Well, 2021 was quite a year in the cyber security world! Due to the increased complications that were introduced by the continued move to remote work, the pandemic introduced new cyber threats to all types of businesses, and we can no longer rely on the data protection methods that were used in the past. In fact, 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete. (Although, how hackers can be polled when we don’t know where they are is a mystery.)
Currently, 2022 is predicted to be a banner year for cyber criminals, and if businesses don’t up their cyber security game, we predict they won’t be around by this time next year. An ominous prediction? Yes. But it’s not just humans that are the threat anymore. Cyber criminals are implementing new hacking tools like: AI, machine learning, and digital twins, to gain access to – and manipulate – your systems.
Think Cyber Insurance is the cure? Think again. In the last year, we have seen insurance companies introduce increasingly complicated policies – what was once a one page form at this time last year, is now more than 10 pages – that demand you adhere to extreme security requirements before issuing policies. In short, cyber insurance companies exist for one reason to make money. So, they can use all of the information you provide to reject claims based on gross cyber security negligence.
According to Embroker, “Cybercrime, which includes everything from theft or embezzlement, to data hacking and destruction, is up 600% as a result of the COVID-19 pandemic. Nearly every industry has had to embrace new solutions and it forced companies to adapt, quickly.”
Okay, but what do we need to be thinking about in regards to cyber security in 2022?
According to excerpts from an article by Infosecurity Magazine, they wrote, “Organizations are undoubtedly more vulnerable to attacks due to factors like increased digitization, the shift to hybrid working, and a growing reliance on global supply chains. On a positive note, there are clear signs that public and private sector organizations are taking the issue of cybercrime far more seriously than ever before and are laying the framework for resilient security in the future. With this in mind, Infosecurity has set out our top 10 information security predictions for 2022, using insights from industry experts.
1. Evolution of Cyber Insurance
The role of cyber insurance has increasingly been highlighted over the past year, largely as a result of surging ransomware attacks and demands. Much of this coverage has been controversial, with many industry professionals believing insurance payouts to victim organizations are fuelling these attacks. Nevertheless, it is clear that the increasingly dangerous threat landscape has increased the relevance of the cyber insurance industry, and it will be a vital part of organizations’ cyber-resilience going forward.
Daniel Soo, a principal at Deloitte & Touche LLP, explained: ‘With cyber-attacks on the rise, leadership discussions on cyber insurance are rising as well. As the attack surface evolves, so do changes in policy coverage terms and costs. Cyber insurance is one piece of the cyber program management and financial optimization puzzle that leaders are constantly working on.’
2. Deepfake Technology Used to Commit Fraud
As deepfake technology becomes increasingly sophisticated, it is likely to be utilized on a much wider scale by cyber-criminals and fraudsters. The potential to dupe victims by accurately impersonating individuals by video or audio is extremely worrying.
‘AI & machine learning will make scam ploys more believable to consumers: As deepfake technology gets better and easier to use, it will become a useful tool for criminals, scammers, stalkers, and activists,’ according to Steve Wilson, UK & Ireland Director at Norton.
This is a view shared by Alon Arvatz, senior director of product management at IntSights. ‘Based on the hacker chatter that we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019. Based on this, we can definitely expect hacker interest in deepfake technology to rise, and will inevitably see deepfake attacks becoming a more utilized method for hackers in 2022,’ he highlighted.
3. Growing Role of AI to Combat Cybercrime
While advances in AI provide opportunities for cyber-criminals to strike, they can also be harnessed to detect and remediate cyber threats, which is critical amid rising attacks on organizations.
Preethi Srinivasan, director of innovation at Druva, highlighted its vast potential in the context of ransomware attacks: ‘AI and intelligent automation will play a crucial role in the fight against ransomware. It is not the need for new AI/ML developments but the need for data protection and resiliency solutions to collect, process, and analyze end-to-end metadata at scale using AI/ML at each step. Readiness, remediation, and recovery will empower the fight against ransomware.’
4. Continued Growth of Data Protection Legislation
The rise in data protection legislation is also expected to translate into continued growth in financial penalties for organizations that experience data breaches. Elizabeth Schweyen, senior manager, global privacy and compliance at Druva, added: ‘Because companies continue to have more and more data on individuals at their disposal, the number of individuals and the volume of data impacted by data breaches will continue to grow. An obvious outcome of larger data breaches is increased fines. And, with more data privacy laws being passed, there is a greater likelihood that organizations experiencing a violation will be fined in multiple jurisdictions.’
5. Increased Adoption of Zero Trust
As hybrid working models become established in organizations, experts predict increased adoption of zero trust security models next year. Zoom CISO Jason Lee said: ‘Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the zero trust approach to security. I believe that companies need these tools to make sure their employees can get work done as safely as possible from wherever they are – commuting, traveling, or working from home – and that all of their endpoints are secured with continual checks in place.’
6. New Approaches to Cyber-Awareness Training
It has been well recognized that the shift to hybrid working has increased individual employees’ exposure to cyber-attackers, leaving businesses more vulnerable to breaches. ‘Most breaches happen the same way – stolen credentials, social engineering, or common vulnerabilities in unpatched software that are exploited. What has changed is our level of vulnerability due to societal changes – the attack surface is everywhere now,’ explained Peter Albert, CISO of InfluxData.
Therefore, responsibility for an organization’s cybersecurity cannot solely lie with IT teams anymore and instead should be shared throughout an entire workforce. Albert added: ‘IT leaders shouldn’t think of security as a separate entity with a siloed team and resource. Security must be distributed and embedded into the organization and baked into every aspect of the stack, meaning security is incorporated into the day-to-day of every department. That way, the entire company becomes the security team.’
7. Increased Focus on Supply Chain Risks
Zoom’s Jason Lee said, ‘In security, you always need to be thinking ahead about what might come down the pipeline. From SolarWinds in December 2020 to Kaseya in 2021, our industry saw a distinct increase in supply chain attacks. CISOs and CSOs will need to make sure their vendors are also secure. This includes looking at third parties related to the business and assessing how to best manage any risks.’
The need to stringently assess suppliers and partners will increase the relevance of third-party risk management teams in the view of Kevin Dunne, President, Pathlock. ‘Third-party risk management teams will likely play a key role in developing programs to track and assess software supply chain security, especially considering they are usually the front line team,’ he commented.
8. Organizations Will Strengthen their Cloud Resiliency
There has been a significant growth in cloud adoption to help facilitate hybrid working during the COVID-19 pandemic. Many experts now expect organizations that have made this move to enhance the resiliency of their cloud services next year.
David Gildea, VP Products at Druva, believes cloud providers will be increasingly competing on this issue. ‘Cyber-resiliency has now become the number one item with respect to moving to the cloud,” he outlined. “Every conversation with customers will now start and end with cyber-resiliency. This will be the biggest differentiator between cloud providers – those that have really increased their cyber-resiliency through acquisition or native tools, are the ones that will win the cloud.’
This desire for resiliency may fuel a rise in multi-cloud architectures, according to Keith Neilson, technical evangelist at CloudSphere. ‘Companies already in the cloud will continue to evolve and rationalize their multi-cloud strategies for any number of reasons that may include pricing, availability, license bundling and other factors. Because of this, we will see more cloud-first enterprises moving resources from one cloud to another,’ he explained. ‘So, while such an enterprise may have a steady percentage of its assets in the cloud over time, those assets will be spread across a more diverse third party landscape of multiple cloud providers’.”
Predictions, by their very nature, are subjective. So, let’s see what Forbes thinks…
In excerpts from an article called, The Five Biggest Cyber Security Trends In 2022, by Bernard Marr, he wrote, “The changed world we’ve found ourselves living in, since the global pandemic struck in 2020, has been particularly helpful to cybercriminals. Nothing illustrates this so well as the SolarWinds hack, described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time, the reverberations of which have been felt throughout 2021.
Homeworking, the ongoing digitization of society, and the increasingly online nature of our lives mean opportunities for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and businesses to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks!
So, let’s take a look at the most important and significant trends affecting our online security in the next year and beyond while throwing in some practical steps we can all take to avoid becoming victims:
Similar to the way in which it is used in financial services for fraud detection, artificial intelligence (AI) can counteract cybercrime by identifying patterns of behavior that signify something out-of-the-ordinary may be taking place. It’s the predictive powers of AI that make it so useful, which is why more and more companies will be investing in these solutions as we go into 2022.
Unfortunately, cybercriminals are also aware of the benefits of AI, and new threats are emerging that use technologies like machine learning to evade the protective measures of cybersecurity. This makes AI even more essential [for businesses]– as it’s the only hope of counteracting AI-powered cyber-attacks!
The growing threat of ransomware
There were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. Research by PwC suggests that 61% of technology executives expect this to increase in 2022. Once again, we can largely blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.
Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.
Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing details or clicking a link that downloads the ransomware software onto a computer. However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common.
Education is the most effective method of tackling this threat, with research showing that employees who are aware of the dangers of this type of attack are eight times less likely to fall victim.
The Internet of Vulnerable Things
The number of connected devices – known as the internet of things (IoT) is forecast to reach 18 billion by 2022. One consequence of this is a hugely increased number of potential access points for cybercriminals looking to gain access to secure digital systems.
The IoT has long been recognised as a specific threat – attacks that have been identified in the past include hackers using connected household appliances like fridges and kettles to get access to networks, and from there go on to access computers or phones where valuable data could be stored.
In 2022 the IoT is also getting more sophisticated. Many organizations are now engaged in the development of “digital twins” – comprehensive digital simulations of entire systems or even businesses. These models are often connected to operational systems in order to model data gathered by them and may offer a treasure trove of data and access points to those with nefarious intentions.
In 2022 we will undoubtedly continue to see attacks on IoT devices increase. Edge computing devices – where data is operated on as close as possible to the point it is collected – as well as centralized cloud infrastructure is all vulnerable. Once again, education and awareness are two of the most useful tools when it comes to protecting against these vulnerabilities.
Cybersecurity strategies should always include a thorough audit of every device that can be connected or given access to a network and a full understanding of any vulnerabilities it may pose.
Cyber-security risk and exposure a key factor in partnership decisions
Any cybersecurity operation is only as secure as its weakest link, which means organizations increasingly see every link in a supply chain as a potential vulnerability. Due to this, businesses will increasingly use cybersecurity resilience and exposure as a determining factor in choosing who they will partner with.
[Because of the strict legislation that is currently in place], more organizations are at risk of huge penalties if they make information security slip-ups. This means every partner that potentially has access to an organization’s data or systems will be rigorously vetted.
Businesses that aren’t able to answer questions about their cybersecurity arrangements or ratings will increasingly find themselves out in the cold. In fact, Gartner predicts that industry-standard security rating schemes will become as important to companies as credit rating agencies.
Regulation starting to catch up with risk
According to Security Magazine, 2022 is set to be the year when regulators pull out the stops in order to get on top of the situation. One consequence of this could be an expansion of penalties – that currently only cover breach and loss – to also cover vulnerabilities and exposure to potential damage. Another may be an increasing number of jurisdictions passing laws relating to making payments in response to ransomware attacks.
We could also see a growing number of legal obligations handed to Chief Information Security Officers, in line with the responsibilities of Chief Financial Officers, in an attempt to limit the impact of data thefts, losses, and breaches to customers.
While [all of] this will inevitably increase the burden of those responsible for information security in businesses, in the long term this will only be a good thing. Today, more than ever, building consumer trust is essential for organizations that want us to give them the privilege of access to our valuable personal information.”
At Adaptive Office Solutions cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues, concentrate on running your business, and lower your costs through systems that are running at their prime; creating greater efficiency.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at email@example.com