From major supply chain disruption and COVID-related scams, to devastating ransomware attacks and emerging deep fakes, 2021 was undoubtedly another momentous year for cybersecurity. Tris Morgan, Global Director Security Advisory, BT, discusses some of the pivotal trends he expects to shape the cybersecurity industry as we set our sights on what’s to come in 2022.
We’ve reached the end of another tumultuous year in the world of cybersecurity. Cybercriminals have wreaked havoc across continents and in multiple industries, with incidents having greater real-world impact than ever before. We’ve seen cyber-related fuel shortages, shop closures, healthcare disruption – the list goes on. Faced with a growing threat landscape, the need to navigate the shift to hybrid working and a global shortage of skilled security professionals, organisations around the world are struggling to keep up. Every year we’re seeing the threat landscape become increasingly complex and fast-paced and one of the few certainties we have in security is that this year will be no different. From new cybercriminal behaviours and attack methods to cyber meets sustainability and demand for digital privacy, there will be a number of key trends that we’ll see more – so let’s explore them.
Cybercriminals will leverage the public domain to extort businesses in 2022
In general, cyberattackers have kept blackmail and extortion attempts private to evade law enforcement and to urge their victims to pay up and avoid the impact of it becoming publicly known. With cybersecurity now very much in the public eye, this is likely to change, especially for major organisations.
Going public with the threat of an attack will force businesses to manage pressure from customers, government and regulators to avoid loss of sensitive data or operational impact, potentially increasing the likelihood of them paying ransomware demands.
We will see an increase in the complexity of attacks and a focus on exploiting consumers
2021 focused on threats to businesses, with hybrid working continuing to dominate conversations, but in 2022 attacks will become more personal and focused on the individual. In particular, we’ll see an increase in the sophistication of mobile attacks, cybercriminals will evolve their techniques to exploit the growing reliance on mobile devices.
Phishing and smishing via SMS and emails will remain prominent – but these types of scam are likely to become more complex and targeted to specific individuals, rather than just bulk messages sent out en masse.
Consumer attitudes to digital privacy will enforce closer collaboration between private and public organisations
Last year was a big year for privacy and preserving it was one of the most discussed technology-related topics. Consumers are undoubtedly taking a more active role in protecting their own privacy. As a result, it’s no longer seen as a competitive advantage – it’s mandatory for businesses regardless of their business model.
In 2022, we’ll see big tech businesses continue to react to this demand by giving users more control over their privacy – but not full autonomy. Global governments will play an increasing role in this privacy puzzle too, putting pressure on these firms.
This will translate to more regulation and privacy laws, especially at a local level. But for both parties to succeed in protecting and pleasing consumers, we’ll see them work more collaboratively together.
Cybersecurity and sustainability will become more intertwined
A cyberattack which took place last year forced US oil company, Colonial Pipeline, to shut down its operations. There are obvious links between cyberattacks being damaging operationally and financially, but we can expect to see cybersecurity and sustainability more overtly linked moving forward.
In 2022, as cybercriminals continue to target critical national infrastructure, we could see them use this control to unleash – unwittingly or not – huge amounts of environmental impact. The security element of infrastructure and products that will help meet sustainability goals will also come into greater focus. Unless we can fully protect both critical assets and consumer products – for example, widescale vehicle charging grids and smart connections in devices and IoT – then the benefits they provide won’t be fully realised.
Companies that succeed in 2022 will forget the buzzwords and use technology more intelligently
The security market is undoubtedly saturated with tools and services. To date, businesses haven’t done a good job at implementing these in a complementary way that allows them to really reap the benefits of their investments.
We’re already starting to see a realisation within savvy companies that there is a need to do away with the hype and ‘magic bullet’ solutions and focus on investing in security that can evolve with the ever-growing threat landscape. It’s not about buying everything and anything in the hope that it provides an adequate level of security, it’s about optimising what you have and adopting tools and platforms that are most relevant to your business. The people element, or what we call the ‘human firewall’, will also remain hugely relevant in this sense.
There will be an increased focus on bringing automation and AI to life to tackle the cyberskills gap
The cybersecurity skills gap still looms over most organisations – and it’s likely it will continue to do so unless the industry makes a step change. Automation plays a vital part in modern cybersecurity but, to date, many businesses have been hesitant. This year will be a tipping point for automation and AI and we’ll see a critical shift in mindset from businesses – especially as cybercriminals have already made the leap.
Businesses will look to bring these technologies to life in order to plug the cybersecurity skills gap – not just through AI solutions can handle bulk security tasks and free up people to focus on complex attacks, but which can also learn from human decision-making and increasingly make strategic security decisions automatically. This will be key for enabling organisations to level up their threat detection and mitigation.
With these in mind, there are clear signs that it’s going to be another pivotal year for the security space.