Vectra AI today released its industry predictions for 2022, highlighting the changing tactics among ransomware gangs, and the fact that multifactor authentication is no longer enough to thwart threat actors.
“We have entered an era in which our IT stacks are split across so many environments that internal teams struggle to visualize areas of risk,” said Willem Hendrickx, SVP International, Vectra AI. “In 2022, organizations need to recognize that their change in circumstances demands a rethink of their attack posture. And so Vectra has released some key trends that we believe should focus the mindsets of the region’s security stakeholders.”
RansomOps will target more cloud customers
When Dr Mohamed al Kuwaiti, Head of Cybersecurity for the UAE government, reported a 250% increase in cyberattacks in the country in 2020, he cited ransomware as one of the most common attacks. Vectra believes ransomware, which is now increasingly thought of as RansomOps, will now pivot its attention to the exfiltration and encryption of cloud data.
“While past campaigns have concentrated on third-party storage and processing providers, 2022 RansomOps raids will lean towards direct targeting of the customer side of the shared-responsibility model,” said Willem.
Governments will target ransomware gangs
In a region where regulatory compliance has become a major concern among growing companies, public authorities such as Dubai Police’s eCrime division and Saudi Arabia’s Bureau of Investigation and Public Prosecution (BIPP) are going to start taking the fight to the threat actors.
Meanwhile government regulators, aware of the complexities introduced to technology stacks by mass cloud migration in 2020, will escalate their formal oversight over private and public sector organizations regarding information security in the wake of ransomware incidents and other attacks.
“As a result of these interventions, we expect to see a relative reduction in ransomware outcomes versus data loss and exfiltration outcomes, as human-operated ransomware is detected and stopped before encryption can begin,” continued Willem.
Demand for MDR services and automation will increase
Vectra foresees a rise in the demand for managed detection and response (MDR), and especially its capacity to automate key security tasks. The company attributes the upcoming surge to the continuing skills gaps in the regional cybersecurity field, coupled with the increase in complexity of technology environments.
The company’s predictions report states that “while managed security services will continue to grow in volume, a non-trivial subset of organizations will meet talent shortfalls with automation, orchestration, and analyst-augmenting AI”.
“Security outsourcing has proved problematic at the best of times, and we do not live in the best of times,” said Willem. “Regional organizations, bound by regulatory obligations from multiple sides — industry, local authorities, and foreign governments — are operating in multi-cloud environments that they are struggling to understand. A third party is ill-equipped to capture requirements comprehensively and SLAs can often fail to protect even the savviest of customers. It may therefore be more prudent to source the tools yourself and start automating to cover the talent gaps.”
Vectra believes 2022 will be filled with M&A activity in the security sector.
“The anticipation among industry players of massive opportunities comes from the observed uptick in security budgets following increased consumption of cloud services over the past 24 months,” Willem explained. “The more venerable players risk obscurity if they do not absorb at least some of the younger, more agile firms before they hit unicorn status. Meanwhile, industry newcomers who have managed to attain valuations above, say, US$10 billion may be doing some shopping of their own.”
Rise in use of MFA, but it still will not be enough
Multi-factor authentication (MFA) is fast becoming standard as credentials theft continues to proceed with ease, Vectra said. The company cited recent enforcement of MFA among industry heavyweights such as Microsoft and Google but warned that while MFA is best practice it has not yet proven itself as a guarantee against infiltration.
“If threat actors have proven anything over the years, it is that security engineers have yet to invent an egg that a motivated attacker cannot crack,” Willem noted. “They have even managed to employ bots in their campaigns against MFA.”
In a bid to stymie the attackers that overcome MFA, Vectra suggests that regional organizations will turn increasingly to AI-driven measures.
“If we want to keep one thought in our heads for 2022, it is that nothing — no consultant, no tool, no platform, no practice, no policy — is a catchall for cyberattacks,” Willem urged. “We need to adopt a broader approach and unify human, policy, and technology elements for a more holistic threat posture.”