Cybersecurity is changing. Here’s what to expect in 2022January 11, 2022 | By Ron Green
As the world continued to navigate the pandemic’s impacts last year, we saw digital habits become even more ingrained, from the continued rise in contactless payments to more small businesses than ever joining the digital economy.
The impacts of cybercrime were felt early and often. We saw how intertwined our digital world has become through the SolarWinds supply chain attack and the related Microsoft Exchange vulnerability. We felt real-world consequences of the ransomware attack on the Colonial Pipeline in the U.S., and we ended the year while battling the Log4j vulnerability — described as the worst security challenge many have ever seen.
As cybercrimes have become more sophisticated, so have cyberdefenses. There’s been great collective action to protect people’s data. Public-private partnerships have been expanded to share information and best practices.
But that’s not enough. For us to be successful, we must all have these potential risks on our radar:
Ransomware: The next evolution
The year 2021 showed us nothing was off-limits. Hospitals, school systems, medical research, state and local governments – all have become targets. The new year has the potential to bring more ransomware attacks than we’ve ever seen, and they will only get more complex.
The growing intersection of the cybercriminal underworld and nation-states will make finding the culprits more complicated, and the rise of ransomware-as-a-service should increase attacks.
With more businesses becoming part of our interconnected digital economy, there are more targets than ever. This will continue to be one of the biggest risks facing organizations and nations of all sizes in all places.
Work from anywhere, vulnerable from everywhere
Zoom calls, Slack chats and VPNs have become part of our everyday working lives. Hybrid schedules and remote work will continue to be the norm. With people working from all over the world, there are more opportunities than ever for threat actors to exploit the weak points of a distributed workforce.
Providing the optimal user experience can’t come at the expense of security. By taking a blended approach that incorporates both security and IT teams, organizations can be well positioned to balance both sets of needs.
Small business, big cyber risk
Going digital was vital for small businesses around the world to navigate the pandemic. But as more enter the digital ecosystem, it is critical they arm themselves with the tools, resources and know-how to protect their businesses.
Cybercrime is so devastating to small businesses that a single breach can cause them to close their doors for good – and they’re regularly targets for bad actors. Half of small- and medium-sized businesses have experienced a cyberattack, and 60% of them don’t have any kind of cybersecurity policy. The security of small businesses is essential to the security of our global digital ecosystem. Their risk is all our risk. It is our responsibility to make sure they’ve got access to free and effective tools that they can use to take immediate action to reduce their cyber risk.
Interconnected ecosystem means interconnected risk
With the number of connections between businesses exponentially increasing, so too is the number of potential areas that can be exploited by threat actors. Understanding the security of your third-party suppliers is essential to understanding your own risk profile.
By using tools to examine your organization’s digital footprint, you’re able to see potential vulnerabilities in your supply chain and understand what impact they might have.
Social engineering is only going to get smarter
It used to be easy to spot a fake email or screen a phony call (especially if they’re calling about your car’s extended warranty). Now? Not so much. Cybercriminals are adept at spoofing websites, creating a real sense of urgency that can take advantage of your trusting nature. That can lead to costly mistakes.
As more of our lives are lived online, social engineering attacks will only become more likely. With the rise of deepfakes combined with the prevalence of phishing, vishing and smishing, and our increasing comfort in oversharing online, organizations must continually educate their people about how to stay secure — at home and at work.