A Changing Threat Landscape: Chip Shortages, Supply Chains in Crisis and Evolving Business Structures
November 2021 by Andrew Hollister, Deputy CISO and VP Labs at LogRhythm
2021 has been yet another uncertain year, and businesses in Europe have continued to feel the effects of this on the security landscape. Business processes have had to adapt to changing coronavirus regulations across Europe and cyber criminals have been ready to take advantage of opportunities created by fluctuating business environments.
In 2022, organisations will have to continue to be on high alert. According to a McKinsey survey of global corporate executives, 34% of respondents from the IT sector said they expect to have at least one-tenth of their employees working remotely for at least two days a week after COVID-19, compared to just 22% of respondents surveyed before the pandemic. As businesses harness more connectivity than ever before to connect teams working both remotely and in-person, these new patterns of behaviour will expose businesses to further threats and the risk of being exploited.
In this article, I will share my key cybersecurity predictions for 2022 so businesses can better prepare their employees, processes and infrastructure for the coming year.
Global Chip Shortage Prompting Corruption
Throughout the pandemic, cybercriminals have recognised and acted on the opportunity to exploit weakened cyber defences as a result of continued disruption. Companies and governments have often been the victim of attacks due to the prospect of significant financial gain.
Production and distribution have also been caught up in this disruption. As we move into 2022, the global chip shortage will continue to be affected, and will become a target for hackers to exploit. One country will even go as far as to tamper with the supply chain of one of the leading chip-producing countries to excel against others, potentially creating further shortages of critical supplies and a sharp increase in prices for basic goods. This situation could become more critical if a country’s COVID-19 vaccine supply chain is tampered with, especially as many countries’ vaccination programs are well underway.
CISOs Gain Recognition but Need More C-Suite Visibility
Earlier this year, a report from LogRhythm found that only 7% of security leaders report to the CEO. Additionally, only 37% say they or someone in their security function reports to the board of directors, despite 60% of organisations experiencing a cyberattack in the last two years. Business structure is not aligned, and the battle to be recognised as an integral part of the C-suite has been an uphill battle for CISOs. This creates a lack of executive visibility when it comes to strategic planning and budgeting which only increases the chances that a business will not be equipped to deal with an attack.
CEOs and boards are now recognising the risk of overlooking CISOs and other cybersecurity decision makers. To identify and respond to the cyber risks facing their organisation, business executives need to stay informed every step of the way.
Supply Chains Headaches Will Ramp Up
We have already seen the growing sophistication malicious actors demonstrate when infiltrating and compromising organisations, and the damage these threats can do. This technological aptitude will be applied to the accessible-to-all open-source software ecosystem, where attackers can introduce vulnerable code to widely used open-source software components.
The scale of these attacks will be far-reaching and companies that have built products using open-source technology will be key targets of exploitation. In many cases, the damage to systems and processes will be felt before the attacks are even detected. These attacks are already present in widely used open-source software and victimised businesses are left none-the-wiser due to detection challenges.
Cybersecurity Talent Gap Grows
Due to a growing number of serious cybersecurity attacks in recent years, organisations are looking to grow their cybersecurity teams. However, many are faced with a shortage of cybersecurity talent, as well as a lack of IT professionals across the board.
It’s critical this cybersecurity talent gap is closed, and we can expect organisations to ramp up their on-the-job training to invest in existing employees. By doing this, they can diversify their existing taskforce and enable them to address the organisation’s cybersecurity needs. Training will become a valuable resource for businesses in need of more specialist employees, especially during a time of such rapid digital transformation.
Understanding Future Trends
Ultimately, these predictions reinforce that despite cyberattacks causing global disruption in the form of supply chain issues and chip shortages, businesses are not yet fully equipped to address them. Organisations will need to take proactive steps if they are to be adequately prepared to confront the challenges this type of disruption causes to maintaining a strong security posture. Through training and tackling the disconnect between the C-suite and CISOs, businesses can better prepare themselves for the threats that lie ahead. As cyber threat actors become more sophisticated and dangerous, businesses need to take an active stance in protecting themselves in the evolving threat landscape.