Gordon Love, the Vice President for the Middle East and Africa at Mandiant, says 2021 was a year of change, where the company could continue to help its clients be confident in their cyber defenses
What challenges did the cyber security industry face in 2021?
Organizations faced a wave of ransomware attacks, and critical industries were often the targets. The number of attacks coming from low-sophistication threat actors increased, as well as those from major nation-state actors, including Iran, Russia, China, and North Korea. Actors from Iran are especially a threat to this region since they have in 2020 and 2021 used cyber tools in an aggressive way where they’ve mainly targeted Israel and others in the Middle East. This overall increase in cyber threats means organizations also faced more pressure to improve their security posture.
What promises does 2022 bring along?
One thing that is certain in the cyber realm is that change is constant. Organizations have a lot to keep in mind for next year but remaining vigilant will enable them to defend against emerging threats. Organizations will face new tactics from actors that are becoming ever savvier, and ransomware attacks will continue increasing, especially targeting Operation Technology (OT) and critical industries like healthcare, as attacks on these environments can cause severe disruption, putting more pressure on organizations to pay the ransom.
We expect that next year we will see Iran using its cyber tools in a much more aggressive manner to promote regional interests and continue to target Israel and others in the Middle East. They’ve shown their capability and willingness to use destructive malware, so they are expected to take advantage of any presented opportunities. Ultimately, Iran will try to create more of a power balance shifted to its own interests. Mandiant has seen them targeting abroad, but their targeting will most likely be regional throughout 2022.
According to you, which technologies will be in demand in 2022?
One of the technologies expected to continue growing in 2022 is the Internet of Things (IoT) devices. Many of these devices are inexpensive and manufactured without much consideration to security and so can be vulnerable to exploits. The number of vulnerabilities they introduce will make it hard for bug hunters to keep up. Because all these devices are connected, we’ll see the attack surface expand. There haven’t been enough emphases on the importance of ‘security by design’ when it comes to developing new IoT devices, so the situation will only get worse in the short term and it could take several years before a secure IoT landscape is realized.
What will be your key focus areas for 2022?
As digital transformation is happening faster than ever and technology is getting more and more refined and sophisticated, uncertainty in the cyber realm will continue, and we need to continue to help organizations stay ahead of this. The ransomware threat has grown significantly over the past decade and in 2022 will continue its upward trend.
Incidents involving ransomware attacks on critical infrastructure carry an urgency to pay, as they affect the civilian population and are particularly likely to occur. In 2022 we expect to see actors ramp up new tactics, such as trying to recruit insiders within their victims or targets. Thus, our focus for 2022 will remain helping our clients to strengthen their security posture against future ransomware attacks and make sure they’re as well prepared as possible.
How was 2021 for the industry and your company?
In October 2021, we completed the divestiture of the FireEye Products Business and rebranded as Mandiant. This reflects our strategy to focus on Mandiant’s security controls-agnostic solutions delivered through the Mandiant Advantage cloud-based platform.
Overall, 2021 was a challenging year with the cyber threat landscape continuing to change at pace, and the pandemic adding another layer of complexity with the challenges around securing remote work. If 2021 taught us anything, it is that ransomware isn’t going anywhere in 2022 and we need to be prepared for this.
For us at Mandiant, 2021 was a year of change but also a year where we could continue to help our clients to be confident in their cyber defenses through our combination of expertise, threat intelligence, and dynamic technologies.