Cybersecurity continues to be a key focus for business leaders, as a range of trends affect their approach to boosting their digital defences in 2022. These include the rise of ransomware attacks, the adoption of zero trust models and more state-sponsored attacks amid the Ukraine war.
Ransomware attacks are increasing
Ransomware continues to be one of the biggest cybersecurity trends. The EU Agency for Cybersecurity estimates that there was a 150% spike in ransomware attacks between April 2020 and July 2021. Ransomware is a multi-faceted offensive campaign that could seriously damage a brand’s reputation as well as leaving the victim unable to access vital files. Attackers now operate secondary monetisation channels, auctioning exfiltrated data on the dark web.
These attacks are partly becoming more common due to the emergence of ransomware as a service (RaaS) business model. Operators behind RaaS operations lease out or offer subscriptions to their malware creations, meaning more cybercriminals can launch ransomware attacks. The RaaS model will continue to flourish in 2022 due to its lucrative nature and the difficulty of tracking down and prosecuting operators.
Supply chain threats are rising
Cybercriminals increasingly target software supply chains. These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Eighty per cent of IT professionals believe supply chain attacks pose the biggest cyberthreat out there, according to a survey from cybersecurity firm CrowdStrike. So it’s hardly surprising that supply chain attacks have a place among the key trends affecting the cybersecurity industry in 2022.
Supply chain attacks grabbed peoples attention after the 2020 SolarWinds breach. The attack saw Russian hackers compromise the company’s software systems and add malicious code to it. The hack became one of the biggest cybersecurity breaches of the 21st century. In the end, it affected thousands of organisations, including the US government.
Governments must address critical national infrastructure threats
Cyber threats against critical national infrastructure (CNI) are increasing. CNI includes everything from higher education and financial services to food and defence organisations. The 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI. The attack is part of a bigger trend.
Cybersecurity company Bridewell Consulting estimates that 86% of CNI organisations had detected cyberattacks on their operational technology or industrial control systems in the last year. Moreover, 93% had suffered at least one successful attack.
Zero trust models are in vogue
Zero-trust security models are emerging as long-term solutions to data breaches. It eliminates the concept of trust from an organisation’s network architecture. In a zero-trust world, only authorised individuals can access selected applications. However, implementing zero trust takes time. It took Google five years to complete its adoption of a zero-trust architecture. In 2021, the Biden administration in the US introduced a roadmap for government agencies to deploy zero trust by the end of the 2024 fiscal year. Still, it is one of the biggest trends affecting the cybersecurity space in 2022.
Increasing state-sponsored attacks
The Ukraine-Russia conflict will become a catalyst for increased state-sponsored attacks. Malicious state-sponsored attacks originate from a particular country. They attempt to further that country’s interests. Typically, attackers target the infrastructure, military and businesses of those countries. Iran was the victim of the first successful nationstate attack in 2010, where the highly sophisticated Stuxnet computer worm, reportedly created by the US and Israel took out Iran’s nuclear weapons infrastructure.
More recently, Russian programmers launched a nation-state cyberattack, NotPetya, in Ukraine in 2017. The attack affected Ukraine’s financial, energy, and government institutions but its indiscriminate design caused it to spread, affecting other European and Russian businesses alike. The Ukraine-Russia conflict risks creating similar widespread damage.
The cyber skills shortage continues
A cybersecurity skills shortage haunts the globe. While the gap closed for a second successive year in 2021, the size of the workforce is still 65% below what is needed, according to the cybersecurity professionals group (ISC)².
There are some encouraging developments. In the US, four-year colleges and universities have invested heavily in cybersecurity curriculums and degrees over the past five years. As a result, there should be a growing pipeline of computer science graduates entering the cybersecurity field between now and 2031. In addition, women are expected to represent 30% of the global cybersecurity workforce by 2025, with that figure reaching 35% by 2031.
GlobalData is the parent company of Verdict and its sister publications.