Edition: January 4th, 2022
Curated by the Knowledge Team of ICS Career GPS
- Excerpts from article by Bernard Marr, published on Forbes
The changed world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals. Homeworking, the ongoing digitisation of society, and the increasingly online nature of our lives mean opportunities for phishers, hackers, scammers, and extortionists.
As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and businesses to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks.
Here are the most important and significant trends affecting our online security in the next year and beyond:
1. AI-powered cybersecurity
- Artificial intelligence (AI) can counteract cybercrime by identifying patterns of behavior that signify something out-of-the-ordinary may be taking place.
- Crucially, AI means this can be done in systems that need to cope with thousands of events taking place every second, which is typically where cybercriminals will try to strike.
- It’s the predictive powers of AI that make it so useful here, which is why more and more companies will be investing in these solutions as we go into 2022.
- Unfortunately, cybercriminals are also aware of the benefits of AI, and new threats are emerging that use technologies like machine learning to evade the protective measures of cybersecurity.
- This makes AI even more essential – as it’s the only hope of counteracting AI-powered cyber-attacks.
- A research recently found that businesses now believe AI is necessary to identifying and countering critical cybersecurity threats, and nearly three-quarters of businesses are using or testing AI for this purpose.
2. The growing threat of ransomware
- A research by PwC suggests that technology executives expect ransomware attacks to increase in 2022.
- We can blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.
- Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency.
- Alternatively, the software virus may threaten to publish the data publicly, leaving the organisation liable to enormous fines.
- Ransomware is typically deployed through phishing attacks – where employees of an organisation are tricked into providing details or clicking a link that downloads the ransomware/malware software onto a computer.
- However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common.
- Education is the most effective method of tackling this threat, with research showing that employees who are aware of the dangers of this type of attack are eight times less likely to fall victim.
3. Internet of vulnerable things
- The number of connected devices – known as the internet of things (IoT) is forecast to reach 18 billion by 2022.
- One consequence of this is a hugely increased number of potential access points for cybercriminals looking to gain access to secure digital systems.
- The IoT has long been recognised as a specific threat.
- In 2022 the IoT is also getting more sophisticated.
- Many organisations are now engaged in the development of “digital twins” – comprehensive digital simulations of entire systems or even businesses.
- These models are often connected to operational systems in order to model data gathered by them and may offer a treasure trove of data and access points to those with nefarious intentions.
- In 2022 we will undoubtedly continue to see attacks on IoT devices increase.
- Education and awareness are two of the most useful tools when it comes to protecting against these vulnerabilities.
- Any cybersecurity strategy should always include a thorough audit of every device that can be connected or given access to a network and a full understanding of any vulnerabilities it may pose.
4. Cyber-security risk and exposure a key factor in partnership decisions
- Any cybersecurity operation is only as secure as its weakest link, which means organisations increasingly see every link in a supply chain as a potential vulnerability.
- Due to this, businesses will increasingly use cybersecurity resilience and exposure as a determining factor in choosing who they will partner with.
- With more legislation, more organisations are at risk of potentially huge penalties if they make information security slip-ups.
- This means every partner that potentially has access to an organisation’s data or systems will be rigorously vetted.
- Businesses that aren’t able to answer questions about their cybersecurity arrangements or ratings will increasingly find themselves out in the cold.
- It is predicted that industry-standard security rating schemes like SecurityScorecard, Black Kite, or UpGuard will become as important to companies as credit rating agencies.
5. Regulation starting to catch up with risk
- Cybercriminals act with the knowledge that understanding – let alone policing – of their activities is weak due to the fast-changing nature of technology.
- With the cost of cybercrime to global economies set to top $6 trillion in 2021, this isn’t a situation that is sustainable.
- According to Security Magazine, 2022 is set to be the year when regulators pull out the stops in order to get on top of the situation.
- One consequence of this could be an expansion of penalties that currently only cover breach and loss to also cover vulnerabilities and exposure to potential damage.
- Another may be an increasing number of jurisdictions passing laws relating to making payments in response to ransomware attacks.
- We could also see a growing number of legal obligations, in an attempt to limit the impact of data thefts, losses, and breaches on customers.
- Today, more than ever, building consumer trust is essential for organisations that want us to give them the privilege of access to our valuable personal information.
(Disclaimer: The opinions expressed in the above mentioned article are those of the author(s). They do not purport to reflect the opinions or views of ICS Career GPS or its staff.)