Secon outlines the top 10 cybersecurity trends for 2022 – PCR

Andrew Gogarty, Chief Security Evangelist at Secon, examines why organizations need to address many vulnerabilities with reports of multiple breaches and persistent threats.

While much of the UK workforce is now returning to the office following the easing of Covid restrictions, there are still large numbers of people who choose to work remotely or split their time between the office and the House. This change in working life means that companies must continue to be vigilant and address the multiple vulnerabilities that persist. That’s according to Andrew Gogarty, Chief Security Evangelist, Secon.

Gogarty commented, “Over the past two years, organizations have rapidly shifted to remote working and accelerated cloud adoption to support business continuity during the global pandemic. This everywhere access to critical business data has led to security vulnerabilities and created challenges to maintain effective cybersecurity.

“While reports of multiple breaches and ongoing ransomware threats continue, we believe there are ten top security risks that organizations must address throughout 2022. As a result, we have compiled a white paper which examines these threats in detail and will give any IT department or CISO the vital armor needed against cybercriminals.

  1. Ransomware

Ransomware continues to impact organizations and remains an ongoing concern. As a result, many organizations have matured their backup and recovery approaches over the past few years with the goal of being able to recover their data and environments should ransomware break through defenses. This approach has helped affected organizations avoid paying ransom demands to recover their data. However, ransomware will continue to prevail as one of the biggest risks for organizations.

  1. Cloud Breaches

The cloud helps organizations improve agility through accelerated application deployments, leverage automations and integrations to simplify operations, and ultimately reduce costs to increase revenue. As cloud adoption continues to increase throughout 2022, we expect an increase in unauthorized access and data breaches due to preventable security vulnerabilities presented by misconfigurations and human error.

  1. Vulnerability exploits

The growth of zero-day exploits is likely to become a bigger issue for security operations teams to manage in the future. As a result, we anticipate increased adoption of Zero Trust in 2022 to help organizations eliminate their attack surface, control access to their data, and prevent lateral movement of threats.

  1. Increase in exact domain name impersonation phishing

Since it requires little effort from threat actors and an improved click-through rate, we expect the use of exact domain impersonation phishing emails to increase in 2022.

As more organizations adopt a DMARC “rejection” policy, we can expect to see an increase in similar domain phishing. For this reason, it is recommended that you continue with user awareness training to help users identify these types of emails.

  1. The e-skills shortage persists

Resource constraints can limit an organization’s ability to reduce risk and detect and respond to cyber threats. We expect an increase in the number of organizations outsourcing security operations tasks in 2022. Most organizations will outsource vulnerability management, detection and response to help improve their cyber resilience and allow limited resources to focus on organizational priorities.

  1. Internal threat

Disgruntled employees and accidental mistakes can lead to data breaches. In 2021, the battle against insider threats has reached a new level of complexity, with reports of ransomware gangs openly seeking insiders to help them infect their company’s networks in exchange for generous commissions. We expect to see an increase in the number of organizations leveraging User and Entity Behavior Analytics (UEBA) solutions in 2022 to improve their ability to detect and prevent insider threat activity.

  1. Supply chain attacks

The supply chain remains an attractive target for criminal actors. This forces organizations to extend their risk management activities to their suppliers until 2022 and beyond. We expect to see more scrutiny in vendor cybersecurity questionnaires in the future. Being able to demonstrate a strong cybersecurity maturity will start to become a competitive advantage for many organizations.

The European Union Agency for Cybersecurity (ENISA) has boldly stated that strong security protection is no longer enough for organizations when attackers have already shifted their focus to vendors.

  1. State-sponsored activities

Cyberattacks are expected to play a greater role in global conflicts. With countless and untold covert cyber espionage skirmishes launched to seize sensitive information and peek into government and defense infrastructure, government-funded hacking operations will continue into 2022 and beyond. Thus, governments will likely come up with cybersecurity policies to have countermeasure capabilities and continue to educate organizations on improving cybersecurity resilience.

  1. Fake news and disinformation

As many events begin to return, we can expect to see more fake news campaigns, troll and bot accounts, and rogue marketing distributed via social media sites and emails.

Fake news and disinformation is not just a problem for the government; fake news is also used to lure victims to malicious websites. Misinformation can be weaponized by adversaries to disrupt their own agenda.

In addition, deep counterfeits are expected to have a greater impact in 2022, thanks to various applications, web3.0 and increasingly common AR/VR technologies.

  1. Cyber ​​insurance

More organizations will invest in cybersecurity assurance in 2022. We expect the process to go beyond a paper-based tick box exercise; an increase in checks and validations will be carried out by insurers to see how companies manage cyber risks and vulnerabilities, as well as their detection and response capabilities to minimize the impact.

Gogarty concluded, “2022 will be another eventful year full of vulnerability exploits, account takeover attacks, phishing and ransomware. Therefore, 2022 should be seen as an opportunity to step back and examine the pivotal changes of recent years to see how visibility and control can be maintained to reduce business risks from cyberattacks.

Read the latest edition of the PCR monthly magazine here:

Do you like this content ? Sign up for the Free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow the PCR on Twitter and Facebook.

Comments are closed.