A new year, a new set of cyber threats. Are you prepared? The only thing we know for sure is that cybercriminals will never stop.
In this article, we’ll briefly summarize some predictions for security threats for the coming year and one thing you can do to prepare.
Supply Chain Vulnerability
If 2021 was any indication, the supply chain will be hit and hit hard in 2022. From AccessOne, “There were several prominent supply chain attacks in 2021, including the SolarWinds, Codecov, and Kaseya attacks. In a supply chain attack, cybercriminals can breach one system and infect all the companies that communicate with the breached system. Given the success of these attacks, experts anticipate that the number of supply chain attacks will increase in 2022.”
The Cyber Cold War Heats Up
China, Iran, Korea? Yes, they are coming after your software and systems. From Security Week, “Government-backed hackers linked to North Korea and Iran will aggressively target poorly protected organizations with malware capable of siphoning billions of dollars.” Also, “Chinese hackers continue to show off technical brilliance at exploiting the most modern software products.”
It’s not just money they’re after either. From TechRepublic, “More nation states and groups operating on their behalf will continue to try to destabilize rival countries and governments. Terrorist groups and activities will take advantage of better infrastructure and greater technological capabilities to launch more sophisticated attacks.”
The Cloud Will be Under Attack
That the cloud will be under attack is not new for 2022. What is new is the way hackers have evolved and what they are targeting in the cloud, in this case, microservices From AccessOne, “Microservices are becoming the most popular method for application development, and the move to the cloud is increasing the opportunity for cybercriminals to find vulnerabilities in those microservices. This opportunity will increase the number of large-scale attacks that target CSPs.” Are your cloud-based microservices secure?
A Shortage of Expertise
The increase in cyber threats will continue to outpace the availability of security experts required to address those threats. Some of this is due to insufficient cyber training, but some will be due to resignations. From Security Week, “Weary and overworked from all the major cybersecurity crises, skilled practitioners will continue to resign en-masse, leaving security programs struggling to fill important positions. The lingering exhaustion from the SolarWinds/Kaseya/Log4j incidents, combined with pandemic-induced anxieties, will cause the ‘great resignation’ to hit harder as director-level staff joins the exodus. By the end of 2022, the cybersecurity skills shortage will reach critical levels with no real relief in sight.”
In response to this shortage, it’s only natural that organizations start to outsource more and more of their security operations. According to Spear Tip, “2022 will be the year of Security Operations Centers as a Service (SOCaaS). The current reality is that global conglomerates, small businesses, and every venture in between is increasingly susceptible to cyberattacks every day they operate. Most organizations do not have the staff, technology, or finances available to monitor all endpoints 24/7 with Incident Response experts.”
Summary and Response
So, the supply chain is vulnerable, the cloud will be under attack and many organizations will not have the personnel to respond. What are your options?
If your organization develops software and/or deploys systems in the cloud, you have a simple two-step plan: identify the threats and mitigate the threats. And one of the best ways to do that is with threat modeling. Threat modeling not only identifies and mitigates threats, but it does so before deployment, so you don’t have to learn about vulnerabilities the hard way.
Perhaps you like the idea of threat modeling but don’t have the in-house expertise. That’s where ThreatModeler comes in. ThreatModeler is as close to one-click threat modeling as there is. No expertise is required. See a live demo and learn how you can easily prepare for the cyber threats of 2022.