As 2021 comes to a close, Smarter MSP is talking with some of the best and brightest cybersecurity minds to take stock of the past year and get a sense of what to expect in terms of a cybersecurity outlook for 2022.
This week Smarter MSP spoke with Nur Zincir-Heywood. Dr. Heywood is a cybersecurity specialist and faculty of computer science at Dalhousie University in Halifax, Nova Scotia.
Heywood predicts more of the same in 2022 with some post-pandemic twists.
“More of the same” means ransomware, business email compromise, and denial of service attacks. But the ongoing complications of COVID and remote work, coupled with the ever-expanding attack surfaces that IoT will keep producing, means constant headaches for cybersecurity specialists in 2022.
Stealth attacks will become more common
Heywood says that some of the most harmful attacks will be stealth breaches where the hackers wait, quietly eavesdropping and gathering information.
“Eventually, once they are in, they can stay there until their objective is achieved,” Heywood points out, adding that this type of stealth attack is not going away and will become more common in the post-pandemic world.
Of course, the worst thing about this kind of attack is that the damage often isn’t immediately clear. Once someone gains access, they lay in wait, quietly harvesting information that can be used later for nefarious purposes.
Increased investments will be required to secure remote work
Heywood also predicts that you won’t see offices and corporate campuses filling up in 2022, at least not entirely. During the pandemic, Zoom meetings and Google Teams allowed commerce to continue in partial form, and in Heywood’s view, many have settled into the realization that remote work is viable.
The remote revolution has been a boon to cities like Halifax, which launched a campaign to lure remote workers to the city. According to Statistics Canada estimates, nearly 40 percent of Canadian workers telecommuted during the pandemic compared to about 10 to 13 percent in previous years.
But Heywood believes that that businesses weren’t – and still aren’t – prepared for the cybersecurity risks that remote has put forth. She says that remote work has always served as a sort of “back door” into organizations and systems but was on a far smaller, thus manageable, scale.
“We didn’t have to sustain it 24/7, but right now we have to, and that creates a huge problem,” notes Heywood.
2022 will be “more of the same” meaning #ransomware, business email compromise, and denial of service attacks with proliferate. This, coupled with the ongoing impact of #remotework and an expanding attack surface will challenge #cybersecurity pros.
Another cybersecurity challenge will continue to be blending personal and professional lives at work through people bringing their own devices (BYOD).
“BYOD is cost-effective, but now you have to trust the machines that people are using for their personal lives and business,” comments Heywood. These questions have been around a while, and cybersecurity experts fretted over them, “but the pandemic amplified them, we need new ways of dealing with them,” she adds.
Heywood also points out that companies and countries were – and still are – ill-prepared for remote work in the long haul.
“I think it became very obvious that the world has not invested enough in terms of the infrastructure and the security that goes with it to sustain this type of work. Some of the issues we see with cybersecurity are because of the lack of resources,” she explains.
Human error will lead to bigger security problems as attack surfaces expand
In terms of a cybersecurity outlook on 2022, Heywood tells SmarterMSP what frightens her most is pandemic fatigue combined with the little human errors that pile up to create big problems.
“At the end of the day, cybersecurity problems happen because of human error,” Heywood says. She describes this human error as a bug that the software programmer unintentionally left unnoticed, a system administrator’s error when configuring, or a phishing attack where someone makes a silly mistake and clicks on a link.
“So, what really worries me is that all of these are silly little mistakes stemming from stress levels during the pandemic, which are also part of what makes us human,” Heywood emphasizes. But being human is the worst thing for systems increasingly run by AI and machine-to-machine communication.
“These small errors are going to cause more and more problems for us because they are very difficult to stop,” Heywood warns. She adds, “It almost requires us not to be human, which is impossible.” And IoT’s voracious expansion in 2022 can cause a single mistake to be amplified around the globe.
Heywood points out that there is a massive volume of communication that does not involve humans, it is machine-to-machine and takes up an increasing part of the internet infrastructure. But a human configures them, so if any error occurs in the programs that run on devices, this can cause a chain reaction.
“The amount of surface that we have created is mind-boggling, and all of those silly mistakes can go everywhere, with the push of a button,” Heywood cautions.
And, that – the little mistakes and their big consequences – Heywood tells us, is what keeps her up at night.
Photo: Maria Savenko / Shutterstock