Cybersecurity directions in 2022

Tech in 2022 - 10
Wrapping up our series of tech predictions for the new year, from industry experts
December 31 2021: How  will a new world of work will require tailored social engineering in 2022. Why will  intelligent devices lead to greater cyber exposure in 2022. And why will active directory continue to be the main target for threat actors in 2022?
We asked experts at Tenable, the  Columbia, Maryland (US)-based cybersecurity company.
Derek Melber, Chief Technology and Security Strategist, says misconfigured Active Directory will continue to be main target:
With 90 percent of the Fortune 1000 relying on Active Directory to manage access and privileges, it’s no surprise that AD is the one common denominator across the largest security attacks like SolarWinds, MSFT Exchange and more. Entry points will continue to vary and more will inevitably be added, but regardless of how attack tactics change in the coming year, AD will remain the main target because it’s simply too lucrative for adversaries to pass up. Ransomware trends will come and go, but threat actors will continue to leverage misconfigured AD to move laterally, escalate privileges, and create chaos. Organizations must patch and secure every configuration that is known to be exploited or otherwise expect a breach in 2022.
Dick Bussiere, Technical Director, Tenable APAC suggests that increased number of intelligent devices will lead to greater cyber exposure:
Smart city initiatives, smart building initiatives and efforts to reduce carbon emissions will lead to a proliferation of intelligent devices (ie:IIoT technology) being attached to the Internet. This trend will be accelerated by the increased capacity and speed of 5G networks.  Intelligent devices such as sensors, lights, meters are indirectly being connected to critical infrastructure and controlled through secure remote access. These intelligent devices serve as the eyes and glue by which future smart city initiatives will be linked together. Through actionable information from massive streams of real-time data, critical infrastructure operators will be able to address public health, reduce traffic congestion and manage critical resources such as water, electricity and more.
There are two broad issues with this from the perspective of cyber security. The first is from the nature of 5G networks themselves - 5G brings “more and faster”, which means that the “value” of the network to an attacker is increased as more devices become attached. The second broad issue is the security of the “IIoT” devices themselves. Normally, devices falling in this category are inexpensive, may not have had rigorous testing from a security perspective, and may not enjoy vendor support in the long term. Furthermore, they introduce new portals for an attack due to the convergence of IT and OT operations. This naturally leads to a large population of vulnerable devices.  Managing this enhanced risk will become a challenge.
Nathan Wenzler, Chief Security Strategist, predicts that the new world of work will usher in a new era of social engineering:
While threat actors have historically leveraged large-scale events like the Super Bowl or Tax Day to launch attacks on unsuspecting, distracted users, 2021 has changed the playing field. Now, remote work has become the perfect ongoing distraction for attackers to build social engineering attack campaigns around. After all, only one-third of remote workers strictly follow their organization’s security guidelines, and remote workers have an average of eight devices connecting to their home network, creating plenty of targets of opportunity for attackers to take advantage of.
As we look ahead to 2022, threat actors will continue to take advantage of the opportunities that lie within this new world of work, setting their sights on compromising any device in the home network to get to the crown jewels on the corporate network. All it takes is one employee falling victim to a single, well-crafted social engineering stunt, which makes end users the perfect target for today's adversaries who are aiming for access to corporate networks, databases and other valuable assets.