Cyber security services company, Bridewell Consulting, has outlined its top cyber security predictions for the critical national infrastructure (CNI) sector for 2022. Compiled from the knowledge of its team of highly skilled consultants, coupled with data gathered from its 24/7 security operations centre in 2021, the company warns of the automation of security threats, increased risks for remote workers, and more nation-state attacks on the UK’s critical national infrastructure. 

1) Volume of threats from nation states will rise

CNI will face increased activity from nation state groups, which are likely to prioritise green energy targets given the global focus on the development of sustainable infrastructure. With currently only 20% of organisations seeing nation state attacks as a top risk, organisations will need to do more to strengthen cyber resilience. The oil and gas sector will also be the subject of more directed attacks from hackers-for-hire as they attempt to target high value income industries.

2) Ransomware will become automated

Human operated ransomware will be the biggest cyber risk for CNI in 2022. Different from traditional commodity ransomware attacks, we’ll see more cyber criminals with a high level of offensive security knowledge gain access to organisations and survey the environment for an extended period before launching a potentially devastating attack on data and systems. The risk presented by human operated ransomware will only increase as wormable variants such as WannaCrypt and NotPetya are utilised more. Additionally, automation will play a key part in the evolution of modern ransomware and malware attacks, with machine learning and AI used to remove some of the mistakes that allow businesses to respond to current threats.

3) Rise in 5G and connected systems and devices will increase risks

5G will continue to be rolled out globally in 2022 and increase the number of connected devices within organisations, particularly within industrial IoT. Already 84% of Operational Technology (OT) environments are accessible from corporate networks and of those that are not, 11% plan to make them accessible in the next 12 months. We expect to see more successful attacks as the growing number of facilities, systems and devices connected rise and the introduction of more government guidance and standards to bolster IoT security as uptake increases.

4) Organisations will turn to hybrid SOC models to plug skills gaps

With 84% of CNI decision-makers believing there will be a critical cyber security skills shortage in the sector, and many already lacking security professionals with the depth and breadth of knowledge of both OT and modern IT environments, we will see more organisations adopt hybrid Security Operations Centre (SOC) models. Organisations will turn to security partners to help develop more advanced capabilities required for running a cloud-native modern SOC, combining the cyber skills of in-house teams with the expertise of a Managed Security Service Provider (MSSP) to plug gaps in defences, while developing in-house expertise in tools and techniques including EDR, XDR and intelligence-based threat-hunting.

5) Focus will shift from prevention to detection and response

As the speed and complexity of attacks continue to grow, organisations will turn to managed security services, such as Managed Detection and Response (MDR) to strengthen cyber resilience. Companies will seek to implement early warning systems to alert on early signs of a potential breach and Security Orchestration Automated Response (SOAR) solutions, such as Microsoft Sentinel, will be critical alongside MDR in helping improve efficiency. Traditional tools such as anti-malware software and spam blockers will still be important, but these will increasingly be combined with proactive tactics, such as MDR, threat hunting, and ethical hacking to ensure any vulnerabilities are identified and mitigated immediately.

Martin Riley, Director of Managed Security Services at Bridewell, adds: “Critical national infrastructure remains a top target for cyber criminals with attackers expected to use new technologies to launch more sophisticated attacks and remain under the radar. As we head into 2022, threat detection and response will be critical in providing organisations with visibility into their operating and IT traffic and vulnerabilities, as well as analysing user and identity behaviour to provide the widest level of protection.”