One of the most challenging aspects of cybersecurity is preparedness. With technology, user habits, and attack styles changing over the past few years and showing no sign of slowing down, cyberattacks seem like a never-ending onslaught.
As we start 2022, organizations need to do their best and prepare for future incidents. Auditing and evaluating the state of their internal security systems, their technology, and the processes they use is a great place to start. But how will these efforts, in combination with an expected increase in cyberattacks, affect the cybersecurity industry in the coming year?
In an article for VMblog, Mike Wilson forecasts five trends he expects to see in the new year.
Government Assistance Addressing Ransomware Attacks
Headlines show us that no organization is out of bounds when it comes to ransomware attacks. School districts, healthcare organizations, and patient portals are all tempting targets for cybercriminals. However, in 2022, the US Government is expected to step in and there may also be international collaboration in efforts to stymie and prosecute ransomware groups.
As this crack-down occurs, cybercriminals will merely become more selective in their process. It’s unlikely that ransomware attacks will stop, but hackers may make more calculated choices when choosing targets. This means that if your company has obvious vulnerabilities, you are even more likely to be targeted; but if you have clear layers of defense, you may already be mitigating the chance of an attack.
Data Privacy Laws Changing ATO Defenses
Along with government attention on ransomware, 2022 will also showcase increased data privacy regulations, and new legal precedent when it comes to cybersecurity issues. Concerns like individual Account Takeover (ATO), which were previously measured in terms of customer complaints or account recovery expenses, will be responded to in completely different ways. This is already beginning with legislation like the Safeguards Rule being used to establish new rules about businesses protecting their users and customers data in a proper protective way—and encountering real consequences if their security fails.
AI and New Tech Interrupting Security Measures
A large part of the workforce moved out of the office and into the home in 2020 and security measures lagged. As IoT devices continue to make their way into workplaces and homes, some security measures still haven’t been prioritized. In 2022, technology including AI and ML will continue to expand its reach—and unfortunately, some companies will overlook the basics of security. Ensuring that your business, your network, and your products are protected is a crucial step when introducing new technologies.
Supply Chain Attacks Intensifying
If we learned anything from the 2021 Solar Winds cyberattack, it’s that many vulnerabilities are lurking beneath the surface of the supply chain. The frequent use of open source software and mass-market applications means that a great deal of the supply chain has similar vulnerabilities, making them an easy target in 2022.
Cybersecurity Insurance Premiums Increasing
Some organizations have started responding to cybersecurity issues—both current and predicted. The threat landscape is broad and complex, but there are ways to protect yourself. Cybersecurity Insurance companies are likely to remind businesses of this, and potentially change rates, coverage availability, or premiums, in response to the actions that the organization has taken, or not taken, to protect themselves. With threats like ransomware attacks right around the corner for an unprotected enterprise, the insurance providers are likely to review applications with a bit more discernment.
No organization is immune to the threat of an attack. The enterprises that prioritize security will have the best chance of avoiding massive repercussions, whether financial or reputational. Taking steps to address internal vulnerabilities can help your organization shore up defenses. Consider getting on board with NIST Password Policy guidelines, staying engaged with news and updates in the cybersecurity world, and screening against compromised credentials.