Remote work, the increasing adoption of digital technologies, and the resulting new habits that stem from it all are pushing considerable changes in the cybersecurity landscape. The attack surface for hackers to target has widened and threats have evolved to a point where most companies don’t ask if they’re going to be attacked, but when.
Incredibly enough, the cybersecurity efforts of many companies are still underfunded. A recent EY survey found that 39% of respondents see their companies’ cybersecurity expenses as inadequately factored into the cost of strategic investments. What’s more, 36% say that it’s “only a matter of time until they suffer a major breach that could have been avoided had there been more appropriate investment in cybersecurity defenses.”
Maybe that’s why it’s important to check some of the cybersecurity forecasts for this year, as understanding what’s coming might help certain executives realize the need for increased investment in cybersecurity. That’s why we rounded up the 5 biggest cybersecurity trends for this year.
1. The Looming Presence of Ransomware
According to the European Union Agency for Cybersecurity, we’re living in the “Golden age of Ransomware” and, boy, are they right. As the report shows, ransomware attacks increased 150% during the first year of the pandemic alone. Unfortunately, you can expect that number to go up during 2022 and beyond.
There’s a combination of factors that offer fertile ground for ransomware to flourish. First and foremost, more people are working remotely, which increases the number of potential victims of phishing attacks, which, in turn, are the first step of ransomware attacks. After a hacker compromises an employee’s credentials, they use it to access the corporate network to infect it with a virus that locks files through robust encryption. They then ask for a ransom.
Another important factor to consider is the rise of ransomware-as-a-service (RaaS) kits. These packages offer all the tools and documentation needed to conduct a ransomware attack, providing easy access to harmful technology to anyone interested in it. Both of those factors, along with the rapid increase in the ransom amounts, explain why this type of attack has become so popular over the last couple of years—and why it’ll remain at that top spot for the foreseeable future.
2. An Interconnected Network of Vulnerabilities
The Internet of Things (IoT) is getting bigger and bigger by the minute. In fact, predictions estimate that it’ll reach 11.57 billion devices by the end of 2022. Unfortunately, that level of popularity comes with an evident threat—as more devices get connected to the IoT, the chances for cybercriminals to hack into them rise as well.
The IoT is plagued with cybersecurity horror stories, which come to show that hacking these devices isn’t as hard as you might think. And while some hacks might seem harmless (what’s the worst that could happen with a hacked kettle?), the reality is that any IoT device can work as a gateway to entire networks (that kettle can help a hacker make their way into a smartphone or PC).
The increased adoption of IoT devices across industries, the deployment of 5G and edge computing, and the steady growth of smart devices all contribute to the appeal of the IoT for hackers in 2022, especially because there are fundamental flaws in the IoT’s design that sometimes turn it into an interconnected network of vulnerabilities.
3. More AI Cybersolutions (And Cyberthreats)
The use of artificial intelligence keeps rising and it feels like nothing can stop it. That’s because AI-powered solutions are getting more powerful and can now cover more varied uses. Case in point: cybersecurity. Solutions that use AI to identify potentially harmful activities are now becoming a norm across the board.
The idea is fairly simple, as it imitates what AI solutions do in the financial industry for fraud detection. Basically, AI analyzes multiple events per second within any corporate network, paying special attention to suspicious activity in key areas. AI helps pinpoint damaging behaviors and prevents further action, containing the harm or putting human teams on alert in real time.
As helpful as AI cybersolutions are, the main reason why their adoption is becoming widespread has to do with the evolution of cyberthreats, which also leverage AI.
Many cybercriminals are using AI to scale and perfect their attacks. Some use AI to optimize their social engineering efforts while others use it to identify vulnerabilities across networks. The worst part is that AI cyberthreats work quickly and can even trick AI cybersolutions, which is why security teams are adopting a hybrid approach that combines AI with human management to better tackle automated threats.
4. Identity-first Security Takes the Spotlight
Gartner had already pointed to identity-first security as one of the trends for 2021 but it seems that the approach will gain the proper traction during 2022. For all of you unaware of what this approach means, it’s enough to say that it’s all about managing and monitoring identities individually rather than dealing with access on a more corporate-wide basis.
The idea of identity-first security is to provide better control over privilege escalation, entitlement exposures, credential misuse, and other common practices used by hackers to access corporate networks. All in all, identity-first security aims to provide the right individuals and devices the proper access to only the essential resources at the right time and only after proper justification.
The important thing here is that we’re not just talking about human users anymore, mainly because corporate networks are relying more and more on smart and automated devices. Thus, adopting a zero-trust stance, companies will now start focusing on dynamically dealing with the identities of everyone and anyone within their networks and at all times.
5. More Regulation and Government Involvement
We all know how it goes: Technology evolves so fast that regulation almost always fails to properly police and regulate it. While that will continue to be so for a while, the cybersecurity sector is about to be treated differently. More and more governments are starting to get worried about the potential damages stemming from cyber attacks. This surely has to do with the increase in attacks targeting critical infrastructures.
That’s why 2022 will see speedier regulation coming into play with the objective of better controlling the situation. Some of the potential ways in which this can take place include heftier penalties for cybercriminals, increased legal obligations for CISOs, and regulatory frameworks for dealing with ransoms related to cyberattacks.
Naturally, the governmental response to the increase in cyber attacks will be disparate, although most of the developed countries have already shown signs of being working in legislation with that objective.
A Year to Act
While the trends above might paint a bleak picture, the reality is that the entire business world shouldn’t despair, but rather take them as warnings that should motivate them to act. 2022 will be a challenging year for cybersecurity teams everywhere, especially given the sheer amount of attacks and their ever-increasing sophistication.
Fortunately, the entire business world has 2 powerful tools to face the looming threat. On the one hand, new technologies might multiply the vulnerabilities, but they can also help prevent and mitigate attacks. On the other hand, training is still crucial to contain and limit attacks. Combining both is the perfect first step towards better prevention in 2022, a year that’s inviting everyone to act against cyberthreats.