What's ahead in 2022?
If 2021 has taught us anything, it’s to expect the unexpected. Just when you think something is a sure bet, you get a course correction and it just doesn’t happen the way you anticipated. But that doesn’t seem to stop anyone (including us!) from making predictions about what 2022 has in store for the world of cybersecurity. And it also doesn’t stop CYRIN from helping you prepare and ensure that your cybersecurity team is trained and ready to face the unexpected in 2022.
Last December, we predicted that:
- remote workers would be increasingly vulnerable to personal attacks,
- zero-trust security would be on the rise,
- new technologies like 5G would bring bigger risks,
- deep fakes would be trending and,
- there would be an increased need for cyber vigilance.
Many of those predictions played out. But there were also new and surprising threats. 2021 was the year of ransomware, the Colonial pipeline attack, and the attack on SolarWinds that impacted so many and revealed so much about cybersecurity vulnerabilities.
What might 2022 have in store for us? What are the predictors saying about the new year? What are the critical issues for cyber as we look ahead? Here are five possible trends for 2022:
- Global Focus on Cybersecurity: Cyberattacks are now the fastest growing crime on a global scale. Finances Online reports that “financial losses from cybercrime exceed the total losses incurred from the global trade of all illegal drugs.” Businesses and organizations – from healthcare to higher education to the utilities industry – live in fear of potential attacks and breaches. Cyberattacks lead to financial losses – and they can also damage reputations. Gartner predicts that by 2025, “60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.” Investors are using cybersecurity risk as a key factor in assessing opportunities. Cybersecurity risk is being considered during business deals, mergers and acquisitions, and vendor contracts. That means people will ask for data about your cybersecurity program, so it’s best to be prepared.
- Cybersecurity Talent Shortage: 2022 will prove to be the most challenging year yet with regards to the ongoing cybersecurity talent crunch. It feels like almost every CYRIN newsletter has been about the talent gap – and that gap keeps widening. There will continue to be an increased demand for cybersecurity professionals – and a lack of people to fill those positions. When people think of cybersecurity, they tend to focus on the tools they need to protect their networks. But staffing is equally – if not more – important. 2022 will bring an increased attention to talent. George Gerchow, chief security officer of Sumo Logic, a machine data and analytics company, put it this way: “Although some [companies] have been quick to turn to new tools, I would personally take talent over tools any day,” Gerchow said. “There will always be a large offering of tools to choose from, but a very talented and smart person can add so much more value.” This “people-first approach to cybersecurity development is gaining more traction,” yet, at the same time, “a concerning trend points to a worsening shortage of cybersecurity talent in the future.” Every company needs to invest in cybersecurity training, ensuring that every member of the team across every level of the organization can spot attacks before they happen. Best practices, zero-trust security, due diligence – all of this is crucial.
- Supply-Chain Attacks & Ransomware: This was a trend that took much of the world by surprise in 2021 with some major attacks – and it seems that this vulnerability will continue. Security Magazine reports that throughout the past two years, “supply chain professionals have experienced the national and international disruptions that can occur as a result of cyberattacks, with some threats completely halting certain sectors.” Though this cybersecurity threat “may not have always felt close to home with the supply chain industry,” cybercriminals are getting smarter and are focusing on targets they know to be vulnerable. Recent attacks have exposed how interdependent every section of the global supply chain is. If just one shipping port is attacked, for example, countless companies and consumers will be affected. Gartner predicts that “The percentage of nation states passing legislation to regulate ransomware payments, fines and negotiations will rise to 30% by the end of 2025, compared to less than 1% in 2021.” Security experts should expect a more aggressive crackdown on payments: “Given the mostly unregulated cryptocurrency market, there are ethical, legal and moral implications to paying ransoms, and it’s vital to consider the impact of doing so. The decision to pay (or not) should fall to a cross-functional team who can address all these concerns.”
- Privacy Laws: According to Gartner, “By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. GDPR was the first major legislation for consumer privacy, but it was quickly followed by others, including Brazil’s General Personal Data Protection Law (LGPD) and the California Consumer Privacy Act (CCPA).” The scope of these laws means that companies will be managing “multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data you’re collecting and how it’s being used.” In addition, businesses will need to focus on automating their privacy management system.
- Remote Work: The pandemic has changed the way we work and where we work, and those changes seem here to stay. Remote work brings benefits, but it also beings major challenges and vulnerabilities – from the IoT to cloud security to email threats like phishing. Though it’s tempting to let employees use their own devices, that practice is a breeding ground for threats like data leakage. Remote work also brings a dependence on the cloud, and none of the online storage services companies are as secure as they need to be. Remote work is yet another reason companies need to focus on their cybersecurity practices.
An Ounce of Prevention ... for Security Professionals, Educators
At CYRIN, we’ve been developing answers for our changing world for years with our advanced online simulated training. Students love the realistic labs and the step-by-step training. Security professionals enjoy the realistic virtual scenarios where they can practice on simulations that are as close as they will come to an actual attack.
Data and Metrics … Measure Results
We can help your cybersecurity team prepare for whatever is on the horizon. You set-up realistic scenarios on a simulated network where you practice remotely and safely to test your team, your systems, and their response. And you can practice as often as you like while our Automated Performance Monitoring system measures performance and provides details and metrics that allows you to gauge the effectiveness of the network and the people in charge of protecting your systems. CYRIN’s next generation cyber-range allows you to use real tools, respond to real attacks, and use real scenarios to hone your skills in a virtual environment. CYRIN plays out real-life scenarios to help your team and your company be prepared and protected – for whatever comes next.
To see what our team can do for your team, contact us for further information and your personalized demonstration of CYRIN.