Stay on top of your cybersecurity over the next 12 months and beyond.
Over the past two years, the world has operated in fight or flight mode. Hasty reaction to the global pandemic has led to an abrupt adoption of remote and hybrid working practices. In response to this, cybercriminals have worked at a pace to adapt their strategies and tactics to exploit loopholes created by this new working style. The resulting influx of cyber threats has been alarming. We investigate the latest cybersecurity threats and trends and predict how they will impact the cybersecurity landscape for 2022.
Cybersecurity is a rapidly evolving sector, with a constantly changing landscape. However, the digital transformation caused by COVID-19 has resulted in some of the most alarming statistics in cybercrime to date. 2021 saw the highest average cost of a data breach in 17 years as well as the largest ransomware fee (US$70 million), ever demanded.
Security managers have no choice but to respond promptly and assertively to ensure they stay ahead in the cybersecurity game.
Looking ahead to 2022, it’s never been more vital to incorporate cybersecurity into your annual strategic business plan. Here, we’ve analysed the threat landscape and made our predictions on trends that pose the most risk in 2022 and beyond.
Data privacy as an increasing concern for businesses.
Organisations are becoming more aware of data breaches. With the introduction of GDPR, it is rightly becoming a higher priority. However, 2021 was a record-breaking year for the number of data breaches that occurred.
Home wireless networks are generally more vulnerable to attacks than businesses with VPNs. As such, remote workers will remain a focus for thieves looking to hack into business networks and steal sensitive data.
Data breaches cost UK businesses an average of £8,460. As such, organisations must place more emphasis on educating employees on the risks, tactics, and response mechanisms associated with cybercrime. Data privacy officers, role-based access control, multi-factor authentication and external assessments are all vital.
Ransomware as a primary threat to organisations.
Ransomware isn’t a new threat, but it is still rising. The European Union Agency for Cybersecurity documented a 150% rise in ransomware in 2021 and expects that trend to continue in 2022. This is due to the increased digitisation of businesses alongside the continuation of remote working.
Ransomware is a relatively easy way for criminals to access money, but in more recent years, they have become thirsty for more. Ransomware threats now include different pressure tactics, such as blackmail with the threat to disclose personal information to business partners, competitors and the media.
Updated security policies and employee training will help reduce the risk of ransomware to your organisation.
Smarter social engineering taking advantage of human nature.
The rise in social engineering attacks is an alarming trend. This tactic covers activities that manipulate human behaviour. Cybercriminals will use any possible angle to exploit employees, using psychological tricks to encourage victims to download malware or hand over sensitive information.
These threats have become more concerning amid widespread remote working. Individuals working from home are a much easier target than those on an employer’s network.
Tactics include individuals contacting companies and pretending to be a specific person. They’ll ask questions and coerce victims. They’ll then use this information for personal gain.
Social engineering doesn’t require any coding or malware development knowledge. The criminal only needs to be convincing enough to allow for human error or complacency. This rewards them with all the data they need. Presenting an alarming opportunity for cybercriminals to exploit.
The evolution of the Internet of Things (IoT).
The Internet of Things (IoT) describes a network of physical devices that all connect to the internet and share data. ‘Things’ can include video doorbells, smart speakers, and wearable tech. These devices can provide cybercriminals with a mine of valuable information. By 2026, it is estimated that there will be 64bn IoT devices around the globe, with the trend towards remote working further driving this increase.
Most IoT devices don’t have enough storage capacity to install appropriate security measures. This means it’s difficult to protect them. As a result, they often contain easily accessible data such as usernames and passwords that can be used to log into accounts and steal valuable information. Criminals have also been known to use internet-based cameras and microphones to spy on people.
These devices act as weak points in a network. Cybercriminals can gain access to entire systems through unsecured IoT devices. As a result, IoT attacks are one of the most discussed cyber-security trends for 2022.
The growth of cloud security threats.
With more and more organisations now connected through the cloud, cloud vulnerability continues to be one of the hottest topics in cybersecurity for 2022. 2021 saw a major surge in cloud spending, which reached $13bn in Q3 2021. This trend is predicted to continue as cloud-based services become a way of life for businesses.
Cloud services offer significant benefits in terms of cost savings, efficiency and scalability, but they are also a prime target for cybercriminals. Mismanaged accounts and misconfigured settings can be a significant cause of data breaches and unauthorised access.
The Increase of AI
The development of AI and machine learning has brought with it significant changes in cybersecurity. AI is now being used by organisations to understand threats and improve security infrastructure. It also makes it possible to analyse vast quantities of risk data at a pace.
However, while AI poses significant opportunities for robust threat monitoring and detection among businesses, cybercriminals are also taking advantage of this technology, using it to identify vulnerable applications, automate and scale attacks, and undertake data poisoning.
Cyberattacks can often cost cybercriminals a great deal of time and money, so highly advanced and destructive AI malware is expected to grow in capability and sophistication over the coming years.
Widespread threats to mobile security
The digital transformation has seen a rapid acceleration in the growth of mobile. For many, it’s now natural to switch between a desktop to a mobile phone, as well as using mobile networks and public Wi-Fi.
From personal information to work-related data, mobile devices are convenient, but mobile threats are becoming ever more prevalent. From phishing attacks to sophisticated malware, mobile security threats are on the rise and mobile devices now account for more than 60% of digital fraud.
Unsecure networks also pose a risk to mobile devices. Attackers exploit the opportunity to intercept traffic through man-in-the-middle (MitM) attacks, often executed through rogue access points which take advantage of common and trusted Wi-Fi names.
The Takeaway.
As we adapt to a new normal in the wake of the pandemic, this age of accelerated digital transformation is providing cyber criminals with a plethora of opportunities to cause harm to individuals and organisations.
The National Cyber Security Centre offers helpful information to companies planning their remote working strategy. You can also read our blog article, which contains a number of tips to help keep your corporate network secure when employees are working from home.
For more information, advice and support to keep you safe in the face of the latest cyber threat trends, get in touch with SupPortal today.