Products
▸
Cybersecurity Threats and Issues 2022
After a year 2021 with a sad record of cyber threats, a similar trend is emerging for 2022 with attacks that are increasingly sophisticated, frequent, precise and inventive.
Recent government initiatives and new technologies are contributing to the development of more and more solutions to combat cyber threats. Better awareness among decision-makers, increased investment and concrete strategies will continue to be essential for combatting threats in the future.
2021, a record year
The year 2021 will be particularly badly remembered in terms of corporate cybersecurity. Various figures show an increase in attacks.
The French IT security agency ANSSI has recorded 1082 attacks on IT systems for 2021 compared to 786 for 2020, an increase of 37%. In France, the government platform Cybermalveillance.gouv.fr saw a 101% increase in its traffic in 2021, or about 2.5 million visitors. In the U.S., according to a U.S. Treasury Department report, over $590 million was extorted through ransomware between January and June 2021, which is $170 million more than in 2020. Some attacks have received significant media attention. Among them, the Pegasus affair, the Acer group and the REvil ran somware, the tapping of sensitive data of 1.4 million patients of Paris hospitals, etc. With these numbers in mind, companies have entered 2022.
The trends for 2022
For organizations to prepare for these threats in 2022, they first need to know them better. So let's start with a familiar threat, ransomware.
In 2022, attacks of this type will become more sophisticated and affect even more organizations, regardless of size. This year will also see an increase in the trends and issues already observed, such as the professionalization of hackers, the development of a parallel economy focused on "data shaming" and a favoring of attacks by the increasing use of the home office.
Data leaks will also increase and become much more costly to organizations. As phishing campaigns become more sophisticated, experts predict that hackers will be able to tap into data even more efficiently in 2022.
Attacks on smartphones, which are often unknown or underestimated, will also increase. One figure illustrates the importance of these attacks: in 2021, 46% of organizations reporte d that at least one of their employees had downloaded a malicious app onto their smartphone. It's also worth remembering that any openly accessible peripheral is an entry point for hackers.
Cybersecurity and the cloud are closely linked. In 2022, it is fairly safe to assume that microservices
vulnerabilities will lead to large-scale cyberattacks. In addition, hackers will increasingly exploit the
vulnerabilities resulting from the integration of the DevSecOps concept.
The scale of the impact of these "new" threats will also increase. Specifically, this means that the
increasing use of cryptocurrencies, essentially in private companies but also in public ones, will provide a target
for cyberattacks such as phishing, Trojans, Infostealers, Flash Loan for Web Applications 3.0, etc.
Another emerging trend concerns deepfakes. As a reminder, these are AI-generated videos designed to intentionally deceive a human user. This type of content aims to gain access privileges to organizations' critical infrastructure by manipulating specific employees. In 2022, organizations will be increasingly exposed to this challenge and will therefore need to consider new security measures (ex: double-checking procedures) to prevent this type of attack. Social media will also see an increase in attacks. This includes creating false profiles to manipulate employees or hacking official accounts with the goal of damaging an organization's image.
Finally, the supply chain will come under increasing pressure in 2022. The frequency and power of attacks against supply chains will increase. Recent geopolitical and health events have highlighted the weaknesses of these complex processes, which contain vast amounts of strategic data and can quickly cripple an entire organization.
How can you strengthen your cybersecurity and protect yourself in 2022?
From an organizational perspective, decision makers must continue to focus on educating employees on best practices of cybersecurity (multiple passwords per application, two-factor authentication, suspicious email detection, etc.).
Decision makers need to know that they themselves are a priority target and adjust not only their use of IT tools, but also the nature of file sharing accordingly. For example, they could use a closed ecosystem for sharing documents to leadership meetings.
Strengthening technical teams and conducting regular compliance and security audits must become standard practice of cybersecurity in as many organizations as possible. In addition, it is imperative that these organizations take steps to ensure the integrity and traceability of their sensitive data. Data storage systems with cloud solutions and end-to-end AES 256 encryption can prove very useful.
After a year of countless cyber threats in 2021, 2022 seems to be following this trend as well. The frequency and complexity of threats will put increasing pressure on organizations. Not only will they need to respond to new types of threats, but they will also need to strengthen their current cybersecurity measures, tools and processes in the face of already known threats. Even though more and more organizations are aware of this threat, they still lack the necessary skills to effectively confront it.
The instalation of a DLP system is the first step to strengthening cybersecurity in your company!
The most important cybersecurity threats for 2022 an outlook
Many trends from 2021 will continue in 2022
Anyone who believed that an expensive purchase of the latest security software would fully protect their company from future cyberattacks has surely already realized their mistake. A look at the cybersecurity landscape in 2021 shows that attacks and threats will become more sophisticated, more human-centric, more frequent and more difficult to detect. Not exactly a reassuring outlook.
The biggest cybersecurity threats in 2021. In its Threat Landscape Report for 2021, the European Union Agency for Cybersecurity (ENISA) lists the cybersecurity threats that had the greatest impact on businesses and individuals in the past year (April 2020 to July 2021 report):
Cybersecurity Threats
Ransomware clearly tops the list of threats and is on the rise not only in terms of frequency (there is a ransomware attack every 11 seconds globally), but also in terms of the amount demanded. Cybercriminals are estimated to have captured more than $20 billion from enterprises in 2021, up from $11 billion in 2020, mainly through phishing emails and remote desktop services (RDP) brute-forcing.
Malware. Encouragingly, 2021 continues the decline in malware from 2020. However, criminals are increasingly turning to unconventional code to remain undetected.
Cryptojacking experienced quite an upswing in early 2021 and, like ransomware, has a steady growth curve.
Email threats. Since email remains the primary communication channel, it is not surprising that it is still one of the most attractive targets for attackers. The focus of email threats, particularly business email compromise, has shifted almost entirely from technical vulnerabilities to exploiting human errors and behaviors.
Attacks on data. Data breaches remain as attractive to criminals as money-related attacks. In times of pandemic, they were particularly noticeable in the healthcare sector, where hospital and medical facility databases were subject to intense onslaught. Data-driven organizations were also forced to address not only compliance, but also strengthening their security.
Availability and Integrity Threats. Threats such as denial of service (DoS) and web attacks can impact organizations' resources, performance and service readiness.
Disinformation/misinformation. Despite education campaigns, these types of threats are increasing at record speed. They spread mainly via phishing and aim to manipulate people's views and behavior.
Non-malicious threats. In 2021, the upward trend in non-malicious, man-made incidents continued. Along with email threats, this highlights the need to increase employee security awareness.
Supply Chain Attacks. The sophistication and effectiveness of supply chain attacks is rapidly increasing, making them one of the biggest threats to enterprises and especially managed service providers.
Cybersecurity threat outlook in 2022
According to the statistics, almost all cybersecurity threats from 2021 will remain in 2022, and more will be added. Researchers report an increase in zero-day cybersecurity attacks, as well as the complexity and sophistication of codes and tactics, making them more difficult to detect.
Ransomware will persist into 2022 simply because it is so lucrative. And considering that in the first quarter of 2021 alone, ransomware tripled in number compared to all of 2019, the situation is very serious. VPNs, unprotected RDP ports and phishing play a major role in spreading, but infection via cloud and USB devices is quickly catching up and posing a serious challenge to critical infrastructure. Combining comprehensive endpoint and phishing protection with employee training to identify potential cybersecurity threats has been shown to significantly reduce ransomware success.
There are steps which should be followed to prevent a company from ransomware.
Gartner estimates that by 2025, the threat of supply chain attacks will force approximately 60% of enterprises to select partners based on their cybersecurity maturity. In addition, legislation is expected to tighten and companies will face tougher penalties for information leaks. Gartner expects industry-standard security rating systems to play an increasingly important role in assessing a partner's trustworthiness in the future. Securing the supply chain will be critical to survival and competitiveness for companies with large networks.
The proliferation of the Internet of Things (IoT), which enables various devices to share data in an online environment, opens up myriad attack vectors. Through home appliances, connected cars and smart equipment, cybercriminals can bypass the security of digital systems and gain access to their data.
Speaking of data: interest in it will continue to grow globally in 2022. Attackers will use any human error or technical vulnerability to steal credentials and gain possession of critical information can cause significant damage to a company's image or financial standing.
Deepfakes are described as a tool that will continue to be used in 2022 to compromise business emails, manipulate multi-factor authentication and know-your-customer ID, mainly thanks to the use of cryptocurrency.
In 2022, phishing attacks continue to deserve special attention as they become more targeted than ever and use increasingly sophisticated tactics such as personalization or geographic localization. The good news is that phishing is some of the threats that are relatively easy to prevent. Reliable email protection software capable of detecting malicious content, combined with proper credential security, creates good standard protection.
However, these are far from the only cybersecurity attacks that businesses and individuals face. Small businesses are not spared from attacks either. Regardless of how good their cybersecurity is, businesses should remember that keeping it up to date and future-proof, as well as educating and raising employee awareness of prevention, is an ongoing process.