From the challenge of hybrid working to the evolution of automated attacks, our IT teams have had their work cut out for them in 2021.
With a rise in data breaches, combined with a significant change to our work practices, it is very likely we’ll continue to see cybersecurity postures evolve as more organisations embrace hybrid work models. Now, as we now look to the new year, it’s important to reflect on the lessons learnt from the past 12 months and consider what challenges we may be facing in the new year.
Cyber Protection Magazine spoke to eight industry experts to gain their insights and predictions for the cybersecurity sector in 2022.
The rise of ransomware
Arguably, one of the most predictable trends we will continue to see climb in 2022 is the increase in ransomware attacks. Jeff Sizemore, chief governance officer, Egnyte explains, “the ransomware attacks that impacted Colonial Pipeline and Twitch in 2021 have put cybersecurity at the forefront of global business operations – both for consumers and businesses. The immediate impact of a data breach is devastating but it’s only the tip of the iceberg. According to an IBM study, the average cost of a data breach is more than $4 million per incident. Unfortunately, recovery from an attack is a perpetually uphill battle that will continue as we move into 2022”.
Avi Raichel, COO, Zerto, a Hewlett Packard Enterprise company expands on this, “the ability to recover should be a focal point of any security plan. This will be defined by how quickly you can stand up your systems and get them running again. However, in our accelerated digital age largely brought on by COVID, too much can happen overnight or in three to five days for the traditional back up model to be good enough. Recovery solutions need to modernize to fit what the world has become. They need to be continuous and able to keep applications running 24/7 even in the face of disruption or threat. Ultimately protecting all of your data all of the time”.
Changes surrounding hybrid work
Another of the fundalmental turning point many organisations have experienced has been adapting to hybrid working environments, and ensuring their cybersecurity could keep pace with the new and evolving security challeneges that came with. As such, “tools that allow us to better engage in the new hybrid working model will become more prevalent”, states Steve Cochran, CTO, ConnectWise. “Solutions will be developed that will allow us to work in a more meaningful way during this new era. Tools that let us set up conferences, arrange food deliveries, and show who is in and out of the office will take center-stage now that the majority of companies have introduced hybrid working models”.
Samantha Humphries, Head of Security Strategy EMEA at Exabeam continues, “I don’t think we’ve seen the whole brunt of the shift to remote work yet. The combination of dispersed workforces and more employees using personal devices for work will continue to open up the potential for an influx of Bring Your Own Device (BYOD) security risks, meaning growing attack surfaces and increased vulnerability to security threats.
“Though it may feel like we are against all odds, it’s important to not be discouraged, downtool, or divest our security teams. Companies must continue to tackle modern threats head on, replacing outdated security tools to ensure security teams are prepared and have the ability to understand exactly what’s going on inside their changing IT environment”.
Prevalence of fraud
Another trend we saw when the pandemic hit was the rise of fraud and as a result, “in 2022, I expect fraud will finally stop being seen as a subset of financial crime, and start being treated as a form of cybercrime like ransomware and phishing”, explains Martin Rehak, CEO of Resistant AI.
“Fraudsters, or shall we call them more appropriately hackers, are operating systematically to find holes in the automation technology being deployed by financial services everywhere, and they are learning by iteration every bit as quickly as startups do. According to a report by LexisNexis, digital lenders in 2020 saw a 143% year-on-year increase in successful monthly fraud attempts, and there is no indication that trend is changing”.
Artificial intelligence and machine learning
In the past few years artificial intelligence and machine learning have been revolutionising the tech and cybersecurity space. Specific to the cybersecurity industry, “we’re constantly seeing cybercriminals changing their methods, and this will continue in 2022”, states Paul Farrington, Chief Product Officer at Glasswall. “Not only do we anticipate the use of automation to create scale – for example in DDoS attacks and the communication of malware – but we’re seeing machine learning (ML) being used to make attacks more effective. It’s one thing for a human attacker to analyse email characteristics to work out what entices a reader to click on a malicious link – applying ML to this adds a completely new dimension. In doing so, attackers have an almost infinite ability to tweak variables and ultimately secure a better payoff for their efforts”.
Sascha Giese, Head Geek™ at SolarWinds expands on this, “the explosion in data available to public sector organisations has made the use of artificial intelligence (AI) and machine learning (ML) a critical advantage, but the talent and resources required to build solutions in-house is still prohibitive. Ultimately, a machine is faster than a human—or even a group of humans—which means shifting to AI/ML services also allows for cost savings, something that is vital across the sector. Yes, purchasing or subscribing to an AI service and integrating it doesn’t come cheap, but it’s still far more efficient than a team of 20 data analysts”.
Finally, one of the trends that is essential to continue as we approach the new year is the focus on basic cybersecurity training for all employees. Don Mowbray, EMEA Lead, Technology & Development at Skillsoft emphasises, “the move to hybrid working and subsequent uptick in successful cyber-attacks against businesses over the last two years has placed cybersecurity at the top of the corporate agenda in 2022. Effective training is a crucial tool in building good cyber hygiene within an organisation and this starts by recognising that every single employee has a role to play. Security is everyone’s responsibility – from the CISO down, there is an awareness level each employee needs to achieve. In the security industry, Zero Trust architectures are gaining steam as an effective route to mitigating the risk of a successful cyber-attack – but Zero Trust is as much of a people concept as it is a technology framework”.