Trend micro security predictions for 2022

Exclusive insights for overburdened security teams

Recently, CanadianSME had a chance to chat with Myla Pilao, from Trend Micro Research to discuss their Cybersecurity predictions for 2022 which predicts that organizations will be better prepared to handle cyber risks as they build out and implement proactive security strategies. Myla discussed the key steps for businesses to undertake to ensure they remain safe in 2022 and beyond.

Myla Pilao, Senior Director, Trend Micro Research

Myla heads the division at Trend Micro that monitors the security threat landscape, including high-profile attacks and prevalent Internet security threats. She is a strategic communicator, relationship builder and cyber security expert with over a decade of global leadership experience.

Passionate about bridging technology, security, and empathy, she is an active supporter and advocate for the protection of children online and stopping the online commercial distribution of inappropriate images of children.

She holds a Master’s Degree in Business Administration from the National University in Singapore and a Bachelor’s Degree in Arts and Letters, major in Communication Arts, from the University of Santo Tomas.

Trend Micro released its cybersecurity predictions for 2022. Can you please highlight the key findings from the report?

The pandemic became a turning point in the transformation journey for organizations. But no matter how ready they are, there will be a critical need for businesses to harden their security defenses in 2022. 

This year’s predictions are aimed at empowering businesses by providing a playbook of expected trends and solutions on how to secure the future of organizations. 

The key elements of the report are:

• Cloud attackers will continue to use tried-and-tested tactics as well as pivot to new trends and technologies that cloud adopters are using right now. 

• Ransomware attacks will become more targeted and highly prominent, making it harder for enterprises to defend their networks and systems against them. Servers will be the main ransomware playground.  

• Trend Micro predicts that 2022 will see a dramatic increase in zero-day exploits breaking records of previous years. Zero-day exploits will fall into two areas: repurposing old and finding new exploits. 

• Information in IoT devices will become a hot commodity in the cybercriminal underground, spurring enterprises on to mind security gaps that might lead to data leakage or tampering. Companies in smart manufacturing will be exposed to more cyberthreats as they continue their transition to remote office work and the use of remote connection services.

• Commoditized malware tools will find more success in 2022 by targeting SMBs, malicious actors hoping to encounter less security defenses from their targets and less competition from other cybercriminals.  Attacks will emanate from SMB endpoints, online processes rely on cloud based services and platforms 

What is one thing that some companies might not be doing which would help them prepare for the future of cyber security, according to their predictions at Trend Micro?

More than ever now, organizations need to create a strong security strategy using a two-pronged approach:

• Organizations must implement a solid early threat detection and visibility response which removes the noise and focuses on quality indicators to identify high critical attacks in their environment. 

• Organizations of all sizes must apply a zero-trust model to keep their environments secure. 

Do you think that cyber security will be more difficult for businesses to protect themselves in the future?

It is certainly going to be difficult for businesses to protect themselves in the future. 

• Given organizations migration to the cloud was accelerated with the pandemic, cyber criminals are taking advantage of the gaps in the digital transformation process and will look to exploit sensitive data and resources. 

• With cyberattacks becoming increasing common, the continuing lack of skilled cybersecurity specialists is also an aggravating factor when it comes to securing organizations against cyber threats. Organizations will have to educate, enable, and empower IT security staff working in the frontlines to effectively tackle and mitigate cyber risks.

• Integrating security at the onset of the DevOps cycle will be important. 

• Given effective security posture of SMBs still remains a challenge, cyber criminals are sure to target these businesses. 

What are some new trends in the realm of ransomware that your company has noticed? Do you think hackers will target employees rather than executives or managers, as more and more work from home?

Organizations will have to steel themselves against modern ransomware attacks as Trend Micro identified two trends brewing in the ransomware ecosystem this year.  

• Ransomware attacks will become more targeted and highly prominent, making it harder for organizations to defend their networks and systems. There will also be an increase in ransomware attacks on the cloud and servers this year.  
• Ransomware operators will be employing increasingly complex extortion methods, 

such as exfiltrating data in order to monetize it. Their attacks will pose a challenge for security teams, as many enterprises have yet to invest in securing their servers as much as they have invested in securing their endpoints. 

How is your company preparing for these predictions and what advice can you give to other companies on how they should change their tactics as well?

We recognize that to remain competitive and relevant organizations must embrace digital transformation and be open to the many opportunities that come with it. But, digital transformation should be equal to security transformation. There are inherent risks expected as organizations transform and adopt more technologies. At the same time, these pose as opportunities to manage risk exposures. 

1. Increase Visibility: You cannot protect what you cannot see – To be able to have enhanced visibility, organizations need improved telemetry to filter out the noise and focus on the right signal. This will help to carefully identify external/internal threat vectors and be able to provide the security team meaningful data indicators to minimize and counter risks. 

2. Apply Zero Trust model – As work environments have expanded with the adoption of a hybrid work model, applying a zero-trust solution that incorporates full verification and understanding of risks on user accounts, activities, applications, and devices is important. This is imperative to address the ever-expanding connectivity needs of organizations and manage increased number of remote endpoints.

3. Change the Conversation from Security Budget to Business Risk: Acknowledge the unpredictable nature of cyber-attacks, that they are growing in complexity and numbers. The need for organizations to critically invest in their cybersecurity therefore, is non-negotiable.  More than investing in dollar value, organizations must look carefully into designing an active culture towards cybersecurity and promote the awareness of importance of cybersecurity as part of the current and future company growth plan.