In the past two years, the digital revolution is taking over the world at lightning speed. Small businesses, large organizations, and even governments are now using computerized systems to manage their daily activities. This digitization has created a pressing need for cybersecurity – more than ever before.
As attacks and security breaches continue to take the world by storm, here are some of the top cybersecurity trends that you need to watch out for in 2022.
The average amount of ransomware transactions per month reported in 2021 was $102.3M. And cybercriminals are going to continue making bigger and bigger demands in 2022. Below is a graph representing the quarterly ransomware payments from 2018 to 2021.
Source: Chainalysis Insights
New ransomware attacks are projected to become more personalized and advanced in the coming year. Hackers will use penetration tools to customize attacks in real-time. They are also more likely to involve assets, including IoT, and insiders. In addition, 2022 will see new and even flexible ways to extort payments.
Nuclear Ransomware 3.0 is another trend predicted for next year where ransomware gangs don’t limit their activity to just encryption-only attacks or quintuple extortions, but instead branch out into many more revenue-generating hacks. These could include DDoS attacks, selling exfiltrated data, cryptomining, installing adware, and stealing money from bank accounts.
IoT devices are projected to reach 18 million by 2022. However, IoT devices make people more vulnerable to cyberattacks, especially when they are microphone or camera enabled. These devices are more vulnerable to attacks inherently and are less secure than other IT devices. They usually have limited computational capacity and cannot handle the inclusion of security controls and data protection schemes that are required to defend against attacks. In addition, they also need new compliance mandates and security initiatives to secure critical assets.
Hackers are known to exploit IoT devices and turn them into bots by using popularly shared malware codes like the Mirai malware program. An example of this was seen in 2016 when a Mirai botnet attack was used to take down high-profile and popular services like Netflix and Twitt
Supply Chain Attacks
A supply chain attack is one of the emerging threats that is expected to become a key security challenge for organizations in the coming year. Supply chain attacks typically target software developers and suppliers. Hackers do this by infecting legitimate apps to access source code, building processes, or updating mechanisms.
In one of the most significant cybersecurity events this year, the software company SolarWinds suffered a breach in a supply chain attack by a group of hackers. Codecov and Kaseya were other victims of sophisticated supply-chain attacks. In 2022, these attacks are projected to be on a larger scale and more frequent. Organizations and governments will have to pay hefty sums of money to recover.
According to Gartner, APIs (Application Programming Interfaces) will become the #1 attack vector in 2022, causing web application data breaches in enterprises. A recent report by Salt Security revealed that API attacks have been increasing at an alarming 348% over the last 6 months.
Source: Salt Security
These API attacks have also consistently bypassed traditional security solutions that organizations have in place, showing that they are a dominant attack vector. Given that APIs are most often used to provide access to the most critical data and systems, vulnerable APIs can be very detrimental to organizations.
Continued Remote Work Security Challenges
This research from Gartner shows that 47% of organizations plan to continue working from home full-time for the foreseeable future. In 2021, web applications such as cloud-based tools used by remote workers made up more than 90% of data breaches. As work permeates into the homes of employees and they login from unusual locations and devices, anomalous or malicious behavior becomes harder to detect. This makes remote workers one of the top targets for hackers in 2022. Attackers will target their weak spots using techniques like deepfake technology, mobile malware, and social engineering methods such as Geo-targeted phishing attacks.
More User Awareness Programs
The human factor has always been the weakest link when it comes to cybersecurity. Even after all the advancements in security solutions, phishing remains the most common attack faced by companies, underlining the importance of security awareness among employees. Basic cyber hygiene can eliminate up to 80% of cyber threats. In 2022, we can expect an increased investment by companies in spreading cybersecurity awareness among their employees to minimize user errors and millions of dollars’ worth of damages to the organization.
AI-Enabled Threat Detection
As security breaches become the norm for enterprises, more and more companies are leveraging AI technology to respond to cyber threats. AI can enable security teams to anticipate attacks and act in advance. Even though cyber AI technology tools are still at an early stage of adoption, their market is projected to grow by US $19 million by 2025. Solutions that utilize AI can adaptively learn and detect new attack patterns and can drastically improve the detection, containment, and response to cyber-attacks. Thereby easing the burden on security professionals.
Automation and Integration in Security Solutions
As data and its size multiply every day, there is now a heightened need for integrated automation with security solutions. Modern work also demands quick and efficient solutions for which automation is a necessity. As web applications become more complex, automation must be integrated right from the development stages to ensure security.
Are You Prepared For The New Threat Landscape?
As cyber trends continue to evolve through the years, your best call as an organization is to boost your security game.
Stop operating on the web in fear of being attacked. Prepare your cyber security strategy with the security experts at Indusface to manage and fight the latest cyber threats.