Cyber Trends to Look Out For in 2022
As the cyber sector is constantly growing and evolving with innovations, both good and bad, the trends we see change from year to year. After an eventful 2021, we can expect to see some new challenges this year.
As with most cyber security issues, these can be overcome with a carefully thought out cyber security strategy and user awareness. After considering the events that happened last year, we have put together a list of trends that we expect to emerge in 2022.
Ransomware
Successful ransomware attacks made 2021 an extremely lucrative year for cybercriminals.
Ransomware gangs raked in millions last year and will be looking to build on their successes in 2022. The United States Treasury’s Financial Crimes Enforcement Network reported that ransomware filings in the first sixth months of 2021 exceeded the 2020 total and that if the current trend continues, ransomware related transactions will have a higher value than in the previous ten years combined.
DarkSide gained $4.4 million (in bitcoin) from their attack on Colonial Pipeline. Profitable incidents such as this mean it is no surprise that the ransomware business is booming and as gangs are growing and earning more money, we can expect to see attacks continue in 2022. As organisations strengthen their cyber security in attempts to prevent these attacks, cybercriminals will look to target weak points in supply chains in order to encrypt important networks.
A Move Away from Passwords?
As we move into 2022, we can expect to see a move away from passwords, and increased use of alternative authentication methods such as biometrics (fingerprints, facial recognition) and authenticator apps.
Massive companies are already making the leap across, suggesting that others will follow suit. Microsoft has already ditched passwords, instead, you can use the Microsoft Authenticator app, Windows Hello, a verification code or a security key to log in to your Microsoft account. Whilst a move away from remembering complicated passwords is convenient for users, there is potential for it to implications for multi-factor authentication.
Just because you can now use an alternative authentication method to access your accounts, you should ensure you are securing your accounts by using at least two authentication methods where possible. It doesn’t hugely matter which methods you use, as long as your data is protected by two barriers rather than one.
Cyber Skills Shortage
Another issue that will grow this year is the cyber skills shortage. Organisations should prepare for the cyber skills gap to expand. In short, there are not enough trained cyber security professionals to keep ahead of malicious actors and to offer the necessary protection that organisations need.
Individual businesses will need to adapt their approaches to address this gap, possibly outsourcing their monitoring to external security operations centres (SOCs) and seeking advice for their cyber security strategies elsewhere.
Virtual Chief Information Security Officer’s (vCISOs) are able to guide an organisations strategy and assist with compliance matters, without the need for hiring a full-time Chief Information Security Officer (CISO) who can be difficult to find and costly for businesses.
Regulation
In 2022 we can expect to see governments attempt to impose laws and regulations which will seek to protect users’ privacy and businesses confidential data. Proposed in late 2021, the Product Security and Telecommunications Infrastructure (PSTI) bill aims to support the rollout of gigabit-capable broadband and 5G networks and better protect citizens and infrastructure against harms enabled through insure consumer connectable products.
The introduction of this bill suggests that government departments are seeking to better protect national infrastructure and individuals’ privacy, following a number of high-profile attacks and breaches last year. Whilst there are arguments for and against regulating cyberspace, it is encouraging to see state actors taking more steps to secure national networks.
Cyber Insurance
The cyber insurance market is relatively new and rapidly growing, meaning that insurance is going likely to become more expensive in the next few years, and brokers will start looking for stricter criteria to be met. Cyber insurance is an important part of a business recovery process following data breaches and ransomware attacks, meaning that understanding the cyber insurance market is vital for business owners.
Wolfberry has noticed a trend of cyber insurance brokers asking that organisations hold cyber security certifications and accreditations, to prove that they are serious about maintaining a secure cyber security strategy.
These accreditations include Cyber Essentials, Cyber Essentials Plus, IASME and ISO27001. As the market grows and becomes more regulated, businesses will need to keep up in order to ensure that they have the necessary insurance for their incident response plans.
NFTs
NFTs (non-fungible tokens) are essentially pieces of unique digital art that can be owned. In short, an NFT is a unit stored on a blockchain, and these one-of-kind units can be traded and sold. The NFT market boomed in 2021, with artists such as Grimes selling NFTs for millions of dollars.
As this method of selling and owning images, videos and audio clips becomes more popular, more businesses will begin to incorporate NFTs into their marketing and engagement strategies. NFTs are also likely to play an important role in the metaverse as virtual assets. As the majority of the attention on NFTs is their potential for gaining profit from investment, very few are focusing on the security implications of trading NFTs.
NFTs tend to be traded on centralised platforms, meaning that if a hacker is able to compromise the platform, they may be able to access crypto wallets and already purchased digital assets. Vulnerabilities in NFT smart contracts have already been exploited by malicious actors. In 2017, a bug affecting Crypto Punks meant that when owners would sell an NFT, the payment (ETH) would not be sent to their wallets. Instead, the buyer kept the money and the asset (NFT).
Moreover, individuals are already finding methods of selling zero-day exploits as NFTs. As more users and investors join this space and trading platforms remain largely unregulated, we can expect to see malicious actors taking advantage of frequent trades and vulnerabilities.
The Metaverse
The Metaverse is a newly forming environment and whilst we don’t fully know how the innovation will develop, we can assume that the virtual environment will have a number of security concerns. The security concerns brought about by the internet and social media such as theft, fraud and privacy issues will all be present in the Metaverse.
Rather than addressing issues are we find them, it would be a better approach to mitigate security issues whilst the Metaverse is still developing, rather than when waiting for millions of users to be compromised.
Hopefully, cyber security laws and regulations will be amended to protect users on the Metaverse, addressing issues to do with privacy and data protection. As the virtual environment will provide malicious actors will a whole new platform to exploit users and businesses for financial gain, user awareness will be key. As the Metaverse is still forming is difficult to pinpoint how exactly to stay safe as a user, but this year we should being to see new developments. As the Metaverse begins to become a reality in the next few years, businesses looking to incorporate the new environment into their strategy should be aware that is likely to be lightly regulated and home to new attack avenues.
Whilst this list is not exhaustive to all of the cyber trends that will emerge this year, it does show the new challenges facing individuals and businesses.
Cyber developments and innovations are exciting and can drive us all forward, but we should be aware of new threats that could unfold in the future. Preparing for a changing landscape is the best way to protect your business from new vulnerabilities that may emerge in 2022.