5 Cybersecurity Trends Companies Need To Understand in 2022 and Beyond

essidsolutions

As we approach 2022, what are some of the trends in cybercrime and cybersecurity space? In this article, Zack Schuler, founder and CEO, NINJIO, discusses what we can expect in the coming year so that companies can be well prepared.

Although the cybersecurity landscape is constantly shifting, it’s difficult to think of a time when companies faced a wider profusion of threats than they do right now. This situation has many causes: digital innovations that have opened up new attack vectors, increasingly sophisticated and ambitious cybercriminals, changes in how and where we work, more interconnected digital networks and systems, and so on. 

As 2022 approaches, it’s time for companies to take a close look at their cybersecurity platforms and determine whether they’re staying ahead of these trends. Considering the recent string of high-profile cyberattacks on targets ranging from the U.S. government to critical infrastructure systems, it’s clear that a wide range of organizations are vulnerable, and many cybersecurity protocols need to be reassessed. 

Companies will only be able to understand their risk profiles and what measures they can take to protect themselves if they know which tactics cybercriminals are deploying and the attack vectors they’re exploiting. When IT professionals, company leaders, and employees have access to the latest information on trends in the sector, they’ll be in a much stronger position to address gaps in their digital defenses and mitigate the damage caused by cyberattacks. That’s why we produced this report on what companies should expect in the coming year, from emerging cyber threats to the most effective strategies for countering them.

Prediction #1 — Social Engineering Attacks Will Continue To Increase

Despite the expanding array of digital tools cybercriminals and other threat actors have at their disposal, their primary targets will continue to be the human beings who work at the organizations they want to infiltrate. Regardless of how sophisticated the lockpicks become, it will always be easier to walk through an open door, which is what happens when employees click on malware and give cybercriminals a foothold. This is why it’s no surprise that, according to Verizon’s 2021 Data Breach Investigations ReportOpens a new window , social engineering is the top cause of breaches, 85% of which involved a human element. 

The only way to address social engineering attacks is by increasing cybersecurity awareness among your employees. When employees know what warning signs to look out for and how to respond if they suspect a cyberattack is underway, they’ll be able to prevent breaches and minimize the amount of damage when attacks take place. This is particularly important at a time when the average cost of a data breach (according to dataOpens a new window from IBM) has risen to $4.24 million and the average time necessary to contain a breach is 287 days – both numbers that have increased significantly over the past several years. The threat of social engineering has also been exacerbated by the transition to remote work. A 2021 studyOpens a new window conducted by Forrester reports that “67% of business-impacting cyberattacks targeted remote employees.”

Cybersecurity training works. To take just one example, McKinsey reportsOpens a new window that a large bank saw a 95% improvement in click rates on phishing tests after running “more frequent awareness campaigns (with tailored pandemic-themed content).” As social engineering attacks continue to comprise a major share of overall cyberattacks, awareness training will only become more important.

See More: How iOS Mobile Security is The Forefront for Tech Enterprises in 2022?

Prediction #2 — Threats to Critical Infrastructure Will Keep Rising

It’s not a mystery why threat actors often set their sights on increasingly digitized and interconnected critical infrastructure systems. As the Colonial Pipeline hackOpens a new window in May 2021 demonstrated, these systems aren’t just vulnerable; they’re particularly lucrative targets for cybercriminals due to their role in the provision of basic services. 

Infrastructure cybersecurity has become a core focus for the government and the private sector. When the Biden administration declaredOpens a new window that November is Critical Infrastructure Security and Resilience Month, it made the mitigation of cyberthreats a top priority. Other parts of the federal government have done the same. Lawmakers recently introduced a billOpens a new window that would require utility providers to report potential cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours, while the recent $1.2 trillion Congressional infrastructure package allocatedOpens a new window $1 billion to state and local governments for cybersecurity. 

There’s a reason the U.S. government is emphasizing stronger cooperation with the private sector to improve infrastructure cybersecurity: companies are often the first line of defense for critical infrastructure, and they’re under threat like never before. A recent Check Point studyOpens a new window found that American utilities providers are being attacked 300 times per week. In an October 2021 articleOpens a new window , researchers from Check Point and the National Institute of Standards and Technology (NIST) explained that over 60% of ransomware attacks target “industries with critical infrastructure, led by healthcare, utilities, and manufacturing.” The focus on infrastructure cybersecurity isn’t just unprecedented – it’s essential. 

Prediction #3 — Device Security Will Become More Important

Take a moment to consider how many connected devices you use on a daily basis. If you’re anything like the typical American, that number has spiked in recent years. According to researchOpens a new window from Deloitte, the average U.S. household now has 25 connected devices, a total that has been steadily rising. Gartner reportsOpens a new window that the global Internet of Things (IoT) market will reach $21.3 billion in 2022, a 22% increase from 2021. And Nielsen has foundOpens a new window that American adults spend an average of 10 hours per day on their devices.  

As the use of connected devices surges, there has been a commensurate rise in the number of attack vectors for cybercriminals to target, a problem that’s especially pronounced in the remote work era. According to a 2021 HP surveyOpens a new window , 44% of companies reported that device infiltration had been used to infect the entire organization, while 45% “saw an increase in compromised printers being used as an attack point.” Meanwhile, 70% of employees say they used work devices for personal tasks, 69% used personal devices for work, and 30% allowed someone else to use their work devices (85% of IT decision-makers believe this behavior increases the risk of a security breach). 

As remote work remains the norm, device security will be all the more important, especially as employees migrate from their home offices to coffee shops, airports, and other public spaces. The use of VPNs will be mandatory, as will basic rules around physical device security (always lock your device when it isn’t in use, don’t leave it sitting alone, use a password manager to make breaking in more difficult, and so on). It’s crucial to keep all IoT devices updated and refrain from saturating your home network with potentially insecure devices. Employees have to remember that they’re often carrying sensitive company data with them wherever they go, which means they always have the weighty responsibility of keeping that information safe. 

See More: The Top Technology Predictions for 2022

Prediction #4 — Cybersecurity Budgets Will Grow

As the total numberOpens a new window and costOpens a new window of attacks continue to climb, companies have powerful incentives to prioritize investments in cybersecurity. According to the 2021 ISACA (Information Systems Audit and Control Association) State of Cybersecurity ReportOpens a new window , just 37% of professionals in the field say their organizations’ cybersecurity platforms are appropriately funded, while 57% say these platforms are underfunded. 

A Gartner surveyOpens a new window of almost 2,000 CIOs found that 61% are planning to increase investments in cybersecurity, making it their top spending category. Global spending on information security and risk management technology is projectedOpens a new window to surpass $150 billion this year, a 12.4% increase over 2020. And it isn’t just the private sector making investments in cybersecurity – U.S. government spending on cybersecurity was already increasingOpens a new window before the $1 billion included in the infrastructure bill.  

When companies dedicate resources to cybersecurity, they’re reducing the risk that they’ll incur higher costs in the future, as it’s much cheaper to prevent a cyberattack than to contain one. While some companies opt to purchase cyber insurance, the number of claims has explodedOpens a new window recently, which will likely lead to higher premiums (companies reportOpens a new window that they’re concerned about coverage limits and cost). Rachel Wilson, the managing director and head of cybersecurity for Morgan Stanley, points out that companies found to be in breach of their insurance contracts (by not having the right cybersecurity protocols in place, for instance) often won’t receive any insurance payouts. 

The best form of cyber insurance is a robust cybersecurity platform that emphasizes employee education and engagement. As a McKinsey reportOpens a new window puts it: “Given that more than 80% of enterprise cybersecurity incidents begin with a human clicking on malware, regular training tailored to key roles is essential to reduce the risks…” No matter how you allocate your cybersecurity budget, it’s vital to adopt an evidence-based approach. This could mean tracking cyber incidents, using phishing tests to determine whether your employees are retaining what they learn, and assessing how cybersecurity initiatives perform at other companies. The most effective cybersecurity platforms catalyze cultural change at companies – when security awareness becomes a core part of your mission, your employees will make it a priority. 

Prediction #5— Companies Will Increasingly Focus on Remote Cybersecurity

The transition to remote work has been surprisingly smooth for most companies. A PwC surveyOpens a new window found that 83% of employers say remote work has been successful for them, while 71% of employees say the same. COVID-19 has driven a dramatic shift in expectations among employees: three-quartersOpens a new window of hybrid or remote knowledge workers say they want more flexibility. These are the reasons why remote work is here to stay. 

Despite all the advantages of remote work, it presents significant cybersecurity challenges. Recall what we learned from the HP report: remote employees have been engaging in risky behaviors, and companies have seen attacks increase: 54% say there have been more phishing attacks, while 56 have observed an increase in “web browser related infections.” Three-quarters of employees say remote work has blended their personal and professional lives. As noted above, they’re often using unsanctioned devices, allowing non-employees to use their work devices, and so on. At the same time, 71% of employees report that they’re accessing a larger amount of company data more frequently than they did before the pandemic. 

These problems would be serious enough if employees were just working from home, but many are now working from anywhere. Beyond device theft and infiltration, compromised public WiFi, and many other risks that come with working in public, it’s also difficult to maintain a culture of cybersecurity when employees are distributed. Now that remote work is a permanent feature of the modern workplace, companies have to be more proactive than ever about making security awareness a central part of their culture, educating employees on cybersecurity best practices, and ensuring that they have the digital tools they need to work safely from anywhere. 

Many of the trends and issues in this report are interconnected. Threats to critical infrastructure are exacerbated by the insecure IoT devices employees frequently use. Companies are increasingly devoting resources to remote work security, and the rise of social engineering attacks affects all of the above. As companies refine their cybersecurity platforms to account for these developments, they should always remember that the central issue is awareness: from how employees use their digital tools to their ability to spot and stop cyberattacks of all kinds. When employees are educated about cybersecurity, the risks to your organization will plummet.

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA