The cybersecurity landscape has always been dynamic. However, this past year highlighted vulnerabilities and attack vectors that will drive trends and shape global expectations for security in 2022. Here are some of the key areas I believe organizational leaders and security professionals should maintain a watchful eye on in the year ahead.
Threat actors will target internal employees to exfiltrate data
In 2021, we saw attackers take a new approach to data exfiltration – they targeted internal support teams, such as customer or IT support, to access and ultimately exfiltrate sensitive and proprietary data. We saw multiple instances of this, some successful and some not; however, we will likely see more of these incidents in 2022 as attackers continue to adapt their techniques.
With attackers directly targeting employees to plant ransomware or extract sensitive data, security awareness training will be more important than ever before. Organizations with effective workforce security and awareness training programs must ensure that every team is appropriately prepared for the threats from within and outside the company.
Employees are working across a plethora of networks, which likely vary in security, and each of their actions can pose a threat to the greater organization. If an employee is not appropriately trained to identify potential threats to company information, whether it be sending files to someone they believe works for the company or sharing documents via cloud applications, their organization is leaving itself open to avoidable insider risk factors.
Organizations will need to take a more proactive approach to empower a more risk-aware workforce and ultimately protect against insider risk events in the year ahead.
Increased concerns surrounding ransomware
Ransomware played a major role in the 2021 cybersecurity landscape, and this trend will continue in the new year. In 2022, I expect that the frequency of ransomware attacks will steadily rise and that data exfiltration as part of a ransomware attack will become a more prevalent issue moving forward. Attackers are becoming much more adept at how to inflict the most pain on organizations and the best ways to steal the most data from them. The reality is that as long as there is money to be made in ransomware, it won’t go away; organizations are going to have to be ready for that.
Shifting culture within the security practice
Now more than ever, employees are simply burnt out – with security professionals among the highest groups experiencing it. With burnout comes apathy and unintentional negligence – and skimping on security processes. Over three-quarters of insider data breaches this year have been considered non-malicious. With burnout reaching new heights, the industry needs to make a concerted effort to prevent this statistic from worsening.
Taking factors, such as workplace burnout and employee retention rates, into consideration in tandem with the general movement towards more empathetic workplace cultures, security leaders are encouraging more sensitivity among team members and across the practice. The notoriously stoic cybersecurity culture is changing; in 2022, we’ll see more organizations adapting to this shift, changing traditional titles such as “Security Manager” to “Security Culture Manager” to align with the arguably overdue need to recognize that the culture a security team brings to the overall business is equally as important to the protections brought to the business.
Expect heightened cybersecurity around the 2022 election cycle
With multiple contentious and high-profile midterm elections coming up in 2022, cybersecurity will be a top priority for local and state governments. While security protections were in place to protect the 2020 election, publicized conversations surrounding the uncertainty of its security will facilitate heightened awareness around every aspect of voting next year.
Crypto will be an attack vector as a result of minimal regulation
The popularity of cryptocurrency paired with the limited regulations around its buying and trading makes it a prime target for attackers. As we look ahead to 2022, I expect that threat actors will find ways to infiltrate the crypto, exploiting organizations as well as buyers and sellers for large returns.
There are now heightened expectations—and immense pressure—on cybersecurity as an industry. These expectations have propelled cybersecurity to the forefront of business operations and prompted an overall shift in security culture.
While there’s no true way to definitively predict the trends that will shape the industry in the year ahead, the events of the past year highlight the undeniable fact that security is now a critical function of business and everyday life. In 2022, the reality is that a proactive cybersecurity strategy is the only way to mitigate data loss and reputational damage in case of a cyber threat or risk event. Whether it be midterm election security, cryptocurrency trading regulations, or changes in culture, the industry is rapidly pushing towards the future and it’s on us to keep up.