Cybersecurity – Identity and Access Management: what’s on Australian Manufacturers’ cyber cards for 2022

As we near the end of the first of two weeks in our Cybersecurity – Identity and Access Management series, John Yang tells us what we can expect from the rest of the year. 2022 is expected to deliver supply chain attacks, cyber cold war escalation, cyber insurance pressure, and more, as Yang explains.

2021 was a year rich in pandemic twists and turns, and in cyberattacks.

Never have organisations been so vulnerable to rampant cybercrime. Ransomware attacks in particular were widespread and manufacturing was one of the top industries targeted. 

As Deloitte pointed out, manufacturers are increasingly victim not just of traditional malicious actors but of competing companies and nations engaged in corporate espionage, putting extra pressure on an industry already under a lot of strain. 

Even adversarial nation-states are now using ransomware techniques to carry destructive attacks, in some instances not even to ask for a ransom but just to create disruption. 

Here is a list of what Australian manufacturers should prepare to face in 2022.  

Ransomware will continue to rise, with hybrid attacks more common

With all the gains from the ransomware attacks carried in 2021, cyber gangs are not ready to stop their endeavour. 

The availability of easy-to-use tools to mount attacks also mean that we can expect other, less experienced cyber groups to carry successful attacks. 

But ransomware shouldn’t be the only worry. Cyber criminals are diversifying their means and now use multiple attack vectors and techniques at the same time to try and elude cyber defences. This means that if an attack vector gets discovered, there should be an assumption that other attack methods not yet found are also in progress. 

The cyber Cold War and supply chain attacks will escalate

We’ve seen the dramatic impact that disrupted manufacturing processes and supply chain operations can have on entire nations. Such disruptions are seen as opportunities by cyber gangs, making manufacturers and their partners the perfect target.  

Analysts expect an escalation of this cyber Cold War in 2022, with industry commentators warning that there could be military responses against gangs or national assets if there are attacks against critical infrastructure and industries. 

Cybercriminals will increase their use of defender tools 

Organisations are using more and more advanced technologies to fight cybercrime. But it turns out these are also the technologies used by cyber criminals. 

Recently, we’ve seen criminals starting to use suites created for defenders. This trend will continue expanding in 2022, meaning it is in organisations’ — and manufacturers’ — hands to be the ones on top of the latest cyber defence technologies. 

Cyber insurance will become harder to obtain

Manufacturers looking to get or renew an insurance against cyberattacks will face more scrutiny as experts appointed by insurers will want to audit the organisation’s cybersecurity measures in much detail. 

Premiums and deductibles are expected to be higher, and organisations will need to demonstrate that they have really taken all the precautions they can against cybercrime. 

This pressure is likely to become a driving force in an overall improvement in business cybersecurity practices. 

Government regulation will increase

As the impact of large-scale or very targeted attacks on critical services and industries are growing concerns for Governments, we can expect more regulations around cyber defences requirements and how organisations impacted by cybercrime respond. 

Mandatory reporting of ransomware attacks, data breaches, and possibly a ban on paying attackers are all likely to be enacted in several countries in 2022. 

Strengthening cybersecurity in 2022

Manufacturers need to understand that no matter how strong their cyber defences are, cyber criminals will always try to find gaps and get the upper hand. 

There are three priorities to put on every cybersecurity’s shopping list for 2022: 

1. System updating to apply rapid patches is more important than ever as cybercriminals are watching for recently announced patches to immediately start scanning systems on the internet to try and find vulnerable servers. 
2. Securing file transfers and closely monitoring networks is essential to ensure any anomaly or risk is detected and be mitigated in a timely manner.
3. Including supply chain third parties as part of manufacturers’ cyber security posture and strategy is not optional (criminals know that the supply chain provides many weak links). Cybersecurity defences and strategies need to go beyond focusing on the company’s own infrastructure and endpoint devices.

Manufacturers are key to the Australian economy and have a great opportunity to contribute to the next phase of the pandemic recovery. Investing in strong cybersecurity measures and technologies isn’t an option, it will be a determining factor in building resilience and sustaining operations for what will likely be another very interesting year.

John Yang is Vice President APJ at Progress

@AuManufacturing’s Cybersecurity – Identity and Access Management series is brought to you through the support of Thales Cloud Protection & Licensing (CPL).

Subscribe to our free @AuManufacturing newsletter here.