Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Ransomware, Geopolitics, Nation State and Supply Chain Attacks Rank as the Biggest Cyber Threats in Infosecurity Group’s 2022 State of Cybersecurity Report

May 2022 by Infosecurity Europe

Cybersecurity leaders and analysts depict an industry in turmoil, rocked by a string of events such as the SolarWinds supply chain compromise, through to the Colonial Pipeline ransomware attack, the Log4Shell exploit, and concerns over the potential fallout from the Ukraine conflict. This is according to the 2022 Infosecurity Group State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine. This is the fourth in the series, which began in 2018, after a brief hiatus in 2021.

The report examines cybersecurity professionals’ biggest concerns across a range of sectors, with this years’ top trends representing a departure from previous reports where they remained largely static. This year’s study found ransomware was the biggest trend among our survey respondents (28%), surging ahead having not made the top three trends in 2020. This is closely followed by geopolitics/nation-state attacks (24%) and supply chain attacks (22%). Additional trends of interest included, cloud/multi-cloud security (21%), remote work and return (18%), deperimeterisation and zero trust (15%), human factor (15%) and AI/ML (10%).

Ransomware has become increasingly more sophisticated, with authorities stepping up their response in an effort to thwart these attacks and put pressure on ransomware groups. Report contributor and investigative journalist, Geoff White, noted that ransomware groups are becoming more cautious - "We’ve seen gangs’ affiliates either going rogue and attacking the Colonial Pipeline, or leaking information as we saw with the Conti ransomware gang," he said. He expects to see operators reining in their affiliates and being more guarded in their operations.

Ransomware attacks have increased because they remain effective in not only locking up customer data, but bringing businesses to a halt and offering huge financial gain for the attackers. No other type of attack, other than perhaps a distributed denial of service (DDoS), can do such immediate and profound damage to an organisation’s bottom line.

Geopolitical unrest was also a critical talking point in this years’ report with the war in Ukraine causing a shift in hostilities into cyberspace. Expectations for global change to address cyber warfare was heightened amongst the respondents. Praveen Singh, Head of Global IT Risk and Cyber Security, ICBC Standard Bank Plc, said that the situation in Eastern Europe makes a global legal framework on cybercrime and cyber warfare even more important. "We are going to be at a point where we globally are going to have UN-level state laws on cyber security, warfare and rules, and they must be written down and agreed by the key nations around the world."

Furthermore, supply chain security leapt from a tangential issue in the 2020 report to a top three trend this year. The discovery of the SolarWinds attack in December had huge repercussions as dozens of agencies and hundreds of companies found themselves compromised by malicious code that had been injected into the vendor’s software.

Robin Smith, Head of Cyber and Information Security at Aston Martin, warned that the problem will get worse before it gets better and geopolitical and economic issues continue to constrain hardware and talent supply chains, introducing more uncertainty, citing the Ukrainian war as an example.

"The unintended effects are going to hit supply chains. Think about shortages in chips and staff," he said, adding that state actors might exploit supply chain issues. "We are being vigilant around our supply chain to make sure that things like equipment, people or any other aspect are monitored and scanned, and that any contagion is contained."

Other key trends in the report include:

Cloud/multi-cloud security
Remote work and return
Deperimeterization/Zero trust
Cybersecurity awareness/human behaviour
AI/ML (including deep fakes)
Phishing/ Social engineering
IoT security and standardization
Cybercrime
Identity and access management
Data protection/identity theft

Nicole Mills, Exhibition Director at Infosecurity Group, comments: “The threat landscape is continually evolving, but this years’ report highlights just how quickly these changes are taking place. The industry is facing unprecedented challenges in trying to keep pace and stay one step ahead of the threats, and whilst most of these a familiar, the tactics and motivation behind them are diverse. We are facing a new era of cyber threats, being further propelled by increased digitalisation and geopolitical events. These attacks are no longer just headlines that people can read and forget about, their effect on all of us will continue to grow.”

The annual State of Cybersecurity Report is based on interviews conducted in March 2022. Infosecurity Europe gathered the opinions numerous cybersecurity experts via online written responses and online one-to-one video interviews for a deeper dive into the state of cybersecurity.

To download a copy of the report, please click here.

Interviewees included: Ian Hill - Director of Cyber Security at BGLi, Keith Martin - Professor of Information Security, Royal Holloway, Maria Bada - Lecturer / Behavioural Science Expert, Queen Mary University/AwareGo, Paul McKay - Principal Analyst, Forrester, Maxine Holt - Senior Research Director, Omdia, Andy Harris – CTO, Osirium, Jen Ellis – VP Community and Public Affairs, Rapid7, Guido Grillenmeier – Chief Technologist, Semperis, Praveen Singh - Head of IT Risk and Cyber Security, ICBC Standard bank PLC, Victoria Baines - Visiting Fellow, Bournemouth University, David Edwards – Independent researcher, Robin Smith – CISO, Aston Martin, Tiago Carvalho - Trainer and Senior Security Consultant / Pentester, NotSoSecure , Mark Guntrip - Senior Director, Cybersecurity Strategy Menlo Security, James Lyne – CEO, Helical Levity, Jon Townsend - CIO, National Trust, Mark Nicholls, Geoff White- Author and Investigative Journalist, BBC News, Peter Yapp - Schillings partner and former NCSC deputy director, Steve Wright - CEO and Partner, Privacy Culture Limited and Sarb Sembhi - Global CISO, Aireye.

The threat landscape will be covered extensively in the conference programme at Infosecurity Europe 2022 (Tuesday 21 to Thursday 23 June 2022 at ExCeL London). Topics explored on the Keynote Stage will include key threats and adversaries, tackling insider threats, building a security culture, the paradigm change in ransomware, monetisation of threats, Cybercrime-as-a-Service (CaaS), third party risk, how cyber criminals are changing their approaches, and improving detection of known and unknown threats.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts