{"id":17747,"date":"2021-12-22T07:08:16","date_gmt":"2021-12-22T07:08:16","guid":{"rendered":"https:\/\/web3unplugged.io\/blog\/?p=17747"},"modified":"2021-12-22T07:08:21","modified_gmt":"2021-12-22T07:08:21","slug":"emea-2022-cyber-security-predictions","status":"publish","type":"post","link":"https:\/\/web3unplugged.io\/blog\/emea-2022-cyber-security-predictions\/","title":{"rendered":"EMEA 2022 Cyber Security Predictions"},"content":{"rendered":"\n
  1. Ransomware Problem Evolves on Multiple Levels \u2013 Make Sure Not to Get Blindsided:\u00a0<\/strong>Through 2021, the EMEA region has seen an increase in cyberattacks, in particular, ransomware attacks have risen in prominence. The\u00a0Unit 42 Threat Report, 1H 2021 Update<\/a>\u00a0found that the average ransom demand increased by 518% and the average ransom paid climbed by 82% from 2020.\u00a0<\/li><\/ol>\n\n\n\n

    Part of the evolution is how ransomware functions will continue to evolve, as\u00a0communities such as\u00a0nomoreransom.org<\/a>\u00a0have fought back, and we are seeing nations\u00a0lean in further to shut down groups and their campaigns, as well as looking at how they can interrupt or intercept the money flow.\u00a0\u00a0<\/p>\n\n\n\n

    One side effect of this evolution is the term \u201cransomware\u201d now has an almost intangible meaning, conversations become confused as where one sees it as traditional ransomware compromising a local device or user, another may see it as structural elements and infrastructure being compromised before it even reaches our internal landscapes.<\/p>\n\n\n\n

    As a result, CISOs need to train and educate their executives and peers across the business on the different types of attacks, why they are important, what the different business impacts are and how to strategically build tailored approaches to best detect and respond.<\/p>\n\n\n\n

    1. 2022 \u2013 Passwords Will Be Deleted:\u00a0<\/strong>Gartner<\/a>\u00a0predicts that by 2022 90% of mid-sized and 60% of global enterprises will shift toward passwordless authentication methods. Every business is currently dealing with an explosion in the number of sets of credentials each user has, and with these new credentials comes an amount of risk. With the collaboration, SaaS & cloud adoptions skyrocketing due to the new flexible ways of working, we will see attacks focus in two directions.\u00a0<\/li><\/ol>\n\n\n\n

      Firstly, the obvious targeting of these new credential systems, this can be down to poor user management, are weak passwords being used? Is the same password being used? Secondly, there will be a focus on the backend systems. Whilst many have been using AD, Radius and other authentication processes for years, many of the new SaaS tools each have their own credential management processes, that being nascent can be more prone to exploitation.<\/p>\n\n\n\n

      Moving forward we will continue to see password authentication slowly being replaced, as companies want to try to remove the reliance on passwords. It all started with the iPhone, and we are now seeing a significant increase in the number of people and organisations using passwordless authentication such as Windows Hello.<\/p>\n\n\n\n

      1. The Compromised Home:\u00a0<\/strong>Hybrid working is here to stay \u2013\u00a0 working-from-home enterprise employees are increasingly using a broader range of\u00a0IOT devices<\/a>\u00a0\u2013 both corporate and personal devices \u2013 to access enterprise applications from wherever they are working.\u00a0<\/li><\/ol>\n\n\n\n

        So it is only natural that our home networks should become a target for cyber criminals. This is especially true when controls on home networks are typically not nearly as strong as those on corporate networks. Businesses that had historically locked down laptops, USB ports, personal printers and many other things typically would be blocked. However, to function in the hybrid working world users now need these capabilities so security controls have had to be relaxed.\u00a0 This spans the gap into shared family devices.\u00a0\u00a0<\/p>\n\n\n\n

        Even when turned off for a short period of time, the business device is at risk to all the other systems connected to the same network, many probably have never been patched and most are still using their default admin passwords, if they had one, that is!\u00a0\u00a0<\/p>\n\n\n\n

        The good news is that awareness around this topic is increasing across the EMEA region, with leaders feeling\u00a0more confident than ever, when it comes to having full visibility of the IoT devices on their organisation\u2019s business network, with 70% completely confident in 2021 versus 58% in 2020 \u2013\u00a0as highlighted in our 2021 IoT Security Report\u00a0\u201d The Connected Enterprise\u201d<\/a>.<\/p>\n\n\n\n

        1. Cybersecurity Education Needs to Evolve with New Work Lifestyles:\u00a0<\/strong>As we become a more connected society we must also think about how we make cyber education have greater longevity in such an agile digital world. This means moving away from the risk du jour \u201cdon\u2019t click on this\u201d \u201cdon\u2019t open that\u201d into what will be fundamentally good design and utilisation principals.\u00a0<\/li><\/ol>\n\n\n\n

          For example, how many now work from their own homes?\u00a0 What happens if you let someone else use your work device, just for a minute?\u00a0 Or what happens if you need to do some work and you can\u2019t use your work device?<\/p>\n\n\n\n

          The lines between personal and work are becoming increasingly blurred and complex, and we are all becoming integration points in our own worlds, as a result. From grass roots to late technology adopters, we have to start thinking of every person as a digital innovation point. Let\u2019s ask ourselves: What are the core principles of good information sharing both in our personal and professional lives?\u00a0<\/p>\n\n\n\n

          Today, most education focuses on what should and shouldn\u2019t be done \u2013 for example: clicking on a questionable link, opening phishing emails, sharing your password. These are now 10-15 year old lessons, valuable yes, but they don\u2019t align with the new ways of working.<\/p>\n\n\n\n

          1. Cyber Hygiene: Will It Get Worse Before It Gets Better?:\u00a0<\/strong>So much has changed so fast in business IT. Evolution is not slowing down and the inconsistency of security capabilities, especially Cloud and SaaS, are challenging businesses where everyone is now a CIO.\u00a0<\/li><\/ol>\n\n\n\n

            While DevSecOps is still maturing and lacks industry standards, and there is no industry \u201cbest practice\u201d, CISOs still need to switch from a tactical approach to thinking strategically (the bigger picture) or risk being in a lot of trouble by the time that the standards do arrive. Getting buy-in from executives and key stakeholders on a solid cybersecurity approach for the business is an important part of this strategic mind shift.\u00a0<\/p>\n\n\n\n

            As policies continue to take shape and regulations fall into practice, organisations must work from the ground up by laying a solid foundation of good cyber hygiene and best practices.<\/p>\n\n\n\n

            1. Shedding The Cyber Safety Blanket: The digital world has evolved so much in recent years, and the<\/strong>\u00a0expectations from cyber security teams have never been greater. More threats and more business processes to secure, go hand in hand with more cyber security capabilities.\u00a0 The challenge \u2013 typically businesses are less tolerant to downtime and outages, as their dependencies on digital systems grow.\u00a0 This is the cyber time paradox \u2013 more with less.\u00a0\u00a0<\/li><\/ol>\n\n\n\n

              As our cyber security world evolves, it is time to embrace that mantra in a different way. The only way we can do more, is to have less legacy.\u00a0 For every one new capability required, the security team should look to relinquish two. The challenge being, we are humans and we become emotionally attached to things that have had a material impact on our lives.\u00a0 Most security people can attest: \u201cthis capability saved my bacon\u201d. The problem being: our world is evolving at pace!\u00a0 As a result, we have to continually reassess the value of legacy security controls, and be willing to let go faster than what \u201csaved our bacon\u201d in the past, and what has been superseded by smarter, better capabilities.<\/p>\n\n\n\n

              This has never been more key than now \u2013 as cloud services provide evergreen capabilities.\u00a0 How can security teams have the time to look at the incremental new cyber security technology provided, as part of the service? Or be required to keep pace with the changing scope of a service, if they are restricted by a legacy world that continues to grow unabated?<\/p>\n\n\n\n

              1. Zero Trust Enterprise Becomes The Security Standard:\u00a0<\/strong>As organisations shift to support new, digitally enabled working models, to accommodate the shifting work environments, it\u2019s increasingly important to ensure that their assets and traffic to those assets are secure.\u00a0\u00a0<\/li><\/ol>\n\n\n\n

                Zero Trust Enterprise<\/a>\u00a0is an approach to risk reduction based on the concept of \u201cnever trust, always verify.\u201d It spans everything: users, applications and infrastructure. Zero Trust is about applying the relevant identity, device\/workload access or transactional controls to verify and limit the risks to the business.\u00a0But doing this with disparate point solutions will only create complexity and security gaps. It will be imperative that organisations choose an interoperable ecosystem of security providers aligned on the company\u2019s security goals.<\/p>\n\n\n\n


                While\u00a0many businesses will get Zero Trust wrong, the ones that embrace a Zero Trust Enterprise Ecosystem approach will get it\u00a0right. We live in the instant gratification world, as such, we can expect some to look for a quick fix Zero Trust solution, which will reinforce that many simply haven\u2019t understood that Zero Trust is a strategy, not a product or project.<\/p>\n\n\n\n

                Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA) said<\/strong>: \u201cIn the Middle East, organisations need to remove the safety blanket and educate employees on cybersecurity whether junior or most senior. The shared responsibility model for cybersecurity has become really critical, especially as we start further adopting cloud platforms. Organisations must prioritise awareness campaigns and be more creative with cybersecurity education, especially as employees shift to home and hybrid workplaces.\u00a0 In addition, in today\u2019s time, CISOs, CIOs and IT heads must partner with cybersecurity experts and understand all functions within security, risks and DevOps.\u201d<\/p>\n\n\n\n

                \u201cIn addition,\u00a0as the digitisation of Operational Technologies (OT) accelerates, mostly bound by legacy OT systems and IoT, finding and stopping shadow IT will continue to be a challenge. The energy industry is expanding the usage of IoT sensors and the identification, classification, and protection will take precedence albeit using concepts like Zero Trust to reduce the risk of breaches or sabotage. SOCs are merging between IT, OT and IIoT. Some did this a few years ago, but as more Energy\/Utilities deploy IoT, IIoT and OT than ever, many more will need to consider, post COVID-19, merging their SOCs,\u201d Pasha added.<\/p>\n","protected":false},"excerpt":{"rendered":"

                Ransomware Problem Evolves on Multiple Levels \u2013 Make Sure Not to Get Blindsided:\u00a0Through 2021, the EMEA region has seen an increase in cyberattacks, in particular, ransomware attacks have risen in prominence. The\u00a0Unit 42 Threat Report, 1H 2021 Update\u00a0found that the average ransom demand increased by 518% and the average ransom paid climbed by 82% from […]<\/p>\n","protected":false},"author":1,"featured_media":17749,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-17747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"rttpg_featured_image_url":{"full":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",846,1270,false],"landscape":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",846,1270,false],"portraits":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",846,1270,false],"thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks-150x150.jpg",150,150,true],"medium":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks-200x300.jpg",200,300,true],"large":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks-682x1024.jpg",682,1024,true],"1536x1536":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",846,1270,false],"2048x2048":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",846,1270,false],"post-thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",280,420,false],"graptor-sq-xs":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2021\/12\/Haider-Pasha-Palo-Alto-Networks.jpg",67,100,false]},"rttpg_author":{"display_name":"admin","author_link":"https:\/\/web3unplugged.io\/blog\/author\/admin\/"},"rttpg_comment":0,"rttpg_category":"Uncategorized<\/a>","rttpg_excerpt":"Ransomware Problem Evolves on Multiple Levels \u2013 Make Sure Not to Get Blindsided:\u00a0Through 2021, the EMEA region has seen an increase in cyberattacks, in particular, ransomware attacks have risen in prominence. The\u00a0Unit 42 Threat Report, 1H 2021 Update\u00a0found that the average ransom demand increased by 518% and the average ransom paid climbed by 82% from…","_links":{"self":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/comments?post=17747"}],"version-history":[{"count":1,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17747\/revisions"}],"predecessor-version":[{"id":17750,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17747\/revisions\/17750"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media\/17749"}],"wp:attachment":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media?parent=17747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/categories?post=17747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/tags?post=17747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}