Vectra AI revealed its 2022 industry forecasts, stressing the evolving techniques of ransomware gangs and the fact that multifactor authentication is no longer sufficient to deter threat actors.
“We have entered an era in which our IT stacks are split across so many environments that internal teams struggle to visualize areas of risk,” said Willem Hendrickx, SVP International, Vectra AI.
He added, “In 2022, organizations need to recognize that their change in circumstances demands a rethink of their attack posture. And so Vectra has released some key trends that we believe should focus the mindsets of the region’s security stakeholders.”
Dr. Mohamed al Kuwaiti, the UAE government’s Head of Cybersecurity, estimated a 250 percent increase in cyberattacks in 2020, citing ransomware as one of the most popular attacks. According to Vectra, ransomware, which is increasingly being referred to as RansomOps, will now focus on the exfiltration and encryption of cloud data.
“While past campaigns have concentrated on third-party storage and processing providers, 2022 RansomOps raids will lean towards direct targeting of the customer side of the shared-responsibility model,” said Willem.
Public agencies such as Dubai Police’s eCrime division and Saudi Arabia’s Bureau of Investigation and Public Prosecution (BIPP) will begin fighting threat actors in a region where regulatory compliance has been a major concern among developing businesses.
Meanwhile, in the wake of ransomware episodes and other attacks, government authorities, mindful of the complexities introduced to technology stacks by mass cloud migration in 2020, will increase their official oversight of private and public sector enterprises over information security.
“As a result of these interventions, we expect to see a relative reduction in ransomware outcomes versus data loss and exfiltration outcomes, as human-operated ransomware is detected and stopped before encryption can begin,” continued Willem.
The demand for managed detection and response (MDR), particularly its ability to automate important security operations, is expected to grow, according to Vectra. The company blames the expected uptick to the regional cybersecurity field’s ongoing skills deficits, as well as the increasing complexity of technology settings.
The company’s predictions report states that “while managed security services will continue to grow in volume, a non-trivial subset of organizations will meet talent shortfalls with automation, orchestration, and analyst-augmenting AI”.
“Security outsourcing has proved problematic at the best of times, and we do not live in the best of times,” said Willem.
He added, “Regional organizations, bound by regulatory obligations from multiple sides — industry, local authorities, and foreign governments — are operating in multi-cloud environments that they are struggling to understand. A third party is ill-equipped to capture requirements comprehensively and SLAs can often fail to protect even the savviest of customers. It may therefore be more prudent to source the tools yourself and start automating to cover the talent gaps.”
Vectra believes 2022 will be filled with M&A activity in the security sector.
“The anticipation among industry players of massive opportunities comes from the observed uptick in security budgets following increased consumption of cloud services over the past 24 months,” Willem explained. “The more venerable players risk obscurity if they do not absorb at least some of the younger, more agile firms before they hit unicorn status. Meanwhile, industry newcomers who have managed to attain valuations above, say, US$10 billion may be doing some shopping of their own.”
According to Vectra, multi-factor authentication (MFA) is quickly becoming the industry norm as credential theft becomes more common. MFA has recently been enforced by industry heavyweights such as Microsoft and Google, but the business cautioned that while it is recommended practise, it has not yet shown to be a guarantee against intrusion.
“If threat actors have proven anything over the years, it is that security engineers have yet to invent an egg that a motivated attacker cannot crack,” Willem noted. “They have even managed to employ bots in their campaigns against MFA.”
In a bid to stymie the attackers that overcome MFA, Vectra suggests that regional organizations will turn increasingly to AI-driven measures.
“If we want to keep one thought in our heads for 2022, it is that nothing — no consultant, no tool, no platform, no practice, no policy — is a catchall for cyberattacks,” Willem urged. “We need to adopt a broader approach and unify human, policy, and technology elements for a more holistic threat posture.”