2021 was a record-breaking year for data breaches. The number of breaches reported from the start of 2021 through September 30 (1,291 breaches) already topped the total for the entire year of 2020 (1,108 incidents), according to the Identity Theft Resource Center (ITRC). As hackers continued to take advantage of new vulnerabilities created by hybrid and remote work infrastructure, companies of all sizes experienced security incidents – with ransomware attacks, in particular, disrupting the operations of the Colonial Pipeline, major meat processor JBS, Fujifilm, and many other organizations.
With cybercriminals showing no signs of slowing down in their efforts to breach the networks of all kinds of businesses, 2022 is bound to be another eventful and challenging year from a security perspective. As you formulate your game plan to protect your IT environment from rapidly evolving threats during the upcoming year, here are some trends and predictions to consider.
1. Cybercriminals will continue to bombard businesses with ransomware attacks.
This costly and damaging malware ran rampant this year: Average weekly ransomware activity was 10.7 times higher in June 2021 than in June 2020, according to the August 2021 Global Threat Landscape Report from Fortinet. Following the attacks on Colonial Pipeline, JBS and other organizations earlier this year, Anne Neuberger – the deputy national security advisor for cyber and emerging technologies on the National Security Council – warned in an open letter to U.S. business leaders that “no company is safe from being targeted by ransomware, regardless of size or location.”
Ransomware will remain a pressing issue during the upcoming year, according to a blog entry titled “The Top Cybersecurity Trends for 2022” published by the National Cyber Security Alliance (NCSA). Organizations that fell behind on patching and updating on-prem networks while focused on accommodating remote workers will find themselves vulnerable to attack, and the prevalence of “Ransomware as a Service” will make it easier for unskilled individuals to commit this type of cybercrime. Any business that wants to avoid an expensive and financially devastating ransomware incident should proactively invest in comprehensive managed cybersecurity services.
2. Cloud security will become a top priority, particularly for organizations with remote and hybrid workplace strategies.
Cloud solutions have become essential for businesses with distributed workforces looking to ensure that their employees can access vital resources from anywhere. However, reliance on cloud services comes with additional IT security challenges, such as misconfigurations and access management issues, according to the NCSA. The vast majority (96 percent) of cybersecurity professionals are already at least moderately concerned about public cloud security, according to the 2021 Cloud Security Report from (ISC)².
Subsequently, as companies continue to ramp up cloud adoption in 2022, cloud security posture management (CSPM) will become a top priority (if it isn’t already) for security leaders. For more information on the topic, take a look at my previous blog entry, “What the Heck Is CSPM, Anyway?”
3. Businesses will focus on employee security awareness training.
In 2022, cybercriminals will continue to leverage social engineering tactics to infiltrate corporate networks, according to the ISACA article “Assessing the State of Cybersecurity in 2021 and Preparing for 2022.” As a result, businesses will invest in comprehensive and ongoing employee security awareness training programs to stop their staff members from falling for phishing messages and other scams.
If some or all of your employees fulfill their professional obligations off-site, you should update your training program to include guidance for remote workers. For additional recommendations on revamping your approach to security training, take a look at this blog entry: “5 Tips to Strengthen Your Security Awareness Training Program.”
4. Many enterprises will seek a single source for multiple cybersecurity solutions.
With how complex and specialized the field of cybersecurity can get, it’s easy to end up juggling dozens of different solutions – and that’s what many security leaders currently do, according to the Gartner article “The Top 8 Cybersecurity Predictions for 2021-2022.” However, in the coming year and beyond, businesses are expected to consolidate and look for suppliers that can serve as one-stop shops for multiple cloud-delivered security products. Gartner projects that 30 percent of enterprises will obtain cloud-delivered secure web gateway, zero-trust network access, Firewall as a Service, and cloud access security brokers from the same provider by 2024.