As 2021 winds down, it’s time for cybersecurity experts to toss their runes and forecast what’s in store for consumers and practitioners in the coming year.
Cybercriminals will move from identity theft to identity fraud, predicted the Identity Theft Resource Center in San Diego.
Bad actors are accumulating personal identifying information, but they’re not using it to target consumers as much as they used to do. Rather, they’re using it in credential attacks on businesses, explained the nonprofit organization devoted to minimizing risk and mitigating the impact of identity compromise and crime.
The increase in fraud will lead to another development in 2022: consumers withdrawing from certain kinds of online activity, the ITRC predicted.
“The continued improvement in ease and quality of phishing attacks will force some consumers to rethink online purchases and change communication habits for fear of falling prey to perfectly spoofed emails, websites or text messages,” the ITRC explained in a news release.
“Some people are likely to disengage entirely from emails because they believe the risk is too great,” it added. “That could lead to a return of ‘old school’ communications like telephone and postal mail.”
Malware in Decline
The center also predicted that malware will level off as a root cause of data breaches in the coming year and revictimization rates will grow.
Ransomware may catch up or surpass phishing-related breaches as the number one cause of data breaches, it noted, while supply chain attacks will pass malware as the third most common root cause of data breaches.
Consumers victimized by online fraudsters multiple times continued to grow in 2021and that trend will continue in 2022, the ITRC observed.
“Single incidents that target multiple individuals or organizations will impact greater numbers of victims across communities and geographic areas,” the center predicted.
“Social media account takeover, in particular, will leverage the followers and individual networks to create new chains of victims,” it added.
Another attractive area for digital bandits in the coming year will be cryptocurrency scams, according to Lookout, a San Francisco-based provider of mobile phishing solutions.
It cited Federal Trade Commission numbers that showed from October 2020 to May 2021, consumers reported losing US$80 million in cryptocurrency investment scams, with a median loss of $1,900. That’s 12 times the number of reports from the previous year, Lookout noted in a company blog.
“As cryptocurrency accounts are not government-insured like U.S. dollars, and cryptocurrency payments are not reversible, the risk to consumers is particularly high,” it explained.
“With people adopting crypto at great speed, scams will continue to grow in sophistication, prevalence and value as bad actors work to trick people into giving away their currency,” it added.
Home Networks Targeted
Another development in 2022 will be the greater use of home networks as infrastructure for hackers, predicted Ilia Sotnikov, vice president for user experience and security strategist at Netwrix, maker of a visibility and governance platform for cloud environments in Irvine, Calif.
“A home network is much easier to infect with malicious software than a professionally secured enterprise IT environment,” he told TechNewsWorld.
“With processing power and bandwidth connectivity in residences increasing, home networks will become more attractive to bad actors,” he said.
“For example,” he continued, “by infecting many devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, thwarting common defenses like IP blocking and DNS filtering.”
Sotnikov also predicted that there would be more attacks on Managed Service Providers. “Attackers have seized upon a very effective strategy for getting access to large organizations — through the relatively weaker IT infrastructures of SMBs that provide them with services,” he explained.
“Accordingly, managed service providers will need to increase both the breadth and depth of their security measures, since many SMBs rely upon them for their security,” he said.
Growth of Zero Trust
On the enterprise level in 2022, securing hybrid clouds will become a C-suite imperative, maintained Nicholas Brown, CEO of Hitachi ID Systems, an access governance and identity management company in Calgary, Alberta, Canada.
He also predicted that Zero Trust networks — which require continuous authentication and monitoring of network behavior — will saturate hybrid cloud security infrastructures.
“Traditional VPNs and perimeter-based security are on their way out, making a case for Zero Trust networking to continue expanding and dominate hybrid cloud security conversations,” he told TechNewsWorld.
“With the increased implementation of SaaS, the composition of organizations’ networks is more vulnerable to attack, heightening the need for parameterless protection like a Zero Trust architecture,” he added.
As Zero Trust expands in the coming year so, too, will be the use of Identity Access Management systems, maintained Michael Bunyard, head of IAM marketing at WSO2, an open-source integration vendor in Santa Clara, Calif.
“CISOs will put IAM as a cornerstone of their zero-trust security initiatives, particularly for cloud-native organizations,” Bunyard told TechNewsWorld.
“While there is no single solution that will make Zero Trust a perfect reality, IAM is the needed start that will kick off proper cybersecurity hygiene when developing applications, managing remote workers and controlling IoT deployments,” he said.
Democratization of Security
Another development in 2022 will be the increased importance of security at the edge of the enterprise, predicted Jennifer Fernick, global head of research at the NCC Group, a cybersecurity consulting firm in Manchester, UK.
“As IoT devices proliferate, it’s key to build security into the design of new connected devices themselves, as well as the AI and ML running on them,” she told TechNewsWorld.
“Taking a cyber-aware approach will also be crucial as some organizations begin using 5G bandwidth, which will drive up both the number of IoT devices in the world and attack surface sizes for IoT device users and producers, as well as the myriad networks to which they connect and supply chains through which they move,” she said.
An overarching development in the enterprise domain next year will be the further democratization of security.
“The tradition of having a single identity or security administrator is rapidly diminishing,” Bunyard observed.
“Democratization of security will take place, ensuring that everybody within an organization is familiar with security best practices and is able to do their own part to prevent a security breach,” he continued.
“No longer will anyone be able to say security ‘is not my job.’ Developers, in particular, will have to wear multiple hats as the tech skills shortage intensifies,” he said.
“That also means that cybersecurity will need to make its way into coding curriculum to give new software engineering grads more security skills,” he added.