A year has come and gone, and it is time for cybersecurity professionals to cast their runes and make predictions about what will happen to consumers and practitioners in the new year.
According to the Identity Theft Resource Center in San Diego, cybercriminals will transition from identity theft to identity fraud shortly.
However, although bad actors continue to gather personally identifiable information, they do not utilize it to target consumers in the same way they used to. As revealed by the nonprofit group dedicated to lowering risk and lessening the consequences of identity breach and crime, they use it instead in credential assaults against enterprises.
Another change projected by the ITRC for 2022 is that customers would discontinue participation in some types of online activity due to the rise in fraud.
It was highlighted in a press release by the ITRC that “the ongoing development in the simplicity and quality of phishing assaults would push some customers to reconsider online purchases and adjust communication patterns for fear of falling victim to precisely faked emails, websites, or text messages.”
“Some individuals are likely to discontinue all email communication because they think the danger is too large,” the report said. “This might result in a resurgence of ‘old school’ modes of communication such as telephone calls and postal letters.”
Malware in Decline
The center also anticipated that malware would reach a plateau as a root cause of data breaches in the next year and that the incidence of re-victimization would increase.
According to the report, ransomware may overtake or even exceed phishing-related breaches as the most prevalent root cause of data breaches. In contrast, supply chain assaults will overtake malware as the third most common root cause of data breaches, according to the report.
According to the ITRC, the number of consumers who have been defrauded by online fraudsters several times has continued to rise in 2021 and is expected to continue in 2022.
As projected by the center, “single attacks that target numerous persons or organizations would have a bigger effect on a wider number of victims across communities and geographical regions.”
“In particular, social media account takeover will utilize the following and individual networks to establish new chains of victims,” the report said.
Cryptocurrency frauds will be another lucrative sector for digital bandits in the future year, according to Lookout, a San Francisco-based developer of mobile phishing solutions, which has predicted this.
Consumers reported losing US$80 million in bitcoin investment scams between October 2020 and May 2021, with a median loss of $1,900, according to data from the Federal Trade Commission, which was referenced in the article. According to a corporate blog, this is a 12x increase over the previous year’s total number of reports.
In addition, the report said that cryptocurrency accounts are not guaranteed by the government, unlike bank accounts, and cryptocurrency payments cannot be reversed, making the danger to customers extremely significant.
“As individuals embrace cryptocurrency at a rapid pace, scams will continue to evolve in complexity, ubiquity, and monetary value as bad actors attempt to defraud people into handing over their money,” the report said.
Home Networks Targeted
Another change in 2022, according to Ilia Sotnikov, vice president for user experience and security strategist at Netwrix, a visibility and governance platform provider for cloud environments in Irvine, California, will be a more extensive usage of home networks as infrastructure for hackers.
“It is considerably simpler to infect a home network with malicious malware than it is to penetrate a properly guarded business IT system,” he said to TechNewsWorld.
“As processing power and broadband connection in households increase, home networks will become more appealing to malicious actors,” he said. “Home networks will become more attractive to malicious actors.”
By infecting several devices, he went on to explain, “they would be able to alter IP addresses or even domain names dynamically throughout malware campaigns, evading standard protections like IP blocking and DNS filtering.”
Sotnikov also projected that further assaults against Managed Service Providers would occur in the future. As he noted, “Attackers have discovered a highly successful approach for gaining access to major enterprises — using the considerably weaker IT infrastructures of small and medium-sized businesses (SMBs) that supply them with services.”
Since many small and medium-sized businesses (SMBs) depend on managed service providers for security, “managed service providers will need to strengthen both the breadth and depth of their security procedures,” he said.
Growth of Zero Trust
According to Nicholas Brown, CEO of Hitachi ID Systems, a Calgary, Alberta, Canada-based access governance and identity management firm, protecting hybrid clouds will become a C-suite necessity by 2022.
His predictions also include the saturation of hybrid cloud security infrastructures by Zero Trust networks — which demand constant authentication and surveillance of network activity — shortly.
In his words to TechNewsWorld, “Traditional VPNs and perimeter-based security are on their way out, providing a case for Zero Trust networking to continue increasing and dominating hybrid cloud security debates.”
In addition, “with the rising use of SaaS, the composition of businesses’ networks becomes more susceptible to attack, emphasizing the necessity for parameterless security such as a Zero Trust architecture,” he said.
Michael Bunyard, director of Identity Access Management marketing at WSO2, an open-source integration company based in Santa Clara, Calif., predicted that as Zero Trust grows in the next year, the usage of Identity Access Management solutions would increase.
In an interview with TechNewsWorld, Bunyard said that “CISOs would include identity and access management as a cornerstone of their zero-trust security efforts, especially for cloud-native enterprises.”
As he put it, “While there is no one solution that can bring Zero Trust to fruition, Identity and Access Management (IAM) is the necessary first step in establishing basic cybersecurity hygiene when designing apps, managing remote employees, and monitoring IoT installations.”
Democratization of Security
Another trend in 2022, according to Jennifer Fernick, global head of research at the NCC Group, a cybersecurity consulting organization based in Manchester, UK, would be the rising relevance of security at the periphery of the enterprise.
“As the number of Internet of Things devices grows, it’s critical to include security into the design of new connected devices themselves, as well as the AI and machine learning algorithms that operate on them,” she told TechNewsWorld.
As some organizations begin to use 5G bandwidth, “a cyber-aware approach will become increasingly important as the number of Internet of Things devices in the world grows, as will the attack surface sizes for IoT device users and producers, as well the myriad networks to which they connect and supply chains through which they move,” she explained.
Another major trend in the company area that will occur in the next year is the increased democratization of security.
It has been noticed that “the tradition of having a single identity or security administrator is gradually fading,” according to Bunyard.
According to him, “democratization of security” will occur, ensuring that everyone inside an organization is aware of security best practices and capable of doing their bit to help avoid a security breach.
The president says the phrase “security is not my duty” will no longer be tolerated. According to him, the developer, in particular, will have to wear several hats as the IT skills crisis worsens.
According to him, “this also implies that cybersecurity will need to find its way into the coding curriculum to provide new software engineering graduates with stronger security capabilities.”