As we ease into 2022, many of the uncertainties that shaped 2021 remain. The cybersecurity challenges that accompanied the pandemic have persisted, as hybrid remote workspaces have become a way of life. And through it all, the threat landscape continues to evolve, as innovations in cloud computing and other arenas open up new threats.
The fallout from attacks like the SolarWinds supply chain incident and the Colonial Pipeline breach was all over the headlines in 2021. These served to demonstrate just how successful attacks of this nature can be, and as such, we can expect much more to come. In part 1 of our 3-part series, we make a few predictions.
Supply chain complexity and vulnerabilities grow.
The SolarWinds breach was based on malware in a software update that had gone undetected. However, securing software isn’t easy in fast-paced DevOps-driven organizations. That’s because most workflows are all about pushing deliverables out fast, rather than security by design. As development processes and supply chain for devices become more complex, the attack surface will only grow.
The good news is best practices like code signing can help companies bake security into each stage of the development process. They can take control of development and confirm the integrity of code before it moves further along in the development cycle and out to production environments and customers. Awareness of the dangers of key sharing and inspecting code along each step of the development cycle, as well as preventing tampering after signing, will go a long way to secure code. Setting up a software bill of materials (SBOM) can also provide visibility into code sourcing, tracking all the components that make up a software app.
Cyberterrorism will embolden bad actors.
Cyberterrorists demonstrated their potential to paralyze infrastructure in events like the attacks on the Colonial Pipeline and the Oldsmar water treatment facility in Florida. The Florida incident could have had serious consequences, as the attacker was attempting to poison the city’s water supply.
New opportunities are emerging all the time, limited only by attackers’ imaginations. High-profile technology environments such as private space launches and elections could prove inviting targets. Public and private organizations that are vulnerable to cyberattacks will need to redouble their focus on a zero-trust approach to security.
Ransomware will continue to expand its reach.
Ransomware attacks impacted a diverse array of industries in 2021, including health care organizations, technology companies and automotive manufacturers. Like cyberterrorist events, ransomware attacks often attract heavy press coverage, which can further encourage bad actors seeking publicity. Ransomware attacks will continue to escalate, especially as the use of cryptocurrency expands — and makes ransom payments harder to trace outside the banking system.
What else does 2022 have in store? Stay tuned.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!