TechHR
ex
L&D
UNPLUGGED
Sphere
About Us • Contact Us
People Matters ANZ
People Matters Logo
Login / Signup
People Matters Logo
Login / Signup
  • Current
  • Top Stories
  • News
  • Magazine
  • Research
  • Events
  • Videos
  • Webinars
  • Podcast

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

 

 

  • HotTopic
    HR Folk Talk FutureProofHR
  • Strategy
    Leadership Csuite StrategicHR EmployeeRelations BigInterview
  • Recruitment
    Employer Branding Appointments Permanent Hiring Recruitment
  • Performance
    Skilling PerformanceMgmt Compensation Benefits L&D Employee Engagement
  • Culture
    Culture Life@Work Diversity Watercooler SheMatters
  • Tech
    Technology HR Technology Funding & Investment Startups Metaverse
  • About Us
  • Advertise with us
  • Become a sponsor
  • Contact Us
  • Feedback
  • Write For Us

Follow us:

Privacy Policy • Terms of Use

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

People Matters Logo
  • Current
  • Top Stories
  • News
  • Magazine
  • Research
  • Events
  • Videos
  • Webinars
  • Podcast
Login / Signup

Categories:

  • HotTopic
    HR Folk Talk FutureProofHR
  • Strategy
    Leadership Csuite StrategicHR EmployeeRelations BigInterview
  • Recruitment
    Employer Branding Appointments Permanent Hiring Recruitment
  • Performance
    Skilling PerformanceMgmt Compensation Benefits L&D Employee Engagement
  • Culture
    Culture Life@Work Diversity Watercooler SheMatters
  • Tech
    Technology HR Technology Funding & Investment Startups Metaverse
How to dodge – and neutralise – cyber attacks in 2022

Story • 21st Feb 2022 • 6 Min Read

How to dodge – and neutralise – cyber attacks in 2022

Technology#Cybersecurity

Author: Mamta Sharma Mamta Sharma
7.5K Reads
The cyber threat landscape continues to expand, with cyber attacks getting more sophisticated and complex. Industry experts say organisations require efficient solutions that integrate cybersecurity with data protection, management and monitoring of endpoints to effectively protect their entire workloads across the complex ecosystem of cloud, office, and home office.

The year 2021 has been one of transition for global businesses. After the second wave, companies focused on revamping workplace security to factor in the changes that the work-from-home model had necessitated.

Considering the lingering concerns of future waves, businesses are now more intent on keeping flexibility intact and being prepared to switch between office and home working. Thus, there is a greater need for hybrid office infrastructure and mobility that allows any device, any location working.

With such objectives, frameworks like Zero Trust and Secure by Design have made the biggest impact in 2021.

Another major trend of 2021 was the focus on cloud challenges and cloud security. Multi-cloud deployment has made operations simpler and security setups more challenging.

The threat landscape, hence, continues to expand, with cyber attacks becoming more sophisticated and complex.  No wonder that the year 2021 saw a staggering increase in cybercrimes.

An intelligence report by global cybersecurity leader CrowdStrike reveals an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.

People Matters gathers insights from industry experts on cybersecurity threats that will likely give leaders and cybersecurity teams nightmares in 2022, and what companies can do to respond effectively. 

Ransomware will continue to rise

Over the years, the threat actors have continued to change their tactics, techniques, and procedures (TTPs).  

In 2022, it is expected that Ransomware-as-a-service (Raas) will evolve more.

“Threat actors will continue to use ransomware to extort money and target the healthcare, and Industrial Control Systems (ICS) or, in other words, organizations present in operational technology (OT) space, as the probability of successful extortion of money, is higher as it directly threatens human life,” says Anshuman Sharma, Senior Manager and Head of Investigative Response, APJ, Verizon, a technology solutions company helping empower enterprise and medium-sized businesses to drive scale and growth.

As per Cyberthreats Report 2022 by cyber protection company Acronis, ransomware is one of the most profitable cyberattacks at the moment and continues to grow and evolve despite US and Interpol/Europol efforts.  

“Ransomware will expand further to macOS and Linux, as well as to new environments such as virtual systems, cloud, and OT/IoT. Anything that is connected to a reachable network is a potential target. This will increasingly lead to consequences and impacts in the real world, and thus also to more demand for official regulations and sanctions. Stealing data for double extortion as well as disabling security tools will be the norm; but it will also become more personal with insider threats and personal data,” says the report.

Cryptocurrency to be attackers’ favorite

With the price of Bitcoin at an all-time high, attacks are increasing with threat actors following profits.

End users have struggled with phishing attacks, infostealers and malware that swap wallet addresses in memory for quite some time.  “We expect to see more of these attacks waged directly against smart contracts —attacking the programs at the heart of cryptocurrencies. We also expect attacks against Web 3.0 apps to occur more frequently in 2022. These new markets open new opportunities for sophisticated attacks (e.g., flash loan attack), which may allow attackers to drain millions of dollars from cryptocurrency liquidity pools,” says the Acronis Report.

Phishing for Business Email Compromise (BEC) 

In 2021, phishing remained one of the top action varieties in breaches and had done so for the past two years.

Vishak Raman, Director, Security Business, Cisco India & SAARC, says phishing emails and scams may continue to target individuals and corporate offices this year. “The accelerated roll-out of 5G and IoT services will also give rise to cyberattacks on digital networks and services,” he adds.

“This increase can be attributed to work-from-home arrangements for most of the workforce worldwide as stay-at-home orders went into effect. When examining breaches (Verizon DBIR 2021) that included a reported loss, 95% of BECs fell between $250 and $985,000, with $30,000 being the median,” says Sharma of Verizon.

The Acronis report adds that phishing will continue to be the main infection vector.

Malicious emails and phishing in all variations are still at an all-time high. Despite constant awareness campaigns, users still fall for them and enable the attacker to compromise their organization.

“We don’t expect AI to fully take over phishing emails in 2022, but instead expect increased automation and personalized information with these various data breaches, making them more effective. New tricks against OAuth and multi-factor authentication (MFA) will continue to generate profit for attackers, allowing them to take over accounts, despite plans from companies such as Google to auto-enroll 150 million users to 2FA. In order to bypass common anti-phishing tools, attacks such as BEC will make use of alternative messaging services, such as text messages, Slack, or Teams chat. This goes hand-in-hand with the hijacking of legitimate email distribution services, as for example in November, when the FBI’s own email service was compromised and started sending spam emails,” says the report.

Cloud Infrastructure to be targeted more  

Cloud Infrastructure will be targeted more as many organizations continue their journey towards cloud migration as part of the digital transformation journey, cloud assets will be more common than on-premises ones, says Sharma.

“API attacks Cloud services are booming and so are serverless computing, edge computing, and API services. In combination with container orchestrations like Kubernetes, processes can be efficiently automated and dynamically adapted to various circumstances. Attackers are trying to disrupt this hyper-automation by going after such APIs, which can seriously impact the business processes of a company,” adds the Acronis Report.

Supply chain attacks will be lucrative to cybercriminals

Due to the scaling prospects, supply chain attacks will be lucrative to cybercriminals. Sharma says Kaseya supply chain attack leveraged REvil ransomware group to compromise thousands of organizations. Due to the shear impact and quantity that can be impacted, it is expected that the supply chain attacks will continue to increase in 2022.

Data breaches for everyone

Despite the increase in data privacy regulations, the number of reported data breaches will also continue to increase.

As per the Acronis Report, this is not just because they have to be reported, but because of the complex interactions and IT systems.  “Many companies have lost the overview of where all their data is and how it can be accessed. And automated data exchange from IoT devices and M2M communications increases the spread of data further. Unfortunately, we expect to see many large-scale data breaches in 2022. These data leaks will enable attackers to enrich their target profiles easily,” it adds.

Adversarial attacks in AI

As Artificial intelligence (AI) is more frequently used to detect anomalies in IT systems and automatically configure and protect any valuable assets in them, attackers increasingly will try to attack the logic within the AI model.

“Being successful at reversing the decisions inside the AI model can allow an attacker to remain undetected or generate a denial-of-service attack with an undesired state. It may also allow them to identify timing issues, whereas slow changes are not seen as anomalies and thus are not blocked,” the Acronis Report adds.

Staying safe in 2022

To effectively protect their entire workloads across the complex ecosystem of cloud, office, and home office, organisations require efficient solutions that integrate cybersecurity with data protection, as well as management and monitoring of endpoints.

Murtaza Bhatia, Sales Director, Cybersecurity, global technology and services provider NTT in India, says as we move into 2022, some trends will dominate the landscape.

  • Greater usage of automation, AI and ML based tools and technologies to fight the increasing sophistication of ransomware threat.
  • Businesses will find multi-cloud posture management a lot more challenging especially in the area of uniform security policy enforcement across on-premises and cloud environments.
  • The advanced nature of threats and vulnerabilities will make observing and managing challenges more daunting. Outsourcing to expert Security as a Service providers will gain momentum.
  • There will be greater discussions on the switch from a proactive to predictive approach for security review, tech and operations. We will also see the rise of AI and ML automation with SecOps adoption across the board.

According to a Cisco study, over one-third of cybersecurity technologies used by Indian companies are outdated.  “Implementing practices such as Passwordless Authentication and multi-factor authentication, built on the foundation of a comprehensive Zero Trust strategy will help build a strong security posture for companies in the modern cloud-first and application-centric world,” says Raman of Cisco India.

Sharma of Verizon says organizations should implement policies and technical controls. Some of the recommended technical controls include patching third-party applications as soon as possible, testing and validating data backup processes, deploying File Integrity Monitoring (FIM) solution and Deploying Group Policy Objects (GPOs) to block executable files and disable macros.

“Organization should define and develop risk management strategies for the suppliers. Additionally, the organization should strengthen threat intelligence and leverage it to conduct threat hunting. Implement Endpoint Detection & Response (EDR), Network Detection and Response, deception solutions, and focus on the vulnerability management program,”he adds.

To be better prepared for the threats, businesses must favor security vendors who provide wider security coverage under one product or umbrella of products. “This helps to minimize supply-chain attacks, and allows faster reaction and recovery, which are crucial for keeping businesses up and running. Cybercriminals are profit-driven and will try to maximize their gains by automating their business and attacking companies where they are most exposed. They aggressively pursue each opportunity that they can find, and so it is therefore key to have strong authentication with MFA, timely patching of vulnerabilities, and visibility in place across the whole infrastructure,” says the Acronis Report.

Read More

Did you find this article helpful?


You Might Also Like

ChatGPT Walks It Back — AI Giants Race Ahead

STORY • 7th May 2025 • 4 Min Read

ChatGPT Walks It Back — AI Giants Race Ahead

Technology#Artificial Intelligence
Did Microsoft's leadership let Skype crumble?

STORY • 6th May 2025 • 3 Min Read

Did Microsoft's leadership let Skype crumble?

LeadershipTechnologyBusiness#HRTech#HRCommunity
Mastering generative AI in the modern workplace

STORY • 6th May 2025 • 4 Min Read

Mastering generative AI in the modern workplace

Technology#Artificial Intelligence
NEXT STORY: What does it mean to ‘become the answer’?

Trending Stories

  • design-thinking-hr

    Skype is dead: Did Microsoft's leadership let a billion-doll...

  • design-thinking-hr

    Keeping the C-suite in the C-suite - how do we reduce execut...

  • design-thinking-hr

    Return to office: the legalities

  • design-thinking-hr

    The trust factor: Why modern leaders can’t afford to overl...

People Matters Logo

Follow us:

Join our mailing list:

By clicking “Subscribe” button above, you are accepting our Terms & Conditions and Privacy Policy.

Company:

  • About Us
  • Advertise with us
  • Become a sponsor
  • Privacy Policy
  • Terms of Use

Contact:

  • Contact Us
  • Feedback
  • Write For Us

© Copyright People Matters Media Pte. Ltd. All Rights Reserved.

Get the latest Articles, Insight, News & Trends from the world of Talent & Work. Subscribe now!
People Matters Logo

Welcome Back!

or

Enter your registered email address to login

Not a user yet? Lets get you signed up!

A 5 digit OTP has been sent to your email address.

This is so we know it's you. Haven't received it yet? Resend the email or then change your email ID.

People Matters Logo

Welcome! Let's get you signed up...

Starting with the absolulte basics.

Already a user? Go ahead and login!

A 5 digit OTP has been sent to your email address.

This is so we know it's you. Haven't received it yet? Resend the email or then change your email ID.

Let's get to know you better

We'll never share your details with anyone, pinky swear.

And lastly...

Your official designation and company name.