball drops on New Year’s Eve.

The solution? A way of reliably and accurately monitoring the health and stability of systems while they’re running so that you can flag failures or potential attacks before disruption of service occurs.

RunSafe Security has developed a technology that indicates instability and unreliability that most technologies in 2021 have missed. Alkemist:Flare delivers a bright, real-time indicator of application failures related to cyber attacks and software weaknesses.

Immediately get insight into the events that are causing system reliability issues, performance degradation, service availability risk, and attack vectors that lead to disruption in service. This gives you the opportunity to fix code weaknesses, report vulnerabilities to software vendors, build additional layers of protection, and share telemetry data to security operations for automated responses or detailed research before today’s most talented attackers get the upper hand.

It will be more than essential to ring in the new year with reliable monitoring technologies implemented.

Embedded Device Security

The Internet of Things (IoT) is made up of billions of connected devices, with that number only growing as we move into 2022. 70% of these devices currently contain vulnerabilities. What does this mean for the world’s cyber criminals? An enticing, growing attack surface to infiltrate. DDoS, buffer overflow, memory corruption, and zero-day attacks are just around the corner for critical industrial, commercial, medical, military, and consumer targets alike. 

But not with a New Year’s resolution that includes a method of built-in security equipped to significantly reduce this IoT attack surface. RunSafe Security enables complete software immunization for embedded devices, without having to affect source code. For new devices, Alkemist:Code technology can be embedded directly into the build process with native Yocto and RTOS implementations, securing mission-critical components. 

Open Source Software Security

Using open source software in today’s world is certainly not uncommon, as it has become an integral part of any software development effort. But there’s a major problem: Even with as long as open source software stacks have been around, many vulnerabilities still exist as we step into 2022, leading many to believe that it’s inherently insecure.

It’s past time to effectively mitigate these risks. Organizations can now fix insecure code directly, while also leaving developer friction and performance degradation in the dust. 

Alkemist:Repo, a pre-hardened software file that seamlessly replaces the original open source repo, can be deployed within open source software with security built-in to keep your software secure. The images are functionally identical, but logically unique, requiring no user rework or additional configuration changes outside of changing a file pointer.

Cloud Workload Security

It’s likely no surprise to you that the growth of cloud computing, workloads, and infrastructure only continued to grow over the past year, expanding the levels of complexity in both the number of players and the services they offer. It’s become even more difficult to maintain visibility and control over multiple workloads within a single enterprise. Old-school approaches of scanning and patching on post-deployment timelines are putting an unmanageable amount of pressure on security teams.

RunSafe’s Alkemist technology adds a layer of protection within cloud workload code that proactively protects against both known and unknown vulnerabilities, giving enterprises the ability to experience the full potential of using the cloud—agility, flexibility, and the opportunity to devote more resources to a new product or feature development.

A Final Reflection

2021 was indisputably a whirlwind in the realm of cybersecurity. When this time comes around next year, I’d expect the discussion to be largely focused on how we did to improve security monitoring, as well as security for embedded devices, open source software, and cloud workloads—the trends to be on the lookout for as 2022 approaches.

Orginally this article was published here.

About RunSafe Security 

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices. With the ability to make each device functionally identical but logically unique, RunSafe Security renders threats inert by eliminating attack vectors, significantly reducing vulnerabilities and denying malware the uniformity required to propagate. Headquartered in McLean, Virginia, with an office in Huntsville, Alabama, RunSafe Security’s customers span the critical infrastructure, IIoT, automotive, medical, and national security industries.