With more people working remotely than ever before, cybersecurity has never been more important for both individuals and businesses. According to ESET Chief Cyber Threat Officer Tony Anscombe, there are several key threats to look out for in 2022.
One of the fastest growing types of cyber attacks continues to be ransomware — a type of malware that threatens to publish the victim's personal data or block access to it unless a ransom is paid. Research by PwC suggests that over 60% of technology executives expect the number of reportable ransomware incidents to increase in 2022. According to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), nearly $600 million was paid out by victims of ransomware in the first half of 2021 alone.
Anscombe described ransomware as a “business as a service” in the way hackers are able to make their money.
“So when one of these gangs say they made $2 to $500 million — and I think the number they put on it was around $500 million — that means the actual payments from corporations and organizations paying the ransom was probably nearer a billion dollars or even more, because you have a reseller channel and then the service provider. So this is a split revenue stream,” he explained.
One cybersecurity issue which recently made headlines for its potential to wreak havoc on the internet and tech industry was the Log4j vulnerability, a security flaw which impacts a piece of open-source logging software that allows developers to understand how their programs function.
The issue with Log4j, part of the software offered by the open source Apache Software Foundation, is that it can be exploited to allow attackers to take over the computers and networks of any organization running the program. What makes this flaw so dangerous is how widely used the software is and the level of control attackers can gain by exploiting this vulnerability.
“[Log4j is] freely usable and freely available code that other companies have used in their products or services,” Anscombe said. “So then you see this one small piece of code that has a vulnerability in it affecting thousands of products or services that other companies may use.”
According to Anscombe, there may be instances in which a company may not even realize that they are utilizing Log4j. In any case, the process to identify and eliminate the vulnerability within organizations can be timely and costly.
“So companies have had to scan all their services and their software to actually find out if this software is in use within their organization,” he added. “And it takes a long time then to go through each individual piece of software to mitigate the issue, i.e. patch it or turn it off or find other ways around securing it.”
‘Cybercriminals will adapt’
While not a cyber threat in and of itself, Anscombe believes the changing cybersecurity and regulatory landscapes may pave the way for new and unforeseen threats as cybercriminals adapt.
“[Cybercriminals] won't want to actually see their revenue stream disappear [as companies respond to threats], so they're going to adapt their attacks and go in other directions,” he said. “And actually, that causes businesses then to look at other places in their networks and their systems of how they need to protect them. And it's an unknown of where cybercriminals might go next.”
2021 saw legislation introduced such as the Ransom Disclosure Act which requires companies to disclose ransom payments to the Department of Homeland Security. The FDIC also approved a new rule that requires banks to report any “significant” cybersecurity incident within 36 hours of discovery.
And while these new pieces of legislation may be a step in the right direction, Anscombe said that these regulations are about disclosure after the fact rather than reporting during an ongoing incident. In his words, “the burglar has already left the house.”
“I suspect in 2022, you're going to see that move somehow that the regulation or the disclosure might have to be during the incident, so that, in effect, you're calling the police while the burglar is in the building, as opposed to once he's left the building,” Anscombe said. “And I suspect that will put a lot more emphasis on cybersecurity for a lot of companies because reputation damage of a cyber incident is incredibly hard to recover from.”
Thomas Hum is a writer at Yahoo Finance. Follow him on Twitter @thomashumTV