Ransomware attacks have caused huge problems for organizations around the world every year. In fact, IDC’s 2021 Ransomware Study showed that approximately 37% of global organizations fell victim to ransomware attacks in 2021.
The FBI’s Internet Crime Complaint Center reported 2084 ransomware complaints from January to July 31, 2021, a staggering 62% increase over the same period in the previous year. Another report showed that ransomware is part of 10% of all breaches and doubled its frequency in 2021.
The reality is though, ransomware will still be a major problem in 2022. For most organizations, it is no longer just about protecting their business, but about having the right type of security solutions and a sufficient security team to manage them as well.
According to James Forbes May, vice president for the Asia Pacific at Barracuda, despite ransomware still being a problem, governments are now taking it very seriously and collaborating at the nation-state level. The more active actions from these collaborations are slowing down the ransomware attackers’ ability to transfer their assets, which will impact the volume of attacks in 2022.
He believes that there will be a renewed focus on governments prioritizing cybersecurity initiatives, building alliances with vendors, and sharing data with other countries. This level of collaboration will help improve security for everyone. However, ransomware will still dominate the news because that’s the most lucrative way for the bad guys to make money right now.
“In the post-breach era where attackers are ahead of their targets since they have their hands on stolen data, including credentials, these attacks range from extortion on valuable data to penetrating the software supply chain. It has gone beyond disrupting business operations and goes as far as revealing information to discredit a corporation and destroy the trust chain. Figuring out how to slow that down by encouraging collaboration between governments and developing alliances with vendors will be critical in the year ahead,” said James.
James also pointed out that critical infrastructures will continue to face significant security challenges in 2022. This critical infrastructure includes everything from energy and financial services to education and healthcare. For example, there have been numerous stories about how ransomware attacks that hit hospitals affect patient treatment and even lead to deaths. Attacks on critical infrastructure have the most direct impact on people’s lives, so security will be a challenge as cybercriminals continue to focus on these vulnerable areas.
At the same time, James highlighted that the COVID-19 pandemic has shown that cybercriminals are willing to exploit the crisis to attack critical infrastructures like healthcare and the vaccine supply chain. He commented that it will be necessary for hospitals and healthcare organizations to understand the three steps of ransomware protection. They are avoiding credential leaks, securing access to their applications and infrastructure, and backing up their data. This will help companies get through the pandemic with as little impact from cyber-attacks as possible.
Increasing ransomware attacks requires new IT skills
One of the biggest problems in dealing with ransomware attacks in 2021 was a lack of IT skills in handling them. While some processes can be automated or outsourced, the reality is, organizations still needed to have an IT team to manage their systems. While the demand for IT security teams increased, there were simply not many of them available.
James highlighted the need for IT security executives to develop the ability to understand forensics and incident response. Many IT security organizations — whether they’re large companies or small companies working with a managed service provider — are still struggling with too many tools and not getting the signals to work together.
As such, detection and response will be the keywords to help IT security executives achieve what they need in 2022 and beyond. Improving in this area will require an Open XDR platform or managed XDR solution through a service provider. Those tools will enable IT, security executives, to respond more efficiently than they are now. Right now, most companies have more tools and more information than they know what to do with.
“For example, we have seen enterprises investing in tools to protect multiple attack surfaces. It will be essential to capture the signals from each tool and correlate the data for actionable insights. From prevention, detection to response, it will require forensics and security analytics skills to defend against today’s cyberattacks. And we are all aware of the shortage of cybersecurity skill sets; therefore, utilizing a managed SoC (Security Operations Centre) with XDR capabilities could be the answer for small, medium enterprises,” explained James.
James also pointed out that consolidation on data-driven platforms is one change to see in 2022 as the market moves to more of a service-driven kind of tooling, including XDR and managed detection and response. Detection and response will get more complex, and it’s a skillset many organizations are missing that will need to be addressed.
Many companies, especially SMBs or small-to-medium-sized enterprises, will need some type of managed service to get the assistance they need to respond efficiently and effectively and survive these ransomware attacks without investing so much in building a team in-house. James also mentioned that a lot of that market is going to shift toward managed security service providers. And at an enterprise level, it will mean getting to know what tools they’re using, which signals they’re getting from those tools, and consolidating those signals to make detection and response easier.
“Cybersecurity champion is a new role that we will start to see emerging in the next few years, especially at organizations where they are developing software. Security champions will focus on what’s been dubbed “shifting left” because now it is about the developers, software development, and the software supply chain, which includes Open-Source libraries and other third-party libraries. On the very left of the entire software development lifecycle, getting that level of security attention at the developer level is where those roles will start to add value,” commented James.
Apart from that, James believes the other emerging role in the next few years is a security analyst. To effectively detect and respond to threats, which means forensics and incident response, companies need security analysts who understand the correlation of these different signals and can execute on responding to these threats.