Note: Search is limited to the most recent 250 articles. To access earlier articles, click Advanced Search and set an earlier date range.
To search for a term containing the ‘&’ symbol, click Advanced Search and use the ‘search headings’ and/or ‘in first paragraph’ options.
Sponsored by
Please enter the email address that you used to subscribe on Engineering News. Your password will be sent to this address.
Sponsored by
separate emails by commas, maximum limit of 4 addresses
Sponsored by
Bottom-line technology to provide business opportunities that cybercriminals will target in 2022
13th December 2021
By: Schalk Burger
Creamer Media Senior Contributing Editor
ARTICLE ENQUIRY SAVE THIS ARTICLE EMAIL THIS ARTICLE
Font size: –+
Next year is likely to hold many possibilities for companies and cybercriminals alike, says cybersecurity company Trend Micro Cloud and Alliances.
Business development manager Willem Barnard and Trend Micro sub-Saharan Africa senior cybersecurity sales engineer Yash Pillay, therefore, advise organisations to build out and implement strategies to proactively mitigate emerging cybersecurity risks.
"As technological advances continue to affect bottom lines and leadership agendas, senior leaders are grappling with the significant challenge of prioritising a hybrid work model that is continuously being tested by cybercriminals."
The pandemic accelerated the adoption of digital technology for customer interactions, supply chain interactions and internal operations by three to four years. Cybercrime also became exponentially more sophisticated. Trend Micro blocked 47% more threats during the first half of this year than during the first half of 2020.
Malicious actors are expected to continue to use low-effort but high-impact strategies in gaining access to cloud applications and services. It is predicted that phishing emails to steal credentials, for example, will still be a method that persists.
They will also continue to compromise software-as-a-service (SaaS) applications and services, through unsecured secrets, unrotated access keys, unsecure container images obtained from untrusted sources, and immature or poorly implemented identity access control management policies, said Barnard and Pillay.
The Covid-19 pandemic highlighted the fragility of supply chains globally and, as the value of supply chains is becoming more evident, cybercriminals are becoming more sophisticated in their attacks against supply chains.
"It is predicated that malicious actors will exacerbate supply chain disruptions, causing a surge in extortion models. Targeted attacks will take advantage of new partnerships that may not have robust security strategies in place yet, and vulnerabilities caused by globalisation strategies."
To keep supply chains more robust and secure as organisations evolve their strategies, organisations should apply the zero-trust approach in their security practices. The zero-trust model helps secure the way in which organisations interact with other companies and exchange data via continuous verification throughout a connection’s lifetime.
Through this model, the health of the users, devices, applications and services that organisations interact with is constantly monitored and assessed.
BUSINESS ATTACKS
Malicious actors who want to gain access to target organisations are focusing on exposed services and service-side compromises. Hybrid work models present increased attack surfaces from less secure home-working environments and servers.
It is predicted that ransomware attacks will become more targeted and highly prominent, making it more difficult for enterprises to defend their networks and systems against these types of attacks. Ransomware operators are also expected to use more modern and sophisticated methods of extortion to infiltrate their victims’ environments.
To remain protected against evolving ransomware threats, organisations must set their sights on protecting their servers with stringent server-hardening and application control policies. Ensuring that servers are properly configured will help defend organisations against ransomware attacks and other threats.
"Cloud adopters will need to shore up their defenses if they are to weather attacks from actors intent on using tried-and-true methodologies and innovating by following new technology trends."
Ransomware attacks on data centre workloads and exposed services are also predicted to take advantage of the large number of employees continuing to work from home. In this regard, research, foresight and automation are critical for organisations to manage risk and secure their workforce, they highlight.
"Historic vulnerabilities will continue to be exploited because many environments are simply not patched up. Different iterations of previously seen attacks are expected, which means that the first line of defence must include a revisit of cloud security basics.
"If cloud environments are to be defended, these basics must be assessed, retested and reemployed. This includes understanding and applying the shared responsibility model, using a well-architected framework, encrypting, patching and bringing in the right level of expertise, among others."
IOT RISKS
Smart devices have long been tempting marks in the eyes of malicious actors banking on the fact that the limited computational capacity of most Internet of Things (IoT) devices leaves little room for built-in security. Compromised IoT devices have been used in different kinds of attacks.
"It is predicted that companies, particularly those in smart manufacturing, will be exposed to more cyberthreats as they transition to the hybrid work model and continue to use remote connection services."
For organisations whose workforces rely on IoT devices, improved network monitoring and visibility to safeguard their information technology environments against threats arising from IoT adoption are critical. Intrusion prevention and detection systems, network forensics tools, network behaviour anomaly detection tools, and network detection and response tools can help them keep close watch over the goings-on in their networks in the coming year, Barnard and Pillay said.
"The past two years have proven to be the most critical in terms of cybersecurity, as every organisation was forced to adopt and change its operating model. Many businesses expedited their digital transformation, although key missed steps in the transformation journey can leave them vulnerable and open to cyber-attacks, and must be addressed," Barnard and Pillay note.
Edited by: Chanel de Bruyn
Creamer Media Senior Deputy Editor Online
EMAIL THIS ARTICLE SAVE THIS ARTICLE ARTICLE ENQUIRY
To subscribe email [email protected] or click here
To advertise email [email protected] or click here
Engineering News is a product of Creamer Media.
www.creamermedia.co.za
Other Creamer Media Products include:
Mining WeeklyResearch Channel Africa
Polity
Sign up for our FREE daily email newsletter
Receive daily sector news alerts
We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.
Subscriptions are available via the Creamer Media Store.
Advertising on Engineering News is an effective way to build and consolidate a company’s profile among clients and prospective clients. Email [email protected]