The world is changing in fundamental ways, leading to dramatic shifts in the landscape of risks faced by businesses, where change is the only constant. As the new normal of hybrid work takes shape, organisations around the world are facing a surge of sophisticated cyber threats and increased complexities for security teams.
In this new year and beyond, as technology and workplace trends continue to evolve and laws and regulations change, through our own observations and our industry peers, our partners, and our customers, we are seeing ten cyber security trends emerging:
- Ransomware threats will increase in frequency with next gen tactics:
Ransomware remains a major cyber threat because of its ability to evolve consistently, increasing in complexity and severity of impact, as we have witnessed over the past year. This is set to continue in 2022; ransomware operators are launching increasingly targeted and highly prominent attacks with new tactics such as deepfake techniques using AI to emulate corporate leaders’ signatures for social engineering, targeting not only the primary organisation, but also their supply chain.
- SolarWinds style supply chain cyber attacks will accelerate:
As companies evolve their operations, global supply chains have found themselves in the crosshairs of quadruple extortion techniques. In 2022, we can expect to see cyber criminal gangs continue to seek ways to hijack the digital transformation of organisations; we expect them to attempt to infiltrate supply chains via smaller vendors and suppliers. As a result, third-party incidents are set to increase and SolarWinds-style headlines will plague firms that do not invest in the risk management trifecta: people, technology and governance.
- Zero Day vulnerability response time will be significantly reduced:
In 2021, we saw the highest number of Zero Days ever recorded including the severe Apache Log4j vulnerability. In 2022, malicious actors will continue to take advantage of the growing ‘patch gap’ within enterprises as systems become more complex and where the response time between discovery and exploitation is significantly reduced. Because of this, it will be important for security teams to constantly upskill their knowledge and work on reducing attack surface areas with detection and human-led response capabilities, as new exploits are developed.
- The rising threat of ransomware will impact cyber insurance:
The volume and frequency of ransomware attacks continues to increase dramatically year on year. The number of cyber insurance claims exploded in 2021 and this is unlikely to decline in 2022. Renewals are expected to be especially challenging as insurers seek to enforce stricter underwriting standards in order to limit exposure. Cyber prevention and preparedness will become increasingly important, and organisations will need to tighten up their security posture and be able to be clear about the extent to which they mitigate risk.
- Secure hybrid working remains a challenge to solve:
While the shift to hybrid working models has triggered many organisations to change their cyber incident response plans either in part or completely, hybrid working will remain the primary concern for business leaders and a challenge to solve. As attack surfaces continue to extend beyond the traditional enterprise perimeter – from a security perspective – businesses would be wise to consider a total re-evaluation of policies and tools to better manage their risk in 2022.
- The Zero Trust journey will become increasingly more important:
Zero Trust will become the biggest area of investment for cyber security as a result of hybrid working and the exponential shift to cloud-based applications. These shifts have solidified the trend of identity as the new security perimeter. The strong identity authentication everywhere and ‘assume breach’ security posture of Zero Trust will be a journey that every one of us will need to undertake – whether we know it or not – right now.
- Cyber security will be a more prominent discussion in the boardroom:
With an increase in highly publicised security breaches and business disruptions due to ransomware, boardroom discussions will pay focussed attention to cyber security. With visibility to the correct information and insights, boards can play a key role in driving the full adoption of critical security solutions including Zero Trust, identity, and access management.
As a result, Chief Information Security Officers (CISOs) will play a critical role in advising the board, establishing and maintaining the vision and strategy, and evolving the necessary programmes to ensure their businesses, information assets and technologies are adequately protected. They will need to communicate effectively to the board in business terms, using benchmarks, metrics, and comparative analysis that help to provide clarity about the risks businesses face and the need for effective cyber security.
- Intelligence-led validation will inform the right action:
As cyber attacks become more complex, sophisticated, and frequent, coupled with the increasing prominence of cyber security in boardroom discussions, it will be even more critical for CISOs to have a complete picture of their company’s security effectiveness. With the right intelligence-led validations aimed at three areas – people, technology, and governance – used in conjunction with real-time threat detection and response, a holistic cyber security operations model can help companies build a stronger security posture and strengthen their cyber defences.
- Cyber talent shortage remains a problem:
The cyber security skills gap has been an industry issue for some time and is not abating in 2022. According to the 2021 (ISC)2 Cybersecurity Workforce Study, the gap between the number of professionals needed to defend organisations and the number currently available is a worrying 2.7 million even though an additional 700,000 professionals have joined the cyber security sector in the last 12 months. This highlights the urgent need for organisations to rethink their hiring strategies and to actively explore new ways to cultivate and grow their talent pool beyond traditional methods, broaden diversity efforts by proactively encouraging more students into STEM subjects and offer on-the-job training to existing talent.
- Increased regulation to keep pace with risk:
Regulation is increasingly making cyber security mandatory and placing greater obligations on companies. In the US, we will continue to see additional states pass privacy laws to mirror those passed in California, Colorado and Virginia – 14 additional states are already considering similar measures. Globally, 2022 is set to be the year when regulators pull out the stops in order to get on top of cyber security risks and establish cyber security maturity as a global business priority.
Would you like to find out more about these trends? Join us at ITC’s Annual Cyber Summit #BEYOND on Thursday 27th January 2022 and be inspired by real examples of how to address these trends by making the most of the latest developments in cyber security. Register here