It’s the end of the year, and the internet is buzzing with 2021 summaries and 2022 forecasts. Don’t feel like reading? Then let me give you a quick summary:
- Cyberattacks will continue and even increase.
- They will become more sophisticated, more violent and more frequent.
- Specifically, Business Email Compromise (BEC) attacks will also become more precise and advanced, through social engineering that will help the malicious actors study the organization’s habits.
- The wind beneath the wings of cyberattacks will be AI, which makes the task of identifying the attacks and their origin even more complicated.
- We’ll see many more combined ransomware attacks.
- We’ll also see attacks whose first step is data theft, in order to profit from selling.
- The abovementioned attacks will be affected by threats directed at the company’s executives, about disclosure of personal and professional information.
- We’ll see many more shutdowns of systems and system backups, caused by Distributed Denial-of-Service (DDoS) attacks.
- As far as ransom attacks are concerned, the most dramatic element is the supply chain. The complex process which involves many different interfaces might just be the window through which threat actors attempt an attack.
- Cryptojacking will exploit vulnerabilities which have not yet been patched or updated.
But these are all easy predictions. We can see them materialize every day. The real challenge is to be aware of some dramatic changes already taking place, and fast.
The end of tolerance
Previously, companies that have been attacked asked us, their clients and investors, to be forgiving, to show patience and empathy as they navigate the damages caused by the cyberattack. In 2022, empathy can no longer be asked for. Cyberattacks are no surprise, and stakeholders rightfully expect companies and organizations to be prepared.
Companies that will lose precious time trying to figure out what happened and why, instead of simply activating an action plan that will enable immediate response with minimal damage, will have to face not only the attack’s consequences, but also many more lawsuits, and substantial ones.
Despite their complexity, ransomware attacks will be handled with an iron fist. After more than two years during which billions of dollars were paid in ransom worldwide, the economic sphere has had enough. And this change had already begun with the US government’s reaction following the Colonial Pipeline attack.
In October 2020, the US Department of the Treasury still said it intends to review ramifications of ransom payment and might possibly sanction companies and executives that permit it. But by the second half of 2021 we have seen operations, backed by clear policy, in which international law enforcement organizations joined forces to make arrests and seize large sums of money as well as equipment.
And it won’t just be the law enforcement bodies. Tax authorities and other entities tackling fraud and money laundering are also already communicating with board members and executives, regarding their personal blame for not doing enough to prevent the cyber risk’s materialization.
Insurance companies are rethinking their strategies
Insurance companies are also losing their patience and tolerance towards ransomware attacks.
But after enormous sums were paid, Lloyd’s of London recently announced that it will no longer cover ransom attacks, unless it can be proven that they are not attributable to nation states, something which is incredibly complicated to prove, or disprove.
While Llyod’s change of policy does not mark the end of the attackers’ financial motivation, it will surely lead a change in the insurance market in the next few months.
From insurance to resilience
The insurance policies are expected to provide additional drama in 20222. Whereas previously cyber insurance policies were sold like hot cakes – the massive 6-7 figure digit costs required to properly manage an average attack have led insurers to demand higher security standards from their clients.
Now, as insurance costs are skyrocketing, require high deductible and no longer commit to full coverage, managers are starting to understand the power of being prepared in advance, in order to mitigate exposure to risk.
A cyber resilience program is now becoming a must, no less important than an organization’s legal advisor or accountant.
The concept of cyber resilience allows an organization to pre-define an emergency action plan that will include all immediate tasks, define a response team and lay out response guidelines, based on decisions already made. Cyber resilience also caters to another market demand – knowing how organizations protect themselves and their clients.
Written by Einat Meyron. The author is a cyber resilience expert, who accompanies organizations through the process of preparing and handling cyber risks in the business sphere.
Translated from Hebrew by Mandi Kogosowski.