Kevin Gosschalk, Founder/CEO of Arkose Labs is an industry expert on the evolving fraud and cybercrime landscape.
getty
As we round out another year, the world continues to be filled with uncertainty. Issues such as volatile economic markets, inflation, supply chain snarls and new variants of the Covid-19 virus are dominating the headlines.
Fraud and cyberattacks are also expected to become more frequent and more volatile as we move into 2022. Attackers never rest on their laurels and are continually adapting and evolving their techniques for maximum profitability. Attack patterns that digital businesses saw in 2021 will likely change and shift as new threats emerge.
With that in mind, here are some of my predictions for some of the notable fraud and security trends businesses can anticipate in the coming year.
The Continued Rise Of Credential Stuffing
Credential stuffing, whereby attackers use automation to try different usernames and passwords at scale in order to break into accounts, saw massive increases in 2021. Expect that to continue. The Arkose Labs network detected a 98% increase in credential stuffing attacks over the past 12 months. These are popular because even the novice fraudster can do them; the tools available are readily available on the internet and require little to no technical knowledge. Expect to see credential stuffing attacks double in number again in 2022.
Increase In Synthetic Identities
Attackers have been accumulating massive amounts of personal information over the years, and more and more breaches expose this sensitive data. Therefore, I think one of the biggest trends in 2022 is going to be a sharp spike in synthetic identity fraud. Fraudsters are going to manipulate the data they’ve been scraping and collecting to create fake identities to defraud businesses, especially in the financial services area and around new fintech subcategories like buy now pay later. Attackers will seek to take advantage of platforms that offer quick signups or quick decisions on things like loans to commit synthetic ID fraud before they are detected.
Broadening Of Data Privacy Regulations
Recent years have seen an increase in the number of privacy laws enacted globally, such as the EU’s GDPR. As access to consumer data continues to be a much-discussed topic in legislatures and government bodies around the world, along with the ever-increasing rise of data breaches, it follows that countries will impose even more stringent laws around how and why consumer data can be accessed. For fraud and security teams, this means it could make it even more difficult to profile what “good” and “bad” users look like and what fraudulent behavior looks like, as they will have less access to data for modeling.
Privacy Features Will Increasingly Impact Cybersec Teams
Speaking of privacy, fraud and security teams will face increasing challenges in telling good traffic from bad due to the broadening implementation of user privacy features. Apple, for example, now allows Safari users to their hide their IP address so it can’t be linked to other online activity or used to determine their location. Such features make it more difficult for fraud and cybersec teams to identify and track bad actors online. Being privy to less data makes it more difficult to create models around what suspicious behavior looks like.
The Great Resignation Affects Cybersec
It’s likely you have not been able to browse any news site or social media feed this past year without reading about “the great resignation.” How might this affect the world of security? Cybersecurity is a stressful line of work, and CISOs should make an effort to ensure their employees aren’t burnt out. In fact, Forrester predicts that 1 in 10 experienced security professionals will leave the industry in the coming year, and cites research that 51% of cybersecurity professionals reported experiencing extreme stress or burnout over the past twelve months.
These are certainly challenging times for those of us in the fraud and security space — but exciting times as well. There are new challenges which we must face as we continually adapt and evolve to meet the latest threats. I’d like to wish all of the readers out there a happy and, most importantly, a safe 2022.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Follow me on Twitter or LinkedIn. Check out my website.