This year Cybersecurity: More Fraud and More Fakes
17.05.2022
Cybersecurity experts need to look back at 2021 and predict what the future holds for practitioners and consumers. According to the Identity Theft Resource Center, San Diego, cybercriminals will shift from identity theft and identity fraud.
Bad actors may be accumulating personal identifying data, but they aren’t using it as often to target consumers. They’re instead using it to attack businesses with credential attacks, according to the non-profit organization dedicated towards minimizing crime and minimizing the risk of identity compromise.
According to the ITRC, fraud is expected to increase and lead consumers to withdraw from certain types of online activities in 2022.
The ITRC stated in a press release that “the continued improvement in ease-quality phishing attacks will force some customers to rethink their online purchases and to change communication habits in fear of falling prey of perfectly spoofed email, websites, or text messages.”
It stated that some people may decide to stop using email because the risk is too high. This could result in a return to “old-school” communications such as telephone and postal mail.
Malware in Decline
The center predicted that malware would cease to be a major cause of data breaches over the next year, and that revictimization rates would rise.
Ransomware could surpass phishing-related data breaches as the most serious cause of data breaches. Supply chain attacks, however, will be the third most frequent root cause of data breaches.
The number of victims of online fraudsters continued to rise in 2021, and that trend will continue into 2022, according to the ITRC.
The center predicts that single incidents targeting multiple people or organizations will have a greater impact on victims in different areas and communities. It added that “Social media account takingover” will be a great way to leverage followers and individual networks to create new victims.
According to Lookout, a San Francisco-based provider mobile phishing solutions, cryptocurrency scams will be another attractive area for digital criminals in the next year. According to the Federal Trade Commission, between October 2020 and May 2021, consumers lost US$80 millions in cryptocurrency investment scams. The median loss was $1,900. Lookout stated in a blog that this is 12 times more than the number of reports for the previous year.
It explained that cryptocurrency accounts aren’t government-insured as U.S. dollars and that cryptocurrency payments can’t be reversed, so the risk to consumers is especially high.
It said that crypto adoption is increasing rapidly and scams will continue growing in sophistication, prevalence, and value as bad actors try to trick people into giving their currency away.
Home Networks Targeted
Ilia Sotnikov (Vice President for User Experience at Netwrix), which makes a visibility platform and governance platform for cloud environments, predicts that there will be another development in 2022.
It was told that it is easier to infect a home network with malicious software than an IT environment professionally secured. Home networks will be more appealing to criminal actors as they have increased processing power and bandwidth connectivity.
He said, “For instance, by infecting multiple devices, they will have the ability to change IP addresses and even domain names dynamically during malware campaign, thwarting common defenses such as DNS filtering or IP blocking.”
Sotnikov also predicted more attacks on Managed Service Providers. He explained that attackers have found a very effective way to gain access to large organizations through the IT infrastructures of small businesses that provide services.
He stated that managed service providers would need to improve both the depth and breadth of their security measures as many SMBs depend on them for their security.
Growth of zero trust
Nicholas Brown, CEO Hitachi ID Systems in Calgary, Alberta Canada, stated that hybrid cloud security will be a top priority at the enterprise level by 2022.
He also predicted that Zero Trust Networks, which require continuous authentication and monitoring network behavior, will be the norm in hybrid cloud security infrastructures. He said that traditional VPNs and perimeter-based security were on the horizon. This makes Zero Trust networking a strong candidate to lead hybrid cloud security conversations.
He said that SaaS has made organizations’ networks more susceptible to attacks, which makes it even more important to have a zero trust architecture.
Zero Trust will expand in the next year, as will the use of Identity Access Management Systems, according to Michael Bunyard, head IAM marketing at WSO2, Santa Clara’s open-source integration vendor.
Bunyard stated that CISOs will make IAM a keystone of zero-trust security initiatives, especially for cloud-native organisations. He said that while there is no one solution to Zero Trust, IAM is a good start in establishing proper cybersecurity hygiene for developing applications, remote workers, and controlling IoT deployments.
Security Democracy
A further development for 2022 will be security at the edge of enterprises, according to Jennifer Fernick (global head of research, NCC Group), a cybersecurity consulting company based in Manchester, UK.
Sheryl said that IoT devices are increasing in number, so it is crucial to incorporate security into the design of connected devices as well as the AI/ML running on them. She said that cyber-awareness is also crucial when some organizations start using 5G bandwidth. This will drive up the number of IoT gadgets in the world as well as attack surface sizes for IoT device producers and users, as well the myriad networks to and from which they connect, and the supply chains through which their movements are made.
The further dedemocratization of security will be a major development in the enterprise sector next year.
Bunyard noted that “the tradition of having one identity or one security administrator is rapidly decreasing.” He said, “Democratization will occur in security. This will ensure that everyone within an organization knows security best practices and can do their part to prevent security breaches.”
He stated that “No one will be able anymore to say security ‘isn’t my job’.” He also said that cybersecurity would also need to be incorporated into the coding curriculum in order to provide new software engineers with more security skills.
