As we go into another year where we must continue to adapt to the “new normal”, cybersecurity will continue to grow in size and importance.
At the start of the pandemic, we saw many cybersecurity analyst briefings rescheduled as working from home became a necessity, and analysts were needed to support new security requirements at that critical moment. This year is no different. As working from home becomes even more ingrained into society and everyday life; cybersecurity’s level of importance will continue to rise.
We spoke to leading cybersecurity analysts, including Maxine Holt, Senior Research Director at Omdia and her colleague Rik Turner, Principal Analyst, to get their thoughts on what we can expect to see as the key trends for cybersecurity in 2022. We also reviewed influential reports from Gartner, Forrester and more to gather more insights.
Ransomware, yet again, will be a buzzword in 2022!
Ransomware is a criminal business model that uses malicious software to encrypt something valuable for ransom. The concept of ransomware isn’t new, but given the low barriers to entry and effectiveness in generating revenue, it has become a multimillion-dollar criminal business and has displaced many other cybercrime models.
As we continue to move into a digitalised way of living, ransomware attacks will continue to spike. With the increase in the availability of international cloud infrastructure, the number of ransomware attacks will increase exponentially as they offer more scalable and standardised environments that threat actors from anywhere can access.
According to IDC’s 2021 Ransomware Study, approximately 37% of global organisations said they were the victim of some form of ransomware attack in 2021. It coincides with an increase in the average ransomware payment to a record $570,000 in the first half of 2021.
With RaaS’ (Ransomware as a Service) flexible business approach, attackers can purchase toolkits as part of a monthly subscription, lifetime fees and/or profit-sharing deals. It means the ransomware code is made readily available for both experienced and low-level hackers. Researchers at Group-IB found that almost two-thirds of ransomware attacks analysed in 2020 came from hackers operating on a RaaS model. With the easy-to-use service booming, it is no surprise that global ransomware damage costs are predicted to exceed $265 billion by 2031.
Supply Chain Cyber Attacks
Supply chain attacks made headlines worldwide in 2021, with the famous SolarWinds supply chain attack standing out due to its scale and influence. Supply chain cyber-attacks will be prominent yet again in 2022, linked to the cloudification and digitalisation trends that have been accelerated by the “new normal”.
Supply chain hackers will take advantage of a lack of monitoring within the organisation’s environment that can be exploited to perform any type of cyber-attack. Usually, these attacks will target smaller vendors within the supply chain. It will inevitably lead to a higher number of third-party incidents.
CloudBees surveyed 500 C-suite executives about the state of their organisation’s software supply chain, where 45% of the executives admitted that they are only halfway to securing their software supply chain. In the same study, 64% of executives wouldn’t know who to turn to first if their software supply chain was attacked. These are concerning results and only suggest the significance of supply chain cyber-attacks going forward.
Evolution of Risk
Cyber risk is measured using the equation likelihood x impact, where both parties are measured from 1-5, one being the lowest risk, and five the highest. Both scores will give us an overall cyber risk score, which can, unfortunately, be misleading, as a score with low likelihood and high impact will be viewed as low risk in the grand scheme of things, but the effect would still be considerable.
In 2022, risk will have to evolve to provide more mitigation. Linking back to the “new normal”, organisations will have to increase their digital resilience and turn to risk-driven security. This form of protection could save organisations money if they are brave enough to adopt it, as they will be able to uncover mistakes made in the past.
Zero Trust Network Security
As users, devices and application workloads continue to move and establish themselves outside the surroundings of the corporate network, organisations will have to continue to move away from enforcing network security solely at the network perimeter.
Although the concept of Zero Trust is not new, it is continuously growing in importance for organisations, and it will be no different in 2022. No user or device is trusted just because they have been allowed onto the network in a Zero Trust model. As a result, user and device authentication are stringent, but Zero Trust doesn’t stop solely at the entry point; it constantly scans devices and users for suspicious activity and behaviour to ensure the network remains a secure environment.
To conclude, we expect another big year for cybersecurity in 2022. As cybersecurity and risk management grow in importance at board-level for organisations, investment will grow exponentially. Cybersecurity is not just one thing; there are many layers and things involved under the umbrella that organisations must be prepared to protect against.