As 2021 draws to a close, it’s time for cybersecurity experts to roll out their runes and forecast what’s available to consumers and practitioners over the next year.
Cybercriminals will move from identity theft to identity fraud, the Center for Identity Theft Resources in San Diego predicts.
The bad guys are accumulating personally identifiable information, but they’re not using it to target consumers as much as they used to. Instead, they are using it in attacks on credentials on businesses, the nonprofit explains in order to minimize risks and minimize the impact of crime and identity infringement.
The increase in fraud will lead to another development in 2022: consumers withdrawing from some types of online activity, the ITRC predicts.
“Continuing to improve the ease and quality of phishing attacks will force some consumers to rethink online purchases and change communication habits for fear of falling prey to the perfect fake emails, websites, or text messages,” he said. The ITRC explained in a news release.
“Some people have the ability to completely remove emails because they believe the risk is too great,” it added. “That could lead to the return of old-school “old-school”-style modes of communication such as telephones and post offices.
The malware is refusing.
The center also predicts that malware will stagnate as a root cause of data breaches in the coming year and that the rate of revisions will increase.
Ransomware can catch up with or overcome phishing-related breaches as the number one cause of data breaches, it noted, while supply chain attacks will overtake malware as the third most common root cause of data breaches.
As observed by the ITRC, consumers falling victim to online scammers continues to increase in 2021, and that trend will continue into 2022.
“Single incidents targeting multiple individuals or organizations will affect a greater number of victims across communities and geographic regions,” the center predicts.
“In particular, taking over the social media account will leverage followers and personal networks to create a new victim chain,” it added.
According to Lookout, a San Francisco-based provider of mobile phishing solutions, another attractive area for digital robbers next year will be cryptocurrency scams.
It cited Federal Trade Commission figures showing that between October 2020 and May 2021, consumers reported losing $80 million in cryptocurrency investment scams, with an average loss of $1,900. That’s 12 times the number of reports the previous year, Lookout noted in a company blog.
It explains: “Since cryptocurrency accounts are not covered by the government like the U.S. dollar and cryptocurrency payments are irreversible, the risk to consumers is particularly high,” it explains.
It added: “With people adopting cryptocurrencies at a rapid pace, scams will continue to grow in terms of sophistication, popularity and value as bad guys work to trick people into handing over their money,” it added.
Targeted home network
Ilia Sotnikov, vice president of user experience and security strategist at Netwrix, a manufacturer of governance and visibility platforms for the cloud environment in Irvine, Calif., predicts in 2022.
He told TechNewsWorld: “A home network is much more susceptible to malware than a professionally secured enterprise IT environment.
“With processing power and the ability to connect to bandwidth in residential areas increasing, home networks will become more attractive to bad actors,” he said.
“For example,” he continued, “by infecting multiple devices, they will be able to change IP addresses or even dynamic domains in malware campaigns, hindering common defenses such as IP blocking and DNS filtering.”
Sotnikov also predicted that there would be more attacks on managed Service Providers. He explains: “Attackers have captured a very effective strategy for accessing large organisations – through the relatively weaker IT infrastructure of the SMBs that provide services to them.
“Accordingly, managed service providers will need to enhance both the breadth and depth of security measures, as many SMBs rely on them to ensure their security,” he said.
The development of zero trust
Nicholas Brown, CEO of Hitachi ID Systems, an identity management and access management company in Calgary, Alberta, Canada, at the enterprise level in 2022.
He also predicted that Zero Trust networks – which require ongoing authentication and monitoring of network behavior – would saturate hybrid cloud security infrastructures.
He told izokr.com: “Traditional VPNs and perimeter-based security are on the rise, enabling the Zero Trust network to continue to expand and dominate conversations about hybrid cloud security.”
“While there is no single solution that can make Zero Trust a perfect reality, IAM is the necessary first step to kickstart the proper cybersecurity hygiene process when developing applications, managing employees remotely, and controlling IoT deployments.”
Democratization of security
Jennifer Fernick, head of global research at NCC Group, a cybersecurity consultancy in Manchester, UK, predicts that another development by 2022 will be the increased importance of security on the edge of the business.
She told izokr.com: “As IoT devices grow, it’s important to build security in the design of new connected devices, as well as the AI and ML that run on them.”
“Taking a cognitive approach across the network will also be critical as some organizations start using 5G bandwidth, which will drive both the number of IoT devices in the world and the size of the attack surface for IoT device users and manufacturers, as well as the countless networks that they connect to and the supply chain they move through,” she said.
An overarching development in the corporate sector in the coming year will be further democratization of security.
Bunyard commented: “The tradition of having a single identity or security administrator is declining rapidly.
“Democratization of security will take place, ensuring that everyone in the organization is familiar with the best security methods and can do their part on their own to prevent security breaches,” he continued.
He said: “There will be no one more who can say ‘security is not my job’. In particular, developers will have to bow their hats as the lack of technological skills increases.”
He added: “It also means that cybersecurity will need to be included in the coding curriculum to give new software engineering practitioners more security skills.