The world has changed since the beginning of COVID-19 pandemics. We can feel that in every aspect of our lives, but particularly in how we work and how businesses operate.
Scattered workforces and an increased reliance on digital architecture and cloud systems have left vulnerable cybersecurity gaps in the way that many organizations run. Our personal and professional lives are more online than ever, and cybercriminals have taken advantage of this with increasingly sophisticated attacks.
The SolarWinds supply-chain chaos experienced by Microsoft, other Fortune 500 companies, and many US government agencies, is a good example of this. Technology has evolved rapidly, and security teams are being forced to do the same.
Protecting yourself and your company from cybersecurity threats is, therefore, more complex than ever before, but has also never been more important. Equipping yourself with the right information is the first step to safeguarding your business.
The current state of the cybersecurity industry
An IDC survey found that over one-third of organizations across the world experienced some form of a critical cybersecurity incident in the last year.
In many cases, the incidents were not isolated - organizations that fell victim to ransomware were often targeted more than once. Ransomware is perceived as being the biggest threat, particularly in the manufacturing industry and financial institutions, with ransoms averaging around a quarter-million dollars.
As a result of these growing statistics, cybersecurity has a renewed importance. Security procedures and data protection measures are being stress-tested and renewed, and there is greater sharing of knowledge when a potential threat arises.
The IDC Perspective has shared eight pieces of critical knowledge for making a more robust cybersecurity plan that will stand the test of time. At Netguru, we have our own set of cybersecurity standards that form the baseline for our work.
Staying on top of cybersecurity trends is essential to protecting your organization. You need to be aware of new threats, how familiar threats have evolved, and the new measures and recommendations that will help to keep your data safe. We’ve rounded up the top 10 cybersecurity trends for 2022 to set you in good stead.
Emerging Cybersecurity Trends
Be aware of the kind of cyber-attacks you might be most vulnerable to, and learn how to protect your organization and its data.
Further escalation of data breaches, leaks, and ransomware attacks
The COVID-19 pandemic has been a catalyst for rapid changes in how businesses operate. Technology has evolved at a rate that was too fast for the necessary security measures to keep up. Its complexity has skyrocketed, and keeping complex systems secure enough is challenging. In addition, the huge increase in available data online has increased its currency and its value to businesses as well as hackers, leading to more successful, more profitable data theft attacks.
Opportunities for geopolitical and financial gain (when global relationships are particularly fragile in the current medical, military, and climate emergencies) are a good motivator for high-level hacks. Often, regions without the security resources or defenses they need will suffer a higher number of threats.
A particularly relevant example of this is the ongoing war between Russia and Ukraine, in which cyberattacks play a notable part. Though examples of cyberattacks on Ukraine can be traced back through many years, one prominent instance occurred in the run-up to the Russian invasion: so-called ‘wiper’ malware was deployed on Ukrainian government institutions and agencies.
It is clear that, in the face of global fragility, the number of attacks on data is on the rise, and this is unlikely to slow down. In 2022, cybersecurity experts will be an integral part of global digital acceleration.
Remote work threats
The transition to remote working during the course of the pandemic was done hastily, with little warning, which meant that the security infrastructure was not properly set up, tested, and protected before it came into use. Cloud security measures were left misconfigured for many businesses, home computers lacked thorough security, and individual employees were left vulnerable to phishing scams by email, text, or calls.
Features such as multi-factor authentication (MFA, which requires an employee to have access to multiple devices), and restricted access for employees at different levels, help to minimize opportunities for ransomware threats. Every employee must be verified at every step, with no default clearance. Advanced password-free user verification, created with artificial intelligence (AI) and biometrics, has already changed the way we use our personal devices, but this is set to become even more robust for businesses.
However, the added reliance on Internet-of-Things (IoT) devices that came with a move to remote working is problematic at its very core. To stay connected, employees are using their mobile devices, such as phones, tablets, and laptops, to access sensitive information (when access is granted), but IoT devices intrinsically have weaker security controls. So, building the security network needed may be more complicated than implementing measures such as MFA and AI verification, especially in very dynamic, “pandemic” environments.
An appropriate security architecture, designed for dynamic and fragmented work environments, is needed to correct the problems and security vulnerabilities that arise from remote working. The Zero-Trust Architecture provides this security, by reducing the responsibility of individuals and keeping control of all devices and systems in one central hub. Key features of zero-trust include Context-Aware Access, exhaustive logs of all devices on the system, alongside strong user identities for those who use them, authentication at many different levels, up-to-the-minute health and status reports on devices, policies that reflect data and service value, and a blanket distrust of all local network security.
Privacy and regulations
With awareness on the rise, it follows that there will be increased interest from governments. The response will be to add further regulations to the internet, including defining a more rigid approach to cybersecurity. Failing to adhere to these new regulations results in fines and a bad reputation for the company concerned.
One example of this is the increased focus on cookies. Every website will give users the option to opt-out of having their data collected, and legally (in Europe) this option must be clear. Often, the option to opt-out of cookies is not clear and requires website visitors to navigate to a different page and turn off each type of cookie individually, which can be frustrating. This is exactly the sort of practice that governments are likely to crack down on.
Another example of tightening data security is the European ruling to restrict and regulate data transferred from the EU to the US via Google Analytics, when it concerns EU citizens. Services such as Analytics receive a huge amount of personal data, so mitigating how this sensitive data is collected, stored, and then transferred globally, is of increasing concern.
As cyberattack opportunities and potential profits increase, so does its popularity. With Cyber-crime-as-a-Service (CaaS), attackers can now rent or buy the tools they need to launch an attack on the dark web. More time can be spent planning a successful attack and researching the companies most likely to pay ransom, as less time is invested in building the tools. Software such as TOR helps build shelters for criminals while they complete their transactions.
Cloned credit cards, PayPal accounts, forged documents, hacked social media accounts, malware, and DDoS attacks can be bought for less than $100, making them more accessible than ever. Two of the most popular CaaS examples are DDoS (Denial of Service) and Ransomware-as-a-Service. The latter uses a subscription-based model through which developers distribute proven ransomware, with affiliates signing up to use the ransomware and earning a percentage commission from each successful extortion.
This also provides some identity protection for the ransomware developers themselves. DDoS-as-a-Service aims to take down a website by overloading its server with tens of thousands of requests per second, leaving the site completely nonfunctional until a ransom is paid.
Malware automation works on the principle that every defense can be overcome if enough time is invested and the right tools are used. Cybercriminals can use sophisticated machine-learning techniques to test their attacks repeatedly until they break through defenses.
As a result, their capacity for running attacks has been multiplied by thousands, and many ransomware attacks fail to make the news. In addition, polymorphic malware contains code that helps the malware change over time in order to stay hidden once those defenses are bypassed.
We live in an almost cashless society, which means that pressures on digital Fintech tools are growing and, as a result, digital acceleration is not slowing down. Payments are close to being entirely digital and are facilitated by a range of different services.
As more payment options crop up, the financial network becomes less centralized and governmental security regulations will take a while to catch up. In the meantime, cybercriminals are presented with many opportunities for financial fraud.
Digital currencies, blockchain, and real-time payments contribute to this and are the focus of security reform.
Difficulty prosecuting cybercrime
There are a few factors that play into the difficulties surrounding prosecuting cybercriminals. The first is the sheer scale of the problem.
As ransomware attacks grow so rapidly in number and complexity, only the larger data breaches will receive the attention they need. Regulation is still playing catch-up, so attacks will often out-maneuver the rules and evade the categories that they outline.
In contrast, many data breaches or attacks happen because an organization has not adhered to government regulations. In this instance, victims of ransomware attacks will be forced to pay a regulatory fine as well as any potential ransom. Typically, cybercriminals can avoid prosecution by exploiting the cross-border nature of the internet.
Cyberattacks are frequently deployed on an organization in one country, while using tools developed in a second country, by a citizen of a fourth country, and so on. Laws are generally enforced locally, so tracking and processing crimes as complex and far-reaching as this can be almost impossible.
Social engineering attacks
Phishing attacks are one of the key cybersecurity threats to all internet and IoT device users. Scams are now appearing on Whatsapp, Slack, Signal, WeChat, and other messaging apps, trying to convince employees to download malware onto their phones.
An even more basic type of scam, voice phishing (vishing), sees hackers pose as IT staff and simply ask for important details from employees. A rise in whaling attacks, however, proves that it is not only the lower-level employees who are at risk: executive leadership can be targeted too.
Information is distributed at a higher rate than ever before. News sites share content across social media and reach larger audiences every year. For the individual, this is a great way of staying on top of relevant news; but it is also a great way for malicious individuals to spread misinformation for their own gain.
Troll farms and social media bots are just two ways that harmful misinformation can be spread (sometimes by government bodies), altering images, videos, and written content to serve a particular purpose.
Throughout the Russia and Ukraine war so far, harmful disinformation spread by the has played a key part in shaping the general domestic view of the situation. Within Ukraine and other countries in the region, citizens were subject to countless disinformation campaigns, which fought to control the narrative around the war by banning words such as ‘war’ and ‘conflict’ from the media, spreading false headlines, and preventing international news from being shared within the country.
Though not as obviously a ‘cyberattack’ as ransomware or malware deployment, this is an example of an attack on information. The widespread, deliberate misleading of the public in many countries aimed to destabilize the situation in the region, creating informational noise and chaos.
What is the future of cybersecurity?
Cybersecurity will continue to become more prominent in 2022. The ongoing digital acceleration can only continue when security measures catch up, but in the meantime, threats will become more and more sophisticated.
We can expect a shift in focus from detecting and reacting to threats and attacks as they happen, to preventing them and being prepared before they happen. Chief Information Security Officers (CISO) across the board will be investing more heavily in cybersecurity professionals to uncover the weaknesses in their automated security systems and put measures in place to make them more secure.
As a result, more thorough plans-of-action will be implemented by businesses in the case of attacks. Internal regulations and best-practices are likely to also be made compulsory, with rigorous training, in order to ensure that every member of staff follows protocol in their day-to-day tasks.
While we cannot predict the future, using the cybersecurity trends that can be identified will help us prepare for whatever comes next.
This is why setting up an effective foundation is critical. This foundation must consist of rigorously-tested and effective security software and an increased sense of personal responsibility in employees and executive leaders alike.
Eventually, democratized security tools, that are not unfairly weighted by geopolitical power or economics, will help ensure that malware protection is regulated and goes further to prevent the level of dangerous disinformation and malicious attacks that have emerged in recent years.