Software cyberattack predictions for 2022
Tuesday, January 4, 2022
Nigel Thorpe, Technical Director, at SecureAge talks about software cyberattack predictions in 2022 and why they will be quiet, how cybercriminals will be trying to go unnoticed for a long period of time, and why software repositories will be a target for these quiet attacks.
Nigel Thorpe hails from a software development background and moved to the IT security industry with Entrust Technologies during the early days of PKI. His knowledge has benefited a number of security companies in the UK, Canada, and the USA, and he now serves as Technical Director at SecureAge Technology. With a wide range of experience in different business environments, Nigel is well equipped to support SecureAge's mission of simplified cybersecurity. His mission, which he eagerly accepted, is to introduce our breakthrough technology to organizations across the globe so they can reap the benefits of a data-centric approach to information security. Nigel is helping organizations protect what matters most - the Data. Thorpe shares his 2022 predictions about software development cyber attacks, and why online software development repositories will be a target.
It’s going to be oh so quiet for software development cyber attacks in 2022.
Quiet threats will be a feature of cyber attacks in 2022, according to Nigel Thorpe, technical director at SecureAge. “Rather than go for the one-hit, big attack, cybercriminals are increasingly looking to infiltrate an organization without being noticed for long periods of time,” says Thorpe. “This way, data can be exfiltrated from servers and endpoints at a slow and steady pace so as not to attract attention. And with the increase in the home or hybrid working, it is information on remote computers that is typically less well protected, which is most at risk. By the time these quiet attacks are detected, it’s often too late.”
Software cyberattack predictions from Nigel Thorpe
SecureAge’s Thorpe also believes that online software development repositories will be a target for these quiet attacks, while software vendors, will be increasingly targeted by sophisticated ransomware attacks. These quiet attacks enable the cybercriminal to alter code in the development process, so providing opportunities for very widespread and long-term attacks. These targets are appealing because they have the highest potential returns, with attacks potentially affecting huge numbers of end customers.
“This just goes to show that all data is sensitive and should be protected all of the time,” says Thorpe. “The traditional way is to try to stop cybercriminals getting to the data with increasing layers of defense and access controls. It’s time to change these habits and start to protect the data itself, whether at rest, in transit, or in use.”
Technologies such as full disk encryption are great if a software developer loses their laptop, for example, but are useless to protect data on a running development system. But with advances in technology and fast processing speeds, seamless data encryption can now be used to protect all data, structured and unstructured. This way stolen information remains protected and useless to cybercriminals.
"We need to start beating the ransomware criminals at their own games. After all, they can’t demand a ransom for data that is already encrypted before they get to it," says Thorpe.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more