The cybersecurity landscape is always changing (including the terminology and cyber security buzzwords), with cybercriminals devising ever-more sophisticated methods of attack and technology advances providing innovative ways for organizations to defend against cyberattacks. Ransomware, in particular, has been on the rise for several years and shows no signs of slowing in 2022. Today’s companies must remain aware of the latest attacks and stay up-to-date on the best practices for preventing ransomware attacks (there are of course a number of different ransomware virus examples) and other data breaches.
One way that companies can protect their business and financial interests in the event of a cyberattack is by investing in cyber insurance coverage. As companies become more aware of the vast threat landscape, more businesses are opting for cyber insurance coverage along with implementing proactive security measures to prevent attacks and manage ransomware risks.
To gain some insight into these and other cybersecurity trends that are top priorities for businesses as we head into 2022, we reached out to a panel of cybersecurity professionals and asked them to answer this question:
“What are the most important cybersecurity trends companies should be aware of, particularly around ransomware + cyber insurance, in 2022?”
Meet Our Panel of Cybersecurity Pros & Business Leaders:
Keep reading to learn what our panel had to say about the most important cybersecurity trends you should know in 2022 and beyond.
Ysrael Gurt is the CTO & Co-founder of Reflectiz.
“The introduction of digital coins to our lives has played a role in popularizing ransomware, as it complicates the money trail…”
In the past, financial transactions were heavily regulated, so criminals were caught by tracing them back. Nowadays, cyber-criminals use unregulated cryptocurrency to profit through extortion, as it is much easier to hide the money. This means it is critical for companies to ensure they are both protected technically and covered financially with insurance and the like.
A techie, blogger, and web developer with a passion for coffee, Patrick founded All Home Robotics in 2012 as a resource to provide aspiring techies with the tools and information needed to smartify their homes. Today he works alongside 4 creators and several freelancers.
“In broad terms, the use of ransomware attacks is primed to become…”
Only more widespread and aggressive as malicious groups leverage new ways to reach devices.
One specific trend we’ve seen as of late is the onset of gangs spreading ransomware obtained through Ransomware as a Service (RaaS) associates. This spells bad news for law enforcement agencies as the RaaS model entails the usage of multiple different ransomware strains, making the source difficult to trace.
I predict this will only go further from here. More and more RaaS-cartel-affiliated groups will rear their heads, increasing the efficiency of their operations and making it even harder to investigate the source of the ransomware. And this is why we need to be ready.
Eslam Reda is the Founder and Security Expert at SECLINQ, working to help organizations build their security process and test their systems with realistic methods that malicious hackers use.
“Cybersecurity attacks are increasing…”
In the past year, we have seen huge organizations getting hit by cybercriminals and specifically ransomware. It even has become a big business to provide ransomware as a service (RaaS) on the dark web for as little as $100.
It does not stop there. Ransomware attacks will continue to evolve and increase in volume and sophistication. But the good thing is that no one is alone in this. We have our cybersecurity community that teams up against cybercriminals’ trending attacks, which is why a lot of organizations have released guidelines to fight ransomware attacks.
The Cybersecurity & Infrastructure Security Agency (CISA) has released a complete guide to protecting your organization in certain situations related to ransomware. They even published a ransomware 101 resource with the best practices to avoid ransomware attacks.
The first step that your organization should take is to integrate these guidelines into its process as part of the normal operation cycle. Moreover, integrating security overall in your daily operation and making the right decisions regarding internal processes and technologies are crucial for your organization to succeed.
For instance, creating a process to periodically train your employees to be aware of the recent cybersecurity threats and attacks is very important. Never underestimate the insider threats. As we can see in the statistics, insider threats have increased 47% in the last two years for about 60% of all organizations.
That means we need to do tests to simulate real cybercriminals breaking into our systems and make sure to close the gaps in our security design. This can be covered by red teaming exercises or penetration testing.
Lastly, I urge you to be proactive and always ask yourself when you go through your process, “What is the worst thing that could happen?” Identify your organization’s crown jewels and prioritize them in your cybersecurity plan. This risk-aware process will save you time and money, and most importantly will help your business to succeed.
Morshed is the Founder & Editor at Savvy Programmer. Being a tech wizard doesn’t happen overnight, and you need to find the right approach to be one. Their aim is to make learning how to code fun and easy for you, allowing you to achieve your dream job sooner!
“Cybersecurity will dictate the future of pretty much everything over the next few years…”
It’s important that all sectors understand cybersecurity and invest in it, not just defense or industry or government—everyone needs cybersecurity.
As more companies adopt IoT technology (such as intelligent cameras) they will become exposed to new vulnerabilities which demand they invest in cybersecurity solutions (such as biometric authentication). All companies need to be aware of these threats so they can plan accordingly.
Isla is an entrepreneur and a Cybersecurity Specialist with a background in ethical hacking at Privacy Australia.
“The most important cybersecurity trends companies should be aware of in 2022 are…”
1. The demand for post-incident services will Increase.
It is expected that the level of pre and post-level services will increase in the coming year, in terms of insurance when it comes to cybersecurity. This is because there will be a wide expanse of areas where protection will be required in the digital space. These services will expand to include restoration of data, helpline services, legal advice, and probable forensic services when it comes to threats and their detection in cybersecurity. The recent pandemic has accelerated the level of exploitation in the digital space, which is why it is vital to acknowledge and address these issues in the present times.
2. Cyber insurance demand is expected to grow.
This is a trend that is anticipated to rise as ransomware is expected to grow. This can not be attributed to encryption, but to a wider exfiltration of data. Ransom demands have become more common, and the frequency of these demands causes significant costs due to downtime. This rise in ransomware is also expected due to information technology systems converging with
important infrastructure and operational technology systems at a faster pace. We need to be more particular when it comes to compiling our portfolios and be more aware when integrating security measures.
Johnathan Lightfoot has been involved with IT for over 30 years. Currently, he is the Director of Assessments and IT Services for the government contracting firm Symbiont, Inc., a 36-year-old family owned, operated, and managed information technology firm. He heads up their Cybersecurity Assessments division with a focus on DoD’s CMMC program.
“The most significant trend I notice in my conversations with clients is the desire to use a cybersecurity framework…”
Previously, it may have been considered “good enough” to install antivirus or anti-malware to achieve a safe computing environment. However, as of now, we are seeing cybersecurity threats are growing and evolving. My clients now want to put in place a framework or system that looks more holistically at their cybersecurity, data, and business operations.
I am noting that they are beginning to get frustrated with the current piecemeal of sorts that occurs when purchasing different security tools, only to discover that the tool does not deliver for them or is incompatible with previously purchased tools. With this frustration, they are looking for the end of the rainbow scenarios. Cybersecurity frameworks seem to be something they feel comfortable with. They can see the overall plan and roadmap their progression to getting to the end of the process.
There are numerous frameworks available from NIST, ISO, and other sources. While I am not seeing a predominant focus on one or the other, I see different industries tending to lean to one side.
It appears that the insurance industry is also looking at frameworks to use as a gauge of deciding first if they will either extend cybersecurity insurance or, If they do, how much the premiums will be. Cybersecurity frameworks are a way for insurance companies to quickly assess what risks a company is asking them to assume and if the company is a good partner for them to take on this risk for them.
Matt Hartley is Co-Founder and Chief Product Officer of BreachRx, a privacy incident management software platform. He is a 23+ year innovator in cybersecurity, threat intelligence, cyber warfare, and information operations. Prior to BreachRx, he most recently held engineering and product executive roles at FireEye and iSIGHT Partners.
“Over the last couple of years, ransomware has become widely prevalent and can have a mammoth impact on a business…”
Not only do these attacks prevent a business from safely operating, but the successes adversaries have had are leading them to more frequently exfiltrate data to exploit for increased
ransoms. In addition, the proliferation of nation-state-grade tactics, techniques, and procedures into the underground continues to be a major source of new “innovation” for criminals. With more nations entering the mix given the low bar for entry, this trend will only continue to improve the capabilities of criminals, hacktivists, and other threats.
While we perpetually hope and work toward security technologies that will outpace cyber attackers, the arms race between defenders and attackers will clearly continue well into the future. Defenders need to continue to move away from a network- and technology-centric approach to a risk-centric approach that centers on understanding and then protecting the data, process, people, and operations of their organizations. In addition, people-centric teams like privacy and legal involved in responding to attacks need to add automation quickly as they’re already overwhelmed.
Over the last 20 years, we’ve seen that attackers are motivated by the same innovations as researchers, technologists, and the greater business community. For example, with the expansion of automation and technology to automate workflows over the last decade, we’ve seen adversaries adopt similar technologies for their attacks. This trend will only continue—attackers will increasingly adopt technologies emerging from communities like machine learning and artificial intelligence. Further, the success of legitimate as-a-service businesses has led to a surge of malicious as-a-service businesses that have lowered the bar for less-sophisticated adversaries to launch sophisticated attacks. Coupled together, the future attacks will have the ability to more easily increase the scale and breadth of their attacks, making it much harder for defenders to respond quickly and effectively. Rapidly rising cyber insurance premiums reflect this “arms race” between attackers and defenders.
Speaking of cyber insurance, CISOs that haven’t looked at their cyber insurance policy are looking at a world of hurt in 2022 if they have an incident that would require any sort of claim. Many cyber insurance policies require notification within a specific timeframe at the beginning of an incident—and if the provider isn’t notified within that window, they’re looking at the likely outcome of not having their insurance pay out on claims from that incident. Given that incidents and data breaches end up in court, that’s a major hit to the bottom line of the organization the CISO is trying to protect. In my experience, CISOs expect the legal or finance team to know the details and inject this information during an incident; however, it’s rare that these other teams have enough practice with cyber incidents to know the right time to throw information like this out to the security team. Given that CISOs are seen as responsible for the outcome of security incidents, a failure like this will likely fall to them.
Ultimately, organizations should be prioritizing building in security and privacy from the start. Those that wait to try to bolt security or privacy into their processes and products after they’ve been built are exposing themselves to serious risk of compromise and will be tempted to
continue to kick the can down the road on what would likely be major, expensive efforts to add protections and controls in after the fact. In addition, businesses can expect more oversight from insurance companies and governments—the impacts from data breaches have already driven increased oversight from insurance firms and led to the creation of dozens of regulations in the United States and across the world, which require notifications, allow for oversight, and result in huge fines that can ultimately take down a business if it doesn’t understand the regulations and isn’t prepared to deal with them.
Finally, while putting together the traditional high-level incident response plan is useful for compliance and to determine some organizational processes ahead of an event, they’re never pulled off the shelf during an incident or breach. Teams ultimately need discrete, actionable, and automated playbooks that are inclusive of cyber insurance requirements that can be practiced and used to respond quickly and effectively to attacks now and that will emerge in the future.
Stel Valavanis is the CEO of onShore Security and an internationally-recognized security thought leader. Valavanis is a member of Chicago Arch Angels and is an investor in a number of early-stage tech companies. He currently sits on the board of several leading nonprofits, including the ACLU of Illinois where he advises on digital privacy. Valavanis is also an active alumnus of the University of Chicago.
“There are new developments in cybersecurity that will significantly impact your business in this upcoming year and the rest of the decade…”
Predicting the future may sometimes seem an impossible task, especially given the speed with which our world and the world of cybersecurity change, but there are already signs of two major shifts I see coming in 2022 that you will want to have on your radar.
1. Regulations are finally coming.
As many parts of the government tighten their control over cybersecurity, court decisions set a new precedent: companies will have to adapt and respond. Yes, it represents added pressure and cost, but most changes should already be practiced by most organizations, and they do indeed elevate the security posture.
We have already begun to see indications and movement towards this, but my prediction is that we will see new regulations fast-tracked for cybersecurity standards, first in the form of executive orders to government suppliers (already started), and then expanding to regulated industries via more specialized government agencies. The policies and standards eyed by this legislative and regulatory shift of focus are already present, and we are seeing this administration make moves that have long been heralded. Recent rulings by the SEC, for example, put incident disclosure at the top of the list of things that will change, but policy and processes such as scanning and detection will also soon be scrutinized. Other areas of the economy, such as insurance, will be included as their connection to cybersecurity becomes stronger and clearer.
Court decisions and penalties such as government fines will set a precedent, and companies will make moves to avoid the newly articulated risks of non-compliance in cybersecurity. This will create a new cybersecurity floor, a standard by which many companies will have to rise to meet. The level of security to reach mere compliance will be closer to the standard of being highly secure, though many will still make their deployment decisions based on compliance versus security.
Further down the road, expect pressures from governments for more accountability for CISOs similar to CFOs. This could come in many forms, but the NYDFS regulations could be a template. Organizations will need to support CISO efforts to confidently attest to the company’s security posture.
Globally, cryptocurrency will face additional regulation and affect the nature of ransomware. Banks have long been expected to know their customer, and blockchain ledgers aren’t quite private but rather anonymous. Expect exchanges and others in the ecosystem to face unveiling customers under subpoena. Criminal gangs will employ new tactics that only larger organizations can perform.
The following are some specific regulations we expect to see in 2022:
- SEC penalties for lack of transparency will extend to vulnerabilities and not just incident disclosure.
- New cryptocurrency regulation in several countries will change the nature of ransomware, discouraging any but the bigger gangs who typically target larger organizations.
- Ransomware disclosure laws (proposed by Senator Warren) will get push back for private companies. Still, the list of “terrorist organizations” that can’t be paid ransom will increase greatly to make up for it.
- Cyber insurance coverage will increasingly depend on the existing level of cybersecurity posture, and organizations will have cybersecurity standards they’re expected to meet.
2. The supply chain will be scrutinized.
Gaps in the supply chain and inadequate security operations by vendors and third parties have been to blame for many of the notable attacks on private industry in the last decade or so with few consequences. However, the response from the industry has been a slight move to improve vendor management, but nothing of note. This will be an important area of focus in 2022, starting with greater disclosure.
For one, the myth that cloud computing is inherently more secure will be further exposed. In fact, the opposite is true, and those vendors will be scrambling to add in more caveats not only to cover their liability but also to build and partner to fill those gaps or, at minimum, disclose their gaps. The backdoor inadvertently created by automated AWS appliance installations allowed hacker rootkits to be installed. Customers didn’t create that exposure, Amazon did. The potential risks of cloud computing will become too much to bear for many workloads, and the benefits of going to the cloud will diminish as security is prioritized over convenience. It’s become clear that the use of third-party vendors only outsources the work and not the risk. If something happens, the blame and responsibility will fall legally and socially on the company, not its vendors. In general, the whole IT supply chain is on notice, and we could see a big fallout if another such wide-scale incident like the SolarWinds, Hafnium, or Kaseya attack occurs.
Vendors will work to try to (quickly) fill in the security gaps that exist, although I don’t think it possible that they will ever be able to solve the frequent problems that employee errors and negligence present for cloud computing customers. Vendors may change their marketing language and service policies to make it more clear that the gaps they are unable to cover exist, but that will likely have the effect of warding off potential customers. Sophisticated and well-resourced customers can apply more controls and scrutiny, but they need more transparency and accountability to do so. In the further future, years from now, hosting providers may be willing to (or compelled to) take more responsibility for security vulnerabilities, but any such change would more likely be the result of regulation.
As many of the reasons cloud computing has been so popular are either made irrelevant by developments in cybersecurity (attacking and defending) or revealed to have been myths the entire time, the reasons to move to the cloud will become more specialized and may no longer be seen as a panacea for all business computing concerns. This seems an unlikely shift in momentum, however, and companies with high-security concerns will perhaps move certain workloads back to the premises or host them securely via private colocation, but the general business world’s move to the cloud will continue, creating more exposure as it does. Cloud computing infrastructure is the “pipeline” of the information age even more than the Internet itself. Its exposure should be of national economic concern.
Over the past few years, large-scale attacks like the Colonial Pipeline attack have shown how vulnerable the larger economic supply chain is to cybercrime. The stakes are higher now, as the infrastructure and ability of our country to do business are more severely impacted by a cyberattack. The collateral damage is too much to ignore.
The fatigue many have developed over the effects of a data breach, such as identity theft, has not reached the height of what the actual effects of cyberattacks are quickly becoming. Without even intending to create large-scale problems, a cyberattack caused a large gas shortage in the United States. The effects were felt far and wide by many who have no ostensible relation to the target, except via supply chain. Affecting people outside the targeted organization means increased attention criminals don’t want. But their need to go for bigger payloads, improved security measures, and the availability of cyber insurance have conspired to raise criminal activity to these new heights and greater exposure.
Good News and Bad News
It’s good news, and it’s bad news. Governments and industries are going to do more and do better. We will all be more secure because of it. But we need not resist these efforts, inconvenient as some may be. The threat of crime and its scale will increase in 2022 partly in response to our improving security posture and because cybercriminals are now large professional enterprises, whole ecosystems in fact, and they need to keep growing.
Frank Rietta is a computer scientist with a Master’s in Information Security from the College of Computing at the Georgia Institute of Technology. He is a web application security architect, expert witness, author, and speaker. He is also the CEO of Rietta Inc.
“Cyber policies have annual premium increases and are often not renewable unless…”
Your company has put proactive security measures in place.
This is especially vital for companies with custom Internet-facing infrastructure. The fundamentals in 2022 are the requirement for strong authentication, two-factor authentication, and data backup and restoration in the event of an outage. Cloud offerings from Microsoft Azure and Amazon Web Services and others make achieving high availability data recovery easier than ever before.
Tal is the co-founder and CEO of Mitiga, an international hybrid managed service company that operates across the U.S. and Europe with a technology hub based in Israel.
“The Darknet, which originally described computers on ARPANET that were hidden and programmed to receive messages, but did not respond to or acknowledge anything…”
Is going to be succeeded by the DarkCloud. Criminals will use an invisible cloud to attack organizations in 2022, taking full advantage of the cloud’s capabilities for on-demand scale and ubiquitous accessibility. Ransomware and malware are already available as a service and will use cloud-native technologies to attack cloud infrastructure at scale.
Not to mention that the industry has complained for years about the lack of talent in cybersecurity, and yet it’s not valuing new graduates and bootcamp students. Entry-level jobs require three to five years of experience, leaving many students who learned how to pen test and hack with time on their hands and no job opportunities. Unless the industry finds ways to train and mentor these eager students and help them transition successfully into the field, they’ll find the cybercriminal industry all too ready to take them in.
Chip Epps, VP Product Marketing, joined OPSWAT in 2021 with a 15+ year security career in both Product Management and Product Marketing and is CISSP certified. He’s focused primarily on emerging product categories and associated go-to-market strategies spanning security domains including Endpoint, Datacenter, Network, Gateway, Cloud, IAM, SOAR, and Threat Intelligence.
“In 2022, we may see an emergence of a ‘digital genome’ (i.e., digital DNA)…”
To better track associated certified ‘cyber-engineered’ modifications. Cyber-attack groups and specific bad actors often reuse code components and various TTPs based on their historical success, or simply as a matter of expediency, and with that comes their unique signature—like a sequence in their DNA. This could be a simple algorithm unique to an attack group, or a clone of elements from previous successful attacks they are familiar with.
The practice of threat intel sharing has been very successful as the industry quickly realized that combating cyber threats is a global issue. As hashes are specific to files and have served the community well in managing distinct threats and threat families, there will be a need to bring this concept to a higher level. This means doing more to associate malware to its source or creator—like the sequencing of a gene—to help organizations more quickly remediate vulnerabilities and risks. With the idea of a ‘digital genome,’ malware researchers and reverse engineers can identify these distinctions and apply rule-based languages like YARA to detect these malware authors within specific metadata and behavioral indicators.
Brad Hibbert brings over 25 years of executive experience in the software industry aligning business and technical teams for success. He comes to Prevalent from BeyondTrust, where he provided leadership as COO and CSO for solutions strategy, product management, development, services, and support.
“After a banner year of high-profile ransomware attacks originating from third-party suppliers (for example Kaseya and others), 2022 will…”
Only see more as cybercriminals continue to perfect their attack methods, increase their sophistication and follow the money. Top targets will include third parties that supply goods and services to the automotive, mid-sized banking, and retailing industries due to the criticality of the data and systems they have access to.
Organizations would do well to implement proactive event risk assessment cadences and deploy continuous cyber and breach monitoring to get an early-warning picture of potential attacks against their third-party ecosystems.
Bonus stretch prediction: Despite increases in ransomware attacks against healthcare organizations, cybercriminals will gain a conscience in 2022 and cease targeting hospitals due to the risk of the loss of innocent life. After all, there is honor among thieves.
Magni Sigurðsson is the Senior Manager of Detection Technologies at Cyren (NASDAQ:CYRN), an established provider of advanced threat detection and threat intelligence solutions for enterprise, service providers, and cybersecurity solutions vendors.
“Cyber crime has long operated as a dark mirror to the legitimate business world, and threat actors have always…”
Been adept at incorporating technological trends into their attacks. The latest example is the resurgence of the QR code. This often-overlooked technology has been around for decades but has returned to prominence over the last two years due to the COVID-19 pandemic. The scannable software is well-suited to delivering information in a COVID-safe fashion at set locations, and we have seen an increase in its use online as well.
Unsurprisingly, the cyber criminal community wasted little time taking advantage of this trend, evidenced by the increased number of attacks exploiting QR codes. As the software becomes more mainstream in marketing and sales activity over the next year, we anticipate attacks that utilize the tool to follow suit.
QR code attacks are the latest example of attackers adapting their techniques to mirror popular technology trends, as well as finding new ways to evade security measures. We have already seen QR attacks across multiple industries, and threat actors are also likely to begin using these techniques to target businesses as well as individual consumers.
The use of QR codes ties into the wider movement towards mobile attacks, and we anticipate an increased use in SMS phishing as threat actors seek to evade desktop-based security.
It’s important for organizations to factor this growing trend into their security strategies.
Jessica Carrell is the Co-founder of AnySoftwareTools.
“The most critical cybersecurity trend that companies need to be aware of relating to ransomware and cyber insurance in 2022 is that…”
A plan must be in place before an incident occurs. The more they can stay on top of their organizational security, the better they will be able to navigate through an incident when it happens.
Many companies believe that paying for cyber insurance is a foolproof safeguard against preventing cyber attacks. In reality, this is a false sense of security that can encourage an organization to let its guard down.
Data backups and an in-depth data breach plan are necessary to avoid potential disasters. You can’t outright prevent or stop a cyber attack these days, so it’s vital to be well prepared with a plan of action that can be implemented when they occur.
Backups can help with a ransomware incident and should be standard for every business, no matter what size or industry. Utilizing an action plan can save time and money when an incident occurs.
Adam Korbl is the Founder & CEO at iFax, Amplify Ventures, and Fill App.
“Brute force attacks have become hackers’ favorite mode to deliver ransomware…”
In my perspective, this trend will continue in 2022. By successfully brute-forcing their way into your endpoints, hackers will gain access to everything you also have access to and they will be in complete control, and ultimately, losing important data, time, money, and even clients and business partners is inevitable.
You can consider implementing multi-factor authentication and installing a versatile privileged access management solution that can help you control the granting of access rights and also deescalate rights upon threat detection. These are effective ways to mitigate this terrific cybersecurity market challenge.
Dr. Stephen Boyce
Dr. Stephen Boyce is the CEO & President at The Cyber Doctor. He is an experienced cybersecurity professional with a demonstrated history working in federal law enforcement, private sector, public service, and higher education. He is a trusted advisor to politicians, lawyers (Am Law 200 & AUSAs), judges, CEOs, Boards of Directors, executive committees, CISOs, CIOs, CTOs, CPOs, and GCs.
“With the increased international pressure and cooperation among nation-states, I predict the frequency of ransomware attacks will decrease in the year’s first half…”
Ransomware groups and affiliates will take the time to formalize a new strategy to increase their operational security to reduce their chances of being caught. Business leaders must not remain complacent in the wave of what might appear to be a quieter period but instead invest in their technological and human defenses.
As we see more and more organizations continuing their move to the public cloud, I expect we will see more misconfigurations of publicly facing assets that house personally identifiable information that will be sold on dark web marketplaces. Business leaders whose organizations are embarking or thinking about embarking on their journey to the cloud need to bolster their in-house expertise on the best practices for securing cloud infrastructure, assets, and data stored in the cloud.
Cyber insurance companies will start bringing cybersecurity professionals in-house or contracting with third parties to perform risk assessments to validate that insureds have the controls in place that they say they do. This past year we saw AXA stop writing cyber insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. In 2022 I expect to see more cyber insurance companies following suit with regards to ransomware payments. I also expect cyber insurance companies to incentivize organizations to increase their cyber hygiene by providing discounts for implementing specific preventive controls.
J.R. Cunningham has performed executive consulting, architecture, and assessment work across the globe and in a wide variety of industries including manufacturing, insurance, healthcare, education, intelligence community, retail, and government. Prior to joining Nuspire, J.R. built and led industry respected executive consulting practices for Optiv & Herjavec Group.
“2022 is going to be a busy year for CISOs…”
Top of mind for everyone is ransomware, without question. This is driven in part by the fact that our former financial last line of defense against ransomware, our cyber insurance policy, is now not quite the same line of defense it once was. Insurance carriers are becoming ever more particular with expectations of a security program, ransomware caps, and minimum timelines for coverage. As a result, the potential financial exposure of a business to ransomware means the CISO has to adjust tactics to prevent, detect, and respond to ransomware faster and more efficiently than before.
Keatron Evans is Principal Security Researcher at Infosec Institute and is an established researcher, instructor, speaker, and author of the bestselling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He speaks at Black Hat, OWASP, ISACA and RSA, and serves as a cybersecurity subject matter expert for CNN, Fox News, and others.
“There’s clearly been an increase in the amount of ransom being paid out…”
Even on a per-instance basis, we’ve seen records shattered several times last year. I predict we will see more trending in this direction. In addition to that, I’m seeing a renewed focus on individuals as well. For example, I recently had a family member whose Instagram account became locked with a ransom demand of only $200. But imagine an influencer with millions of followers making millions of dollars on their account. If their account became locked this way, they’d be willing to pay much more than $200 to get it unlocked.
I believe we will eventually see this trend happen more because most individuals don’t have the same level of security as a corporation. Also, there is the possibility of being locked out of smart cars and other smart devices. Imagine not being able to start or enter your car without paying a $500 ransom because a threat actor hacked your mobile app, which you use to control your car, changed all the credentials, changed the email account associated and everything else. These are some of my predictions of potential attacks.
Businesses have to focus on two things: awareness and education. The awareness part will help end-users be less susceptible to the attacks. The education part should focus on educating and supporting your technical IT and security staff and upskilling to handle ransomware specifically. I’ve seen teams struggle with responding to ransomware incidents, despite that same team excelling when responding to everything else. There needs to be a more concentrated and directed effort to ransomware remediation in general.
Many IT teams mistakenly think they’re prepared to respond to a ransomware outbreak and find that sometimes they simply are not. This is not intentional deception or anything like that. They genuinely believe they can handle it. But little things like setting up a digital currency account to even pay the ransom can be challenging for someone who hasn’t done it before. Added to the fact that you usually need to have an account for a few days before doing transactions over a certain amount, it becomes clear how the ‘just pay the ransom’ idea could cost more than just restoring from backup. This scenario is just one example, but one that has often happened this year.
Nick Santora is the CEO of Curricula. A certified cybersecurity expert (CISA, CISSP), Nick spent nearly a decade working as an auditor in critical infrastructure protection for the federal government before founding Curricula on a mission to make security awareness fun to help defend against cyber attacks.
“Ransomware doubled in frequency in 2021, and the severity of ransomware will only increase in the next year…”
But what people don’t always realize is that ransomware is the outcome of social engineering attacks. We need to look at the root causes.
Social engineering is only becoming more complex and harder to prevent. More than half of ransomware insurance claims start with human error. It’s not about preventing ransomware but about training your employees to prevent social engineering. It’s about teaching employees to not click on things that can introduce ransomware. Everyone needs to be safer and not step on landmines as they walk around the digital world.
Even if you have cyber insurance, that’s an in-case-of-emergency policy. It’s a lot more effective to be proactive in your training and preparation than to pay for ransomware. Practice makes perfect—if you haven’t practiced what would happen when ransomware hits, you’re too late. You
won’t be able to effectively respond if you’ve never done incident response planning or running training like a tabletop exercise. Just like an athlete, this is one of those make-or-break situations.
Yuen Pin Yeap is the CEO and co-founder of NeuShield. Prior to founding NeuShield, Yuen Pin held positions as early engineer, architect, engineering director, and vice president of engineering at early startups to top-tier cybersecurity companies such as Sygate Technologies, Symantec, Websense, and SkyDRM.
“Ransomware, in particular, is having a profound impact on the cyber insurance market…”
As threat actors continue to develop increasingly complex attacks, the number of organizations struggling with ransomware has skyrocketed. We will see more insurance carriers looking closely at their cyber insurance policies, with many providers dropping out of the market in the coming year. However, the need will be greater than ever as companies will continue to fall victim to ransomware attacks. We would expect policy rates to increase exponentially in the coming year.
Mauricio Prinzlau is the CEO and co-founder of Cloudwards, an online publication company that provides information, news, and articles on cloud technology and cybersecurity.
“It’s projected that 40.7 million of the workforce in the U.S. will continue to work remotely in the next few years…”
But without the adequate protection that centralized offices usually provide, working from home poses cybersecurity risks. While some companies are already well-adjusted to this type of setup, others should start preparing for any online threats that could potentially take place.
Both big and small companies should be aware that ransomware attacks are becoming more sophisticated through developments in machine learning, social engineering, and cryptocurrencies. Because of this, many of these cyber attacks will more likely be successful.
Another thing to be aware of is that the ransomware demands keep rising. Last year alone, the average ransom demand by hackers saw a significant increase to 43% compared to 2020. Regardless of how events turn out, it is better for companies to start investing in cybersecurity measures to ensure the privacy and security of data in the digital space.
Clay is the Chief Information Security Officer of a software and technology consultancy, Headstorm. They specialize in enhancing the security posture of organizations to ultimately reduce overall risk by developing / updating / implementing security programs and empowering teams to succeed.
“Over the last year and a half, there has been a massive increase in ransomware attacks…”
That change applies both to the frequency and the amount of ransom demanded. And organizations, especially those that are insured, don’t hesitate to pay when a ransom demand comes. In fact, 87% of organizations faced with ransom demands pay up and only 13% don’t.
That’s helped fuel the productization of Ransomware-as-a-Service that we’ve seen over the same time frame. When coupled with corporate access brokers who are selling initial access, this creates an environment where nearly anyone can be a sophisticated threat at a relatively low cost. When coupled with the number of people who pay up when ransomed, it doesn’t take a genius to see the return on investment these gangs and affiliates are bringing in.
Many ransomware attackers actually check whether their targets have insurance policies and what their coverage amounts are prior to launching their attack or making a demand. If they know you’re covered for $5 million, then all they have to do is ask for $4.99 million. They know your organization is good for it and won’t think too heavily on whether to pay because at the end of the day you won’t be the one actually footing the bill.
With the increase in ransomware attacks and related payouts, the insurance industry has steadily increased premiums while lowering coverage amounts. After all, they’re businesses that need to turn a profit as well. In fact, Lloyd’s of London released draft guidance on Thanksgiving that excludes payment on incidents caused by cyberwar or cyber operations.
The most important thing your organization can do now to help prevent ransomware attacks and lower premiums in 2022 is to reduce your overall risk level. Here are two ways to do so: move to passwordless authentication or MFA and implement a zero-trust environment NOW.
Tom Kirkham, founder and CEO of IronTech Security, provides cybersecurity defense systems and focuses on educating and encouraging organizations to establish a security-first environment to prevent successful attacks.
“What we have been seeing in cybersecurity trends around ransomware and cyber insurance lately is…”
The implementation of EDR (endpoint detection response) instead of antivirus. Many cyber insurance companies have been enforcing EDRs or will refuse to write the policy. This is happening right now as we speak.
EDR uses artificial Intelligence and machine learning to detect any anomalies found suspicious. Antivirus relies on a list of known threats, leaving you vulnerable to the new threats coming out every single day.
Lucio Campanelli is the Founder and CEO at Inpulse, a Silicon Valley Digital Identity Startup, and he is currently the Data Loss Prevention Interaction Design Lead at Google Cloud Security. He has 15+ years of enterprise developing User Experience Design in the areas of Cyber Security, Big Data VIsualizations, and Natural Language Processing.
“Invisible security is one of the newest trends shaping the future of cybersecurity today…”
Invisible security tools are engineered directly into the technologies to reduce users’ intervention while securing their assets. This is the next evolutionary step to help users in protecting their data and privacy without effort.
Ransomware is one of the most serious issues for enterprises operating in the cloud environment and the Internet today. Enterprises globally are losing trillions of dollars because of this. Technologies such as multi-factor authentication (MFA), endpoint detection and response (EDR), and data loss prevention (DLP) are the foundation of invisible security. These technologies are essential for enterprises to be in compliance with standards such as the GDPR, and they are crucial for reducing enterprises’ cost for cyber insurance.
One of the best examples of invisible security are the newest automatic data loss prevention (DLP) tools used by renowned data warehouses like Snowflake, BigQuery, and Hadoop.
Conventional DLP technologies have the capability to de-identify sensitive information such as masking a date of birth or a credit card number with a token. However, because data overflow is spreading at an incredible speed, it is now almost impossible to de-identify sensitive information
manually. Innovative interaction designers and engineers are developing a new generation of DLP tools using behavioral analytics, AI, and automation to provide real-time prevention mechanisms without the need of any user intervention. This means that users can enjoy a more advanced security service that pushes complex technology into the background and retain in the foreground only what makes their lives simpler.
Healthcare is trying to take the consumer approach via telemedicine. For example, we speak to doctors over the phone or computer, and the devices can record us. A glucose monitor can collect data from a patient and send it directly to the doctors. While these examples seem innocuous and currently unintrusive, it gets potentially scarier when those devices start recording your voice and try to understand your mental health from your voice cadence.
Data loss prevention (DLP) technologies can prevent leaking sensitive data on the Internet by inspecting information going out and de-identifying it. The hard part is that sensitive information should be analyzed and obfuscated before it gets to the Internet. The issue is that most DLP algorithms need a lot of processing power, and they can be performed only in the cloud. A new generation of DLP technology should be designed to encrypt the information directly at the source. This means that in order to have super-secure communication the device should be able to select only the public information and eliminate all the sensitive parts of it.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards and provides examples of how to protect sensitive patient health information. The result is that healthcare organizations are adopting masking strategies for sensitive information before other
industries because of HIPAA. Interaction designers and software engineers are critical in developing software detectors to identify and remove sensitive information according to HIPAA standards. Most of the software out there can handle thousands of data full of sensitive
information. The challenge is that healthcare providers handle billions of data every day. If I say ‘Laura has a disease,’ it is a violation, but if I say, ‘A patient has a disease,’ it is ok because I masked her identity.
Having appropriate security measures in place shows a company’s commitment to reducing cyber risk. While nothing is 100% guaranteed, having these technologies in place will show commitment to protecting and give cyber insurers a reason to continue to underwrite reasonably priced policies.
Rick Hill is the SVP of HumanTouch, LLC in McLean, VA. Rick is a computer engineer and former partner at Booz Allen with an MBA from Johns Hopkins. Leading government contracting cyber and cloud initiatives for his clients, he thinks investing in compliance and disaster recovery is key.
“Your business will get hacked…”
Can you afford the damage to your reputation, let alone the fines and lawsuits associated with improper handling of client data? Disaster recovery systems like Rubrik allow organizations to just walk away from ransom threats. (The city of Durham was able to do so because they had invested in disaster recovery.) The compliance piece relates to companies working within highly regulated industries, from pharma to the DoD and anything legal. Are organizations taking proper care to secure their systems and data, now being held accountable for their role in supply chain safety? CMMC is an evolving mandate from the DoD that is demanding protocols for every vendor handling CUI. We can expect the federal civilian agencies to follow suit in making similar demands of their vendors and contractors to share cyber responsibility across the ecosystem.
Jesse is the President and CEO of Tauria, the first video conferencing solution in the world to provide e2e encryption.
“With cybersecurity getting on the radar of individuals and corporations alike, it’s increasingly important for us to keep on trend…”
One of these trends is multi-factor authentication. You may already be familiar with 2-factor authentication, where logging in with a password also prompts a keyword from a text message or email. With the use of multi-purpose authenticator applications and other such technologies, we may find ourselves passing a couple more steps until we can securely log into our account. While some people may find this tiresome, it is definitely important for more sensitive accounts, like online banking sites and the like. Having these checks could save our accounts from very savvy hackers and data thieves.
Ransomware and cyber insurance are top of mind for organizations when it comes to cybersecurity in 2022. As ransomware attacks continue to be prevalent and grow increasingly more sophisticated, having adequate cyber insurance coverage is a must for businesses today.