Cyber Security Predictions for 2022

Cyber-Security-Predictions-625x350

 

The propagation of cybercrime was accelerated by the pandemic after it dealt society an indiscriminate blow in March 2020. Amid the worst public health crises in modern history, cybercriminals seized their chance to cash in on escalating uncertainty – turning the pandemic into a nefarious business opportunity. 

As business models shifted away from the office and digital footprints expanded, the attack surface suddenly spread for these unscrupulous individuals who capitalised on enforced remote working and increased online activity. The scale of this surge in cybercrime left business leaders in no doubt of its existential threat and the need to take cyber security seriously – for example, UK businesses faced a 20% rise in cyber security threats in 2020.

The cyber onslaught showed little sign of abating in 2021 following further Covid-induced restrictions. So, with lockdowns hopefully consigned to the history books and hybrid working models here to stay, what does the future hold for the cyber landscape in 2022?

 

Rise in supply chain attacks

Supply chains, which were fractured by the loss of manpower amid lockdowns, are often taken for granted. But the pandemic has underscored both society’s reliance on them and their fragility. Another challenge has emerged to threaten the efficacy of these vital networks: cyber-attacks.

Recovering supply chains are likely to become prime targets for cyberattacks in 2022. Businesses are not only vulnerable to their systems being compromised; the knock-on effect of attacks on third parties that support their operations also poses a serious threat. Businesses that have chosen to reinforce their supply chain by expanding them have increased the number of entry points for cybercriminals – with ransomware emerging as a pervasive threat.

 

Growth of ransomware

The number of ransomware attacks – AKA cyber extortion – has risen exponentially since the pandemic blindsided society, up by 92.7% last year compared to 2020. This growth could become turbocharged in 2022 as their sophistication evolves. For example, the development of triple extortion ransomware has diversified the cyber extortion process by making a triumvirate of threats having compromised the victim’s network: publicly release stolen data; disrupt their internet access; and inform partners, shareholders, or suppliers about the incident.

Triple extortion ransomware is being integrated into another burgeoning ransomware threat: ransomware-as-a-service (RaaS). This has turned ransomware into a commodity by making RaaS software easily available to cybercriminals who typically lack the skills to develop malicious software themselves. In 2021, two-thirds of all ransomware attacks utilised the RaaS model.

 

Challenges of hybrid working

With a line drawn under the hybrid working debate, the benefits of this flexible model have been well-documented since the onset of the pandemic: mobility, improved well-being, lower costs, and increased productivity. However, with hybrid working now ingrained in the workplace landscape, cybercriminals will continue developing malicious software that exploits the increased reliance on technology and the prime target of attacks: people.

This has precipitated a realisation that cyber security is not just a technology consideration. People are a business’s first line of defence against cybercrime, bringing cyber security training and a zero-trust strategy into sharp focus for leaders in 2022.

 

Cloud cybersecurity

A cloud-first strategy was gaining traction before society was blindsided by the pandemic. The reality check provided by lockdowns and enforced homeworking has expedited the adoption of this forward-thinking approach to computing.

Cybercriminals have begun to exploit weak configurations and poor security practices within cloud deployments – a trend that is being demonstrated by the rise in ransomware attacks. In the coming months, businesses that adopt a cloud-first strategy must avoid misconfigurations and shield themselves from hybrid and multi-cloud attacks and cloud consoles being compromised.

 

Back to article list