The last 12 months has seen organisations around the world working hard to proactively address a wide range of cybersecurity challenges and opportunities. While we continue to see some worrying trends and headlines, there are also many networks that have remained safe from attack.
But, looking ahead to 2022, it’s certain that the issues facing security change will evolve. To find out how, we asked members of the senior Glasswall team to offer their predictions on what the next 12 months might bring across the cybersecurity ecosystem.
First, we talked to Glasswall CPO, Paul Farrington, about how we can expect the challenges associated with ransomware to develop:
“We’re constantly seeing cybercriminals changing their methods, and this will continue in 2022. Not only do we anticipate the use of automation to create scale – for example in DDoS attacks and the communication of malware – but we’re seeing machine learning (ML) being used to make attacks more effective. It’s one thing for a human attacker to analyse email characteristics to work out what entices a reader to click on a malicious link – applying ML to this adds a completely new dimension. In doing so, attackers have an almost infinite ability to tweak variables and ultimately secure a better payoff for their efforts.”
“This kind of analysis – where ML is used to make small changes to malware properties, for example in a PDF or a Word document – needs to be stopped in its tracks. Organisations need to seriously consider whether this type of malware will evade detection from their anti-virus tools. If the answer’s yes, the problem needs to be looked at in a new way.”
“Polymorphic malware has been around for a decade – metamorphic malware, on the other hand, is a more recent phenomenon. It’s taking time for organisations to build up strategies to combat it. I predict that this form of malware will take off over the next few years, as cybercriminals increasingly leverage ML to make malware more personalised, and thereby easier to evade detection.”
“At the extreme end, this will see every piece of malware become novel or unique. This makes it far more likely it will be able to slip through an unknown gap in the defences. Delivered at scale, this has the potential to become a significant problem for organisations that are not taking a proactive approach to file sanitisation.”
Next time, we’ll examine the issue of nation-state actors.