Top 10 cyber security trends and practices for 2022
With cybercriminals showing no signs of slowing down in their efforts to breach the networks of all kinds of businesses, 2022 is bound to be another eventful and challenging year from a security perspective. We take a look at 10 different cyber security trends for 2022.
10. Cyber hygiene
Cyber hygiene refers to regular habits and practices regarding technology use, such as avoiding unprotected WiFi networks and implementing safeguards like a VPN or multi-factor authentication.
Cyber hygiene helps reduce those vulnerabilities by identifying risks and deploying mechanisms and strategies to reduce or resolve them. By practicing cyber hygiene, organisations strengthen their security posture and can more effectively defend themselves against devastating breaches.
9. Growth in connected devices (IoT) and 5G network breaches
With the growing adoption of 5G technology that requires complex infrastructure overhaul, the adoption of software-based services and the continued connection to the Internet of literally “anything”, the perfect attack surface is being created for threat actors.
Service providers and IoT solution providers need to prepare themselves for any security gaps by adopting a zero-trust architecture.
8. Third party exposure
Third party risk is the potential threat presented to organisations’ employee and customer data, financial information and operations from the organisation’s supply chain and other outside parties that provide products and/or services and have access to privileged systems.
According to a 2021 workforce trends report, over 50% of businesses are more willing to hire freelancers as a result of the shift to remote work caused by COVID-19. The cybersecurity firm CyberArk reports that 96% of organisations grant these external parties access to critical systems, providing a potentially unprotected access route to their data for hackers to exploit.
7. Shortage of cyber skills
The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks, many security pros are suffering from burnout.
The UK’s cyber skills shortage has surged by more than a third in the past 12 months, according to a report by global recruitment firm Harvey Nash. The study, which analysed the current state of the digital jobs shortage, found that cybersecurity is the most sought-after tech skill in the UK. Nearly half (43%) of the 823 UK digital leaders surveyed admitted they had a shortage in this area.
6. Social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions.
It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.
5. A focus on data protection
All data that relates to an identifiable individual that business stores or handles need to be properly protected. Data protection is not just a legal necessity, but it is also crucial to protecting and maintaining a business.
2021 saw a coordinated effort by government agencies from different countries working together to combat known cybercrime groups who try to gain personal data.
4. Increased digital supply chain risk
The growing connectivity of a supply chain also opens the door to increased cyber and data privacy risks. These risks arise because increasing interconnection means a growing attack surface and additional vulnerabilities that adverse actors can exploit.
According to the a ENISA report - Threat Landscape for Supply Chain Attacks, which analysed 24 recent attacks, strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.
3. Businesses will focus on employee security awareness training
As cyber risks continue to rise in the ever-changing digital landscape, cyber security training is the most effective way of educating employees on the risks they should avoid and the steps they should take if they are unsure about what to do in certain scenarios.
According to the IBM Cyber Security Intelligence Index Report, 95% of cyber security breaches are primarily caused by human error. Also, the Cost of a Data Breach Report 2020 by IBM stated that the average cost of cyber security breaches caused by human error stood at US$3.33mn.
2. Cloud security
Cloud solutions have become essential for businesses with hybrid workforces looking to ensure that their employees can access vital resources from anywhere. 96% of cybersecurity professionals are already at least moderately concerned about public cloud security, according to the 2021 Cloud Security Report from (ISC).
New developments in cloud security include the adoption of “Zero Trust” cloud security architecture. Zero Trust systems are designed to function as though the network has already been compromised, implementing required verifications at every step and with every sign-in instead of granting sustained access to recognised devices or devices within the network perimeter. This style of security gained popularity in 2021 and is likely to see widespread adoption in the coming year.
1. Rise in ransomware
Ransomware is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access. The European Union Agency for Cybersecurity has recently released information showing a 150% rise in ransomware in 2021 and expects that trend to continue in 2022.
Ransomware has only become more sophisticated and more widely available over time. In fact, cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments.