Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
attractive young businessman using laptop and cell phone in outdoor cafe SBI 302738683 - Business Express

Critical national infrastructure, remote workers and supply chain are top targets for 2022, say cyber experts

Bridewell Consulting provides 10 top cyber security predictions for 2022

Reading, UK – Cyber security services company, Bridewell Consulting, has outlined its top cyber security predictions for 2022. Compiled from the knowledge of its team of highly-skilled consultants, coupled with data gathered from its 24/7 security operations centre in 2021, the company warns of the automation of security threats, increased risks for remote workers, and more nation-state attacks on the UK’s critical national infrastructure.

  1. 2022 will be the year of remote risk – With remote and hybrid working here to stay, we expect to see a large increase in mobile malware attacks. Cyber criminals will evolve and adapt their techniques to exploit the growing reliance on mobile devices and remote working. Social engineering will remain the initial attack vector for deployments of malware, phishing and ransomware, with an increase in deepfake technology making attacks more technologically convincing in 2022. Phishing volumes have already surpassed levels seen in 2020, and in 2022 we’ll see a rise of update-themed phishing emails designed to trick remote employees into believing they are legitimate updates, as well as those used to tailgate employees into restricted areas under the guise of being a new employee hired during lockdown.
  2. Ransomware will become automated – Human operated ransomware will be the biggest cyber risk for organisations in 2022. Different from traditional commodity ransomware attacks, we’ll see more cyber criminals with a high level of offensive security knowledge gain access to organisations and survey the environment for an extended period before launching a potentially devastating attack on data and systems. The risk presented by human operated ransomware will only increase as wormable variants such as WannaCrypt and NotPetva are utilised more. Additionally, automation will play a key part in the evolution of modern ransomware and malware attacks, with machine learning and Artificial Intelligence (AI) used to remove some of the mistakes that allow businesses to respond to current threats.
  1. Volume of hackers-for-hire will increase – Over the past few years, groups such as REvil and DarkSide have appeared and disappeared after carrying very public attacks against numerous industries. In 2021, we saw a number of hacker groups arrive, have a big impact, and then vanish as quickly as they came, only to repeat the same process again a few months later. In 2022 we can expect more of the same, in particular large attacks on lucrative targets such as supply chains and cloud providers to maximise ransom value and payments. Managed services and third-party suppliers will also be under greater risk. Phishing-as-a-Service will become commonplace on dark web forums, increasing attack volumes.
  2. Zero-Trust will become the de facto cyber security approach –With the rise of hybrid working, Zero-Trust will become critical in 2022. Lack of secure cloud configuration will continue to cause security breaches and organisations will seek to separate users and devices from data, applications, infrastructure, and networks, through the Identify, Authenticate, Authorise and Audit model (IAAA). More CIOs and CISOs will roll out system-wide Multi-Factor Authentication (MFA) with stricter rules around conditional access built in and supported by session information and telemetry to develop a comprehensive audit trail for real-time detection of a policy breach. Extended Detection and Response (XDR) will also become the technology of choice for Zero-Trust, enabling rapid detection and response of threats across endpoint, network, web and email, cloud and importantly identity.
  1. Organisations will turn to hybrid SOC models to plug skills gaps and aid consolidation – As the cyber skills shortage grows and enterprises lack security professionals with the depth of knowledge and technical skills to develop more advanced capabilities required for running a cloud-native modern Security Operations Centres (SOC), we will see more organisations turn to hybrid SOC models which combine the cyber skills of in-house teams with the expertise of a Managed Security Service Provider (MSSP). Companies will use providers to plug gaps in defences while developing in-house expertise in tools and techniques including EDR, XDR and intelligence-based threat-hunting. Hybrid SOCs will also be used to facilitate consolidation of security tools, driven by a growing desire from the board to reduce security costs, maximise ROI and improve efficiency.
  1. Rise in 5G and connected devices will increase IoT risks – 5G will continue to be rolled out globally in 2022 and increase the number of connected devices within organisations, particularly within industrial IoT. Manufacturing and Critical National Infrastructure (CNI) will remain the sectors most susceptible to security issues, with more factories and facilities becoming connected and more organisations reliant on IoT devices for measuring and monitoring processes remotely. We expect to see the introduction of more government guidance and standards to bolster IoT security as uptake increases.

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.
  1. Organisations will shift focus from prevention to detection and response – As the speed and complexity of attacks continue to grow, demand for managed security services, such as Managed Detection and Response (MDR) will rocket. No longer the luxury of large enterprises, in 2022 we expect all companies to seek to shift from prevention to response and look to implement early warning systems to alert on early signs of a potential breach. Security Orchestration Automated Response (SOAR) solutions, such as Microsoft Sentinel, will be critical alongside MDR to help to improve the efficiency. Traditional tools such as anti-malware software and spam blockers will still be important, but these will increasingly be combined with proactive tactics, such as MDR, threat hunting, and ethical hacking to ensure any vulnerabilities are identified and mitigated immediately.
  1. Critical National Infrastructure will face more threats – CNI will face increased activity from nation state groups, which are likely to prioritise green energy targets given the global focus on the development of sustainable infrastructure. The oil and gas sector will also be the subject of more directed attacks from hackers-for-hire as they attempt to target high value income industries.
  2. Cyber security transformation will drive digital transformation – Digital transformation became a necessity for businesses in 2021, driven largely by Covid-19. Probably the biggest mistake we saw in 2021 was a reactive approach to security transformation, whereby security was only considered afterwards. In 2022, we expect to see this model flipped with a rise in mature companies who seek to use cyber security transformation as the driver for digital transformation.  Cyber security will shift from a box-ticking exercise to a business enabler, with CISOs and CIOs working directly with the CEO to develop an adaptive and customisable security model to ensure cyber security is as strong as possible before broadening the attack surface further.
  1. Cyber Security vendors will start to consolidate – Microsoft and Google will evolve to become leaders in cyber security. Microsoft has already announced a huge commitment to growing its cyber security offering and given the company’s dominance in the collaboration market and Google has already taken huge steps to bolster its security expertise. As both companies continue to build their expertise, we expect to see traditional cyber security players start to lose market share as they struggle to keep up with the visibility, coverage and collaboration benefits the global giants can offer.

Martin Riley, Director of Managed Security Services at Bridewell adds: “Cyber threats are always evolving and 2022 will be no different. Attackers will use new technologies to launch more sophisticated attacks and remain under the radar, while businesses will use technology to strengthen defences and drive efficiencies. Heading into 2022, organisations need confidence that their systems, data and processes remain protected, regardless of how the landscape evolves, and ultimately that comes down to developing an agile and adaptive security strategy.”

Bridewell is now the second-largest and one of the fastest growing, privately-owned, cyber security services firms in the UK, with its security operations centre protecting some of the UK’s most critical national infrastructure. The company was recently named Cyber Business of the Year in The 2021 National Cyber Awards and won the SME 100 Growth (Under £10M) and Tech Company of the Year awards at the Thames Valley SME Growth Awards 2021.

Recent Post: