The pandemic has just received a shot in the arm with its Omicron strain, so cybercriminals will be plenty busy soon…
As we move into the final stretch of 2021, cybersecurity professionals will be taking stock of the year’s incidents and experiences to forecast what to brace for next year.
One team that has done their due diligence has shared with CybersecAsia.net their views of what IT teams in the Asia Pacific region can expect in 2022.
According to DigiCert’s Senior Vice President (APAC), Ray Garnie: “The cybersecurity challenges that accompanied the pandemic have persisted as hybrid remote workspaces have become a way of life in APAC and across the world. Through it all, the threat landscape continues to evolve, as innovations in cloud computing and other areas open up new threats—some in unexpected areas.”
Here are the seven key predictions from DigiCert:
- Supply chain, ransomware and cyberterrorism attacks will continue to escalate
The fallout from audacious attacks like the SolarWinds and Colonial Pipeline critical infrastructure threats have shone a spotlight on the following critical areas next year:
- Supply chain complexity and vulnerabilities
Securing software is not easy in fast-paced DevOps-driven organizations where most workflows are about pushing deliverables out fast, rather than via security-by-design. As development processes and supply chains for devices become more complex, the attack surface will only grow.
- Security by design
Best practices like code signing will become more useful as companies strive to bake security into each stage of the development process, taking control of development and confirming the integrity of code before it moves further along in the development cycle and out to production environments and customers.
When a cyber-espionage group targeted at least four critical infrastructure organizations in South-east Asia, they demonstrated their potential to paralyze key infrastructure including essential services such as water, power, communications and defense. New opportunities are emerging all the time, limited only by attackers’ imaginations, and high-profile technology environments such as private space launches and elections will be targeted next year. Governments around the world are building up their critical information infrastructure by developing initiatives to help organizations establish best practices to better manage cybersecurity risks across the supply chain. Public and private organizations that are vulnerable to spectacular cyberattacks will need to redouble their focus on a zero-trust approach to security.
Like cyberterrorist events, ransomware attacks often attract heavy press coverage, which can further encourage bad actors seeking publicity. DigiCert predicts that ransomware attacks will continue to escalate, especially as the use of cryptocurrency expands, and ransom payments become even harder to trace outside the banking systems.
- Supply chain complexity and vulnerabilities
- Trust and identity verification processes will be tightened
As complex technology becomes a deeper part of every APAC organization’s most critical processes, a stronger level of trust and identity will be required.
Stakes are growing for digital signatures
The firm predicts that more workflows will be associated with digital signatures, in industries like financial services, real estate, healthcare and education. Digital signatures are also helpful for organizations operating on hybrid work arrangements, to onboard or support remote employees. The stakes are growing as digital signatures become more widely accepted in APAC.
Across Asia, there is a rise in the validity and enforceability of digital signatures in business and legal spaces. The Philippines, Singapore and Thailand have amended their laws to include electronic transferable records such as digital signatures, as valid in court.
Identity and trust power the IoT and more
For data-driven use cases like IoT, trust is more important than ever. Devices like healthcare monitors, industrial control devices, home security systems and vehicle sensors all depend on the integrity of their real-time data to support processes and decisions. As the adoption of 5G technology accelerates, we will see an increasing convergence in IoT and 5G applications— which could invite more attacks. Public Key Infrastructure (PKI) remains a robust, proven method to assure trust in IoT environments.
- VMC trust and identity will change the face of email marketing
With e-commerce sales in APAC are expected to nearly double by 2025, the firm predicts that organizations will increasingly adopt Verified Mark Certificates (VMCs) to build their brand equity and strengthen trust as they market online. VMCs certify the authenticity and display a logo to email recipients right in their inboxes before an email is opened. By using VMCs, marketers can reinforce their branding and demonstrate to customers that they care about their privacy and IT security.
- Stakes are growing for digital signatures
Pandemic threats will persist and evolve
Last year, DigiCert predicted that individuals and businesses alike will adjust to a new normal in 2021 with threats like fraud, phishing and data breaches targeting social changes to activities like work and travel. As the pandemic unfolds with more surprises, we predict that those threats will continue to remain. We are seeing increasing use of contactless technologies in airports, retail environments, restaurants and other public spaces—all of which are vulnerable to cyberattacks. Digital ID schemes such as drivers’ licenses and healthcare records are becoming more widely used—and also remain possible points that can be hacked.
- Post-quantum computing will challenge the security status quo
A DigiCert survey of IT decision-makers concluded that quantum computing will be able to break existing cryptographic algorithms by 2025. That means security organizations will need to rethink security for a post-quantum world. Post-quantum cryptography (PQC) can strengthen cryptography, decreasing the possibility of security breaches. But many companies lack a clear understanding of the crypto they deploy, so they will want to take proactive steps to locate all the exposed servers and devices and rapidly update them when a fresh vulnerability comes to light.
We predict some major developments in the PQC world in 2022, as NIST is expected to announce practicable efforts to replace current versions of RSA and ECC encryption algorithms.
- Automation will power cybersecurity improvements
As organizations work to keep the lights on and scrutinize the bottom line, there will be a resulting push for efficiency in security technologies. Security teams will be asked to do more with even fewer resources. The coming year will bring an emphasis on technologies that allow organizations to do more with less, and automation will play a significant role in terms of security innovation in the New Year. Data from a DigiCert survey showed that enterprises in APAC are interested in PKI automation, and associated AI and ML technologies that power this automation.
- Cloud sovereignty will create new security demands
In an increasingly cloud driven world, traditional perimeter-based security approaches have become obsolete. The firm predicts that cybersecurity challenges will become even more demanding as cloud services become more granular. Organizations are deploying cloud solutions that are increasingly subject to local jurisdiction and regulations. Cloud sovereignty controls are focused on protecting sensitive, private data, and ensuring that data stays under owners’ control.
As more of sovereign cloud initiatives emerge, organizations will require an increasing awareness of regional security requirements.
Organizations will prioritize a culture of security
Finally, DigiCert anticipates organizations working harder to strengthen a culture of cybersecurity, from the top down, involving more employee education using phishing tests, mandatory online training and cyber simulation exercises taking place at the board level, to help C-level participants test their communication strategies and decision-making in the event of a major cybersecurity crisis.
Mitigating tomorrow’s threats will require a commitment from leadership and good communication across every organization.