Supply chain, ransomware and cyberterrorism attacks will only escalate in 2022

The cybersecurity industry faced some of the most audacious attacks ever seen over the past year, with the likes of SolarWinds and the Colonial Pipeline breach at the start of 2021 becoming headlines in mainstream news around the world. Additionally, world events such as the invasion of Ukraine by Russia will only increase the attack surface for future cyber threats.

The incidents have raised the profile of software supply chain threats as yet another vector for malware to infect even more critical systems as the objectives of hackers rides an increasingly thin line between theft and cyberterrorism.

The mainstream headlines may have slowed but the threat from hackers is only accelerating. Attackers have been emboldened by these significant attack events as well as the growth in attack surface created by an increase in ‘work from anywhere’ arrangements, accelerated by the COVID-19 pandemic.

Ironically, we can draw parallels between how society has managed its response to the COVID-19 pandemic and some of the best organisational responses to major incidents of the past year.

Preparations like vaccination and wearing masks, for example, all work together to decrease your chance of being compromised. We prepare on the assumption that COVID will be “everywhere we go”… enterprise security must approach ransomware in precisely the same way. It is everywhere, and preparation is essential.

Every enterprise needs a plan and needs to know it can execute on the plan it has made. The second part is as important as the first if we are to ensure we have confidence in our security posture and are ready to minimise harm should an attack make it past our defences.

Let’s take a closer look at the big three areas of concern for the year ahead and how to be considering preparation in an enterprise environment.

Supply chain vulnerabilities

From SolarWinds to Log4j — and the many other examples we should simply assume we haven’t heard about yet — it’s clearer than ever that supply chain visibility is critical when it comes to safely and effectively managing enterprise operations.

Often, securing your DevOps supply chain is a balancing act. The fast-paced nature of today’s workflows to meet deliverables combined with the demands of complex security management is no easy feat.

But by holding to key security principles, even the fastest environments can minimise risk and feel prepared for unexpected surprises. Best practice such as code signing, for example, can play a vital role in baking security into each stage of the DevOps process by confirming the integrity of code before it moves through the development cycle and out into production.

Setting up a software bill of materials (SWBOM) can also provide transparency around where code is sourced. Together, steps like these can provide greater awareness of the full lifecycle of your software’s code, where risks lie and the assurance that steps have been taken to prevent tampering after signing.

Ransomware is only expanding its reach

Ransomware is moving rapidly beyond commercial enterprise targets and into healthcare, law enforcement, manufacturing, and even the NBA. Ransomware attacks often attract a great deal of press coverage and for many criminals that publicity can be its own motivation. We expect ransomware attacks will continue to escalate, especially as cryptocurrency grows and expands into more mainstream areas that make it easier for criminals to demand ransom payments in crypto and filter their funds into near-untraceable forms of currency.

Cyberterrorism emboldens bad actors

From paralysing the Colonial Pipeline to an attempt at poisoning the Oldsmar water treatment facility in Florida, cyberattacks on critical infrastructure show the deep connection between digital systems and real-world effects. As the imagination of attackers grows and the reasons for attempting attacks moves beyond financial gains and into geopolitical conflicts, preparation must include attacks that have purely destructive goals in mind.

Initiatives such as a zero-trust authentication stance becomes more important for any organisation, public or private, that contains any risk that could lead to spectacular cyberattack outcomes.

For all of the above risk areas, the same fundamentals apply. Knowledge and planning are essential.

You must understand every facet of your environment. Know where your assets are, know where your risks lie, and know your plans and how you will execute on your plans in the event of an incident. For public key infrastructure, knowing where your certificates are is extremely important, and ensuring you can manage them under one umbrella can be critical amid any crisis.

If you are yet to explore security automation, 2022 might be the right time to begin that part of your journey. The more security that can be automated in your DevOps cycle, the fewer points of risk and failure you have to manage elsewhere.

In 2022, risks are only rising. Preparation management and monitoring the shifting landscape is the only path to a confident stance for enterprise security in the year ahead.

Image credit: ©stock.adobe.com/au/Maksym Yemelyanov