To predict cybersecurity trends in 2022, it helps to look at the recent past. In 2021, we’ve seen the Colonial Pipeline attack against oil infrastructure in the US, the biggest ever cyberattack in food production which blighted JBS, the Kaseya ransomware attack by REvil and the Health Service Executive attack on the Irish healthcare system. Such incidents should remind businesses that, firstly, no sector is safe from cybercrimininals.
Additionally, it seems that nothing is off-limits anymore when it comes to cybercrime: health, food, even childrens’ education are all at risk from data breaches and ransomware.
Another way to predict what businesses need to prepare for on the cybersecurity front in 2022 is to listen to the experts. Data and analytics firm GlobalData for example reports that “attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT)”.
To get some details, at Verdict this week we’ve reached out to cybersecurity experts active in many different sectors, and brought together predictions for 2022 from insiders monitoring the threat landscape today. We’ve obtained some general cross-sector viewpoints and also ones focused on energy, oil, transport, logistics, aerospace, automotive, healthcare, retail and finance.
Cross-sector cybersecurity in 2022
“Based on the hacker chatter that we track on the dark web, we’ve seen traffic around deepfake attacks increase by 43% since 2019. Based on this, we can definitely expect hacker interest in deepfake technology to rise and will inevitably see deepfake attacks becoming a more-utilised method for hackers in 2022.
“Furthermore, like many other cyberattack methods, we predict that threat actors will look to monetise the use of deepfakes by starting to offer deep-fake-as-a-service, providing less skilled or knowledgeable hackers with the tools to leverage these attacks through just the click of a button and a small payment.”
“To adapt to hybrid working environments, more companies will drive to adopt the Zero Trust security model. Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the Zero Trust approach to security. I believe that companies need these tools to make sure their employees can get work done as safely as possible from wherever they are – commuting, travelling, or working from home – and that all of their endpoints are secured with continual checks in place.
“Security leaders will step up their protections against third-party risks. In security, you always need to be thinking ahead about what might come down the pipeline. From SolarWinds in December 2020, to Colonial Pipeline and Kaseya in 2021, our industry saw a distinct increase in supply chain attacks. CISOs and CSOs will need to make sure their vendors are also secure. This includes looking at third parties related to the business and assessing how to best manage any risks.
“More public technology companies will create dedicated cybersecurity committees on their boards of directors. One of the most impactful things we did at Zoom this past year was to institute a three-person committee on our board dedicated to cybersecurity matters. Having security industry experience at this level is incredibly valuable, allowing us to readily address concerns and issues in industry shorthand. While this approach is still relatively new, it has been incredibly beneficial and I wish we did it sooner. And I’ve heard peers express strong interest in recreating this approach at their own companies, which leads me to expect this will be a priority for organizations in the new year.