As 2021 winds down, 2022 appears to be promising more of the same cyberthreats and attacks. Given observations made over the past year, they will be plentiful–escalating in frequency and complexity. The cybersecurity team at BlackBerry offers some predictions and advice, along with some partner thoughts, on notable trends and growing opportunities for MSSPs in the coming year.
Three trends that will likely continue into 2022:
- The pandemic will continue to cause disruption for organizations on a global scale
- Cybercriminals will take advantage of better tools, finding willing conspirators to help them wreak havoc on victims’ data and operations with ransomware
- Mid-market and SMBs will become more susceptible to data breaches and beyond
The Disrupting Pandemic
As highlighted in our BlackBerry 2021 Threat Report, the global pandemic presented the biggest threat for 2020. It has continued to be an enduring and morphing disrupter throughout 2021.
When the pandemic first broke in late December 2019, organizations everywhere were forced to adopt work-from-home policies almost overnight. IT departments scrambled to support a suddenly distributed workforce. With so many people working remotely, attack surfaces grew at an alarming rate to the delight of potential attackers.
Fast-forward to 2021. Companies are still struggling with return-to-work plans and remote work remains largely the norm. With virus variants continuing to erupt, the current situation is not likely to be resolved any time soon. As the risk of cyberattacks grows, it is driving greater needs for clients and MSSPs alike to adopt a Zero Trust approach to security. Organizations need to implement solutions that secure access and data with advanced, adaptive capabilities that balance the level of trust against risk.
The Great Resignation: Pandemic Fallout?
In September 2021 alone, 4.4 million people (3% of the American workforce) resigned from their jobs. While this represented a wide range of industries, it left cybersecurity particularly vulnerable. COVID-19 helped nothing. Adding to an existing staffing and skills shortage, the cybersecurity industry is now dealing with a 3.5 million headcount issue.
2022 Partner Perspectives
The basics are still causing the biggest problems for organizations:
- A lack of multi-factor authentication (MFA)
- Failing to consistently manage patches/updates
- A lack of least privilege access monitoring in Active Directory (AD) leaving users with access to areas outside their job needs, permitting more vulnerabilities (a user is just a user)
- Office 365® and G Suite applications are still the biggest targets of malware being delivered in email
Smarter, Craftier Cybercriminals
Despite the pandemic, or perhaps encouraged by it, cybercriminals have been working tirelessly to increase their attack reach and effect—utilizing new tools and cohorts to help them gain access to a broader swath of victims.
Ransomware will continue—and increase—to plague organizations of all sizes and industries. Replacing much of the traditional, off-the-shelf ransomware attacks seen in previous years, is ransomware-as-a-service (RaaS). As an offering of pay-for-use malware, RaaS enables extortion of stolen or encrypted data by customers known as “affiliates” with little technical skill. RaaS has been growing in popularity and continues to help attackers scale so they can take aim at new targets of mid-market and SMB victims.
Off-the-shelf toolkits have been active, simplifying cyberattacks with ready-made exploit kits, malspam (widespread, indiscriminate email campaigns using popular topics in tested, off-the-shelf formats), and threat emulation software like Cobalt Strike and Metasploit. A prevalent and favored tool among attackers, Cobalt Strike is the subject of the BlackBerry Research and Threat Intelligence Team’s book, Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence.
Security teams need the assistance of AI to identify and block constantly evolving malware and provide effective endpoint protection (EPP) with application control, script control, memory protection, and device policy enforcement.
At Greater Risk: Mid-market and SMBs
While the average cost of a data breach continues to increase for companies of all sizes, mid-market and SMBs will be at the greatest risk.
- A 2021 IBM report revealed data breach costs rose from US $3.86 million to US $4.24 million, the highest average total cost in the history of the report
- The average cost was US $1.07 million higher in breaches where remote work was a factor in causing the breach (compared to when remote work was not a factor)
- Mid-market clients and SMBs will experience more exposure to sophisticated cyberattacks and need to acquire more advanced cybersecurity capabilities
External facing zero-day threats, supply chain attacks, and initial access brokers (IABs) are also increasing the risk to mid-market and SMB organizations.
- Cyber insurance payouts are increasing – and as a result, so are the premiums
- Just buying cyber insurance is no longer workable due to increasing requirements for an existing clean environment and good cyber hygiene with requirements increasing:
- Compromise assessment to show clean bill of health
- 365x24x7 monitoring
- Endpoint protection platforms (EPPs) to prevent endpoint security threats and endpoint detection and response (EDR) or extended detection and response (XDR) capabilities
- Threat Hunting
More Opportunity for MSSPs
These notable trends will drive more opportunity for MSSPs to support clients of all sizes, but the greatest growth is expected in the mid-market and SMB areas as these companies respond to increasing threats.
MSSPs can deliver value in many ways.
- Tools become more powerful when in the hands of a trained operator and security operations center (SOC), removing much of the burden from small and overworked or even non-existent IT staff
- While EDR alone is not designed to stop ransomware, an experienced MSSP that knows what to look for, utilizing the right EPP or capable SOC to effectively monitor a network, can stop potential malware attacks before it’s too late
- Provide enhanced services of XDR capabilities that MSSPs can use to help clients simplify their programs and get greater visibility into their security stack and infrastructure, identifying potential threats before they can execute
Looking Ahead
Given the uncertainties plaguing organizations’ return-to-work plans, major staffing shortages, remote workers exposing attack surfaces, and the threat landscape thriving as cybercriminals get ever smarter, our advice for 2022 is to continue with our 2021 predictions—double-time.
And the good news? From all this cyber chaos springs opportunity, especially for MSSPs. Growing needs of SMB and mid-market clients should lead to increased demand for MSSPs to provide valuable protection services against advanced persistent threat (APT) groups devising more sophisticated attacks in greater frequency.
By Tony Lee, vice president, global services technical operations, BlackBerry Security Services; Josh Stegall, director of MSSP alliances, BlackBerry, and Michael Crean, CEO of Solutions Granted.
Find out more about BlackBerry and the BlackBerry Cylance MSSP Partners Program. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
