As digital transformation accelerates in many industries and organizations rethink office work, cyber-attacks are diversifying and reaching unprecedented levels. Every vulnerability can be exploited with the cost of endangering digital assets and eventually the entire organization. Being aware of possible threats and vulnerabilities is the first step in safeguarding your business and ensuring safe growth. For this reason, we have compiled a list of the top security trends, predictions, and priorities for your business agenda in 2022 and beyond.
Context
The increasing number of cyber threats around working from home, supply chains, and cloud, cryptocurrencies, and crypto wallet security attacks, operational technology (OT) cybersecurity, and application security vulnerabilities have been some of the most discussed cybersecurity topics of the past two years. According to the most recent cybersecurity report from Gartner, by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Moreover, 70% of CEOs will mandate a culture of organizational resilience to survive threats from cybercrime and other social and political instabilities. Therefore, there are clear signs that governments, organizations, regulatory bodies, and the private sector are taking the issue of cybercrime far more seriously. However, so are fraudsters.
Data protection and privacy initiatives and enforcements
Since the GDPR came into force in 2018 in the EU, there have been numerous similar data protection and privacy initiatives worldwide. This includes the California Consumer Privacy Act (CCPA), China’s Personal Information Protection Law (PIPL), the Brazilian General Data Protection Law (LGPD), Singapore’s Personal Data Protection Act (PDPA), and more.
In 2021, 1.1 billion EUR worth of fines have been issued against organizations for violations of the GDPR, according to the law firm DLA Piper. For 2022, the law firm believes the greatest data protection compliance challenge for companies will be ensuring that data transfers between the EU and third countries are compliant with the July 2020 Schrems II judgment. It states that data can only be transferred out of the EU if the country of origin can guarantee the same level of data protection as the GDPR. This has a great impact on business continuity as the ruling threatens service interruption if data transfers are suspended. DLA Piper also warns on ensuring data transfer compliance in case of audits, due diligence, procurement, and other compliance verification procedures. Moreover, complaints, investigations, and enforcement activities related to cookies and other tracking technologies will intensify.
Cloud attacks
The past two years’ discussions on cloud computing have circled around modern infrastructure for quicker innovation, faster time to market, and cost optimization. However, the increasing interest in cloud migration or adoption is expected to cause many security issues, misconfigurations, and outages for organizations. Cyber-resiliency is becoming a priority when migrating to the cloud, with multi-cloud architectures gaining traction.
Understanding the security challenges of cloud infrastructure is paramount in dealing with cloud attacks. Even though some companies believe that the security of their cloud should be handled by the provider, cloud security is a shared responsibility. The service provider and the customer should both follow certain best security practices. Also, they need a dedicated expert or team that is constantly up to date with the major security risks in cloud computing. If you want to deep dive into this topic, we’ve compiled a list with recommendations to help you ensure a high level of security for your cloud.
Zero Trust authentication
With hybrid workspaces here to stay, more businesses will adopt Zero Trust authentication. 2021 has broken the record for zero-day hacking attacks, including closing out the year with the serious Apache Log4j vulnerability. Log4j is among the most used tools to collect information across corporate computer networks, websites, and applications, hence the severity of this vulnerability and the high potential for malware attacks. Cybersecurity company Akamai Technologies has tracked 10 million attempts to exploit the Log4j vulnerability per hour only in the US, with technology, financial services, and manufacturing industries among frequent targets. While big companies can easily patch their web services to prevent exploits, other organizations will need more time to defend their systems. Some might not even know they need to.
Zero-day exploits can pose serious threats as a way to launch cyberattacks via a previously unknown vulnerability. This might prompt a rapid adoption of a zero-trust approach, as we’re already witnessing in the Data Security Law in China. This is a framework that classifies data collected and stored in China based on its potential impact on Chinese national security. Zero Trust authentication practices, such as micro-segmentation, threat hunting, and advanced telemetry, can prevent organizations from becoming the victims of malicious exploitation.
Ransomware attacks
The industry has already started looking at ransomwares from multiple perspectives, also taking into account the entry point. The attacks on enterprises will continue via virtual private networks (VPNs), spear-phishing emails, and exposed remote desktop protocol (RDP) ports. On the other hand, ransomware-as-a-service gains traction, as fraudsters are getting creative and contracting specialized entities to launch the attacks. In such circumstances, basically, anyone can launch a malicious attack.
According to a recent CISA report on the rising ransomware threat to operational technology (OT) assets, ransomware attacks are increasingly targeting critical infrastructures due to the convergence of IT and OT networks, through the compromised home networks and devices of remote workers. Therefore, increased attention will be paid to shifting from VPN to ZTNA (Zero Trust Network Access). This offers more secure options for controlling remote access to sensitive data.
Deepfake social engineering attacks
Social engineering will continue to pose serious security challenges as attacks are gaining in sophistication. Moreover, people are susceptible to being tricked. Therefore, attackers will further exploit the human image synthesis technique, as we’ve seen last year when a bank manager in the UAE fell victim to AI voice cloning. Hackers tricked the bank manager into transferring USD 35 million.
The potential to con victims by impersonating individuals is extremely worrying. There are hundreds of materials online proving how far things can go. Take a look at the video below to learn why it’s getting harder to spot deepfake videos.
Let’s talk about your project
As companies in all sectors aim at strengthening and modernizing their digital security practices, they need a trusted partner equipped with extensive know-how and expertise in preventing, detecting, and responding to even complex software security threats. Talk to a security expert!