As 2021 rolls by it is time to take a step back and consider what awaits us over the next 12 months.
With the onset of the pandemic, and in particular over the last year, cyber-attacks and threats have increased to the extent that it is safe to say that no industry is safe anymore. Not only industries but governments, public infrastructure, and, of course, individuals are targets. One among many examples is the growing threat presented by ransomware as it has opened its doors to a whole new segment of actors under a ransomware-as-a-service (RaaS) model.
With the emergence of new threats and the growing rate of attacks, several trends are beginning to take shape. We expect that these will set the tone in the coming year regarding how businesses can prepare and protect themselves against cybersecurity threats. Want to know more? Keep reading!
The cybersecurity trends that will shape 2022
Given the increase in numbers as well as in the type of attacks over the last two years, 2022 (and beyond) will see a tightening of security, developing greater business preparedness, and the introduction of more AI.
Securing supply chains as well as the Internet of Things (IoT) is also gaining greater priority due to the significant vulnerabilities that exist there. Ransomware will remain a threat, one with potentially serious consequences. Finally, cybersecurity risk will become an important aspect of business transactions and engagements.
Here’s how all of this will look in greater detail.
- An encompassing cybersecurity mesh
Gartner’s Top Strategic Technology Trends for 2022 report lists a cybersecurity mesh as the second most important trend for the upcoming year. This denotes a shift away from the usual approach of securing separate systems via separate measures but with little to no communication between them.
The distribution of organizations’ cloud and data centers across the globe, along with remote work becoming more mainstream, increasingly requires an encompassing security approach and architecture. A cybersecurity mesh is just that - the integration of stand-alone systems and data feeds into a whole that offers context-specific flexibility but improves overall security.
- Securing the Internet of Things (IoT)
Researchers expect that the IoT will see an increase in attacks in the coming years. This threat goes beyond simple household gadgets, though these too have long been compromised. Larger targets here include manufacturers and their products - such as the automotive or healthcare industries - public infrastructure, the supply chain (more on that below), and others.
The potential for harm in this area is great due to the lack of regard for security when devices are created. The sheer amount of non-secured targets increases the attack surface and allows malicious actors to create attacks with the size of an avalanche.
Currently, there is no unified security initiative for IoT devices and both consumers and organizations are left to secure devices by themselves. The next couple of years will likely see more IoT attacks as well as a more concerted effort at securing the landscape.
- Ransomware to remain a serious threat
Not only has the ransomware-as-a-service model grown over the last year but it will likely continue to expand and become even more complex. This is due to the greater availability of ransomware tools to unskilled actors and also because of the availability of more targets and the high stakes associated with some of them.
Operational technology (OT), such as industrial operations, pipelines, water treatment facilities, and the like, has become a prime target. Capturing OT has the potential to create serious disruptions and even endanger human lives. This means that ransom is significantly more likely to be obtained by attackers, and extortion schemes themselves can become more complex and costly.
Education is key in averting ransomware attacks since a majority of them are executed via phishing. If phishing is foiled, the majority of ransomware attacks cannot be executed.
- AI comes to the rescue
A veritable tug of war will be happening with the use of artificial intelligence in both preventing as well as launching cyberattacks.
Due to its predictive power, and the ability to analyze thousands of data points in real-time, AI is already used across a number of industries. For example, the financial industry uses AI to identify suspicious events and patterns related to fraud.
Similarly, in cybersecurity, AI is expected to be able to both monitor and foresee possible breaches and signal the need for measures. But attackers will not lag behind and will deploy their own AI-powered solutions to counter and outmaneuver such attempts.
- Cybersecurity status impacts business decisions
Within the next few years, cybersecurity risk and exposure will become a major factor in the organizational decision-making process. Companies will vet their current and future partners’ security to determine the potential danger associated with maintaining or establishing a business engagement.
This coincides with the adoption of more and better privacy and data security laws both nationally and internationally, and the requirement for diligence and resilience on the business level. Businesses that do not live up to these requirements will increasingly find themselves isolated, fined, and pushed to make changes.
- More supply chain attacks
Similarly, with the current global supply chain bottleneck, and overwhelmed IT teams, an increase in supply chain attacks is to be expected.
Supply chains are one of the weak links that organizations will need to guard. Unfortunately, it is likely to be difficult for many businesses to shift if they find their current partners lacking in the measures they are taking.
Exactly because of the bottleneck, attackers will likely exploit the situation to launch repeated offenses in the coming months. This will have IT teams playing catch up once more until the bottleneck is resolved, and more attention can be directed at securing each segment in the chain.
Preparing with the help of a reliable partner
Given the somewhat volatile security climate being proactive, rather than reactive, can make an important difference. More and more businesses are taking security matters seriously and can find a reliable security partner in the face of managed service providers such as Amatas. This is particularly valid for those companies that don’t have dedicated in-house security staff.
If you’re not sure where to start and need help to assess your company’s cybersecurity vulnerabilities and needs, we at Amatas can give you a hand. Get in touch with us, and let’s discuss your cybersecurity needs!