Cybersecurity Threats 2022: What It Means For CISOs

Imagine an intense cat-and-mouse game between cybercriminals and 3 different actors – you, the government, and private organizations.

Imagine smart, talented people who are forever pushing the boundaries of what’s possible with technology for unauthorised access to data – for blackmail, profit, or pure fun.

You now have all the ingredients for cybercrime whodunits.

This article outlines what’s in store for you and your company by way of cybersecurity threats in 2022.

1. Cybercrime Horror Stories from 2021
2. What Can We Learn From Cybersecurity Attacks Of 2021
3. Forget Small, Even Big Companies Are Not Exempt From Hacking
4. Ransomware Is Big Business
5. What’s The Cost Of Rebounding From Ransomware
6. The Most Important Cybersecurity Is Identity Security
7. How Is The Federal Government Tackling Cybercrime
8. How Are Consumers Affected By Cybercrime
9. How Can Companies Protect Themselves
10. The Next Steps

Cybercrime Horror Stories from 2021

Any prediction for 2022 must be based on what has happened in the last couple of years.

Picture 2021 which witnessed these cybersecurity threats

1. Crisis at Microsoft
2. A resurgence of ransomware
3. An endless supply of zero-day vulnerabilities
4. A litany of cybercrime horror stories from the deep web
5. Facebook’s annual PR crisis

There have been several critical cyber attacks on national infrastructure, persistent exploitation of zero-day vulnerabilities, and most recently the Log4Shell vulnerability.

The cost of rebouncing from attacks is getting more costly as cyberspace becomes more crowded and connected.

This threat will become more severe as the global economy continues to digitalize.

Two trends will be at play in 2022

1. Increased awareness of cybercrimes and
2. Enhanced spends on cybersecurity solutions

Businesses have been terrorised by the likes of REvil and Emotet, which have also been sporadically and unexpectedly shut down as a result of increasing pressure from law enforcement.

7 Takeaways For CTOs From The Cybersecurity Attacks of 2021

1. Cyberattacks were common and costly in 2021, and this trend is expected to continue into 2022.
   From $3.86 million in 2020 to $4.24 million in 2021, the average cost of a data breach has increased, representing the highest total cost in the previous 17 years. IBM Security released its Cost of a Data Breach Report 2021. It is a global study that is based on in-depth analysis of real-world data breaches at over 500 organizations.
    
2. Corporations, governments, and consumers are committing more investments to cybersecurity. They are also enhancing the measures they are taking to safeguard themselves. It is expected that corporations will spend $172 billion in 2022, on cybersecurity.
    
3. Security of identities and networks, as well as endpoint security, will be major focus areas for cybersecurity efforts. Network security is expected to grow the fastest, at a rate of 24 percent over the five-year period 2021-2026.
    
4. In 2021, the digital world will reveal more of its flaws and vulnerabilities.
   Every day, the world generates an estimated 2.5 quintillion bytes of data (that’s 2.5 followed by 18 zeros), according to current estimates.

   This also means that hackers have
   > greater access to sensitive data than before
   > more opportunities to exploit this information
    

5. In particular, devices connected to the Internet of Things (IoT) will make significant contributions to the data pool.
   Approximately 14.6 billion IoT connected devices were estimated to be in use by the end of 2021. By 2022, that number will have increased by nearly 18 percent, and by 2027, it will have more than doubled.
    
6. The shift in the economy toward hybrid and remote work also creates significant opportunities for cybercriminals to profit from their activities.
   Even though pandemic-induced lockdowns became less common in the United States in 2021, up to 45% of full-time employees continue to work from home at least part of the time.
    
7. Work-from-home initiatives are likely to remain in place for the foreseeable future, whether as a result of new virus variants or employee preference. This will result in continued data vulnerabilities. Remote work was cited as a contributing factor in 17.5 percent of reported data breaches in 2021, according to the IBM report. The average cost of these breaches was 16.6 percent higher than the average cost of breaches in which remote work was not a factor.

Small or big, no one is exempt from hacks

The year 2021 saw a number of high-profile companies fall victim to costly cyberattacks.

1. Colonial Pipeline was the victim of a ransomware attack that resulted in a $4.4 million payout to the perpetrators.
2. CNA Financial paid ransomware hackers a total of $40 million to decrypt portions of their digital infrastructure that had been encrypted and from which the company had been locked out. 11
3. In addition, JBS, the world’s largest meat producer, was forced to shut down several of its plants as a result of a cyberattack.

These are just a few of the major attacks that targeted businesses last year, some of which resulted in multi-million dollar losses for the victimised organisations.

Beware: Ransomware Is A Big Business

According to IBM research, Sodinokibi (also known as Revil) ransomware operator, had:

1. Revenues of $123 million in 2020, with their largest single demand being $42 million
2. Two-thirds of their victims paid the ransom; 40 percent still had their data leaked
3. 58 percent of the victims were based in the United States, with the United Kingdom coming in second with 8 percent

According to Palo Alto Unit 42’s investigation into Covid-themed phishing: In 2020, approximately 70,000 coronavirus-themed phishing URLs were used, with the majority of them attempting to steal business credentials.

According to Emsisoft research:

“The United States has been subjected to an unprecedented and unrelenting barrage of ransomware attacks in 2019.”

In 2020, double extortion was the dominant ransomware technique:

1. At the start of the year, Maze was the only ransomware operator to employ double extortion.
2. It is estimated that 18 ransomware operators will be engaged in double extortion by the end of 2020.
3. At least 560 healthcare facilities were impacted by 80 separate ransomware incidents.
4. PHI and other sensitive data was stolen and published online in at least 12 incidents.

Recent cyberattacks have prompted an increase in cybersecurity spending.

1. Even the most sophisticated solutions may not be able to completely eliminate all vulnerabilities. But they can stymie many threats and aid in the prevention of the worst-case scenario from occurring.
2. Companies, the United States government, and consumers all demonstrated a growing awareness of cyber threats in 2021, as well as a commitment to taking preventive measures.

The disruption caused by security breaches is well understood by corporations.

Ransomware victims, as well as their suppliers, customers, and competitors, are all well aware of the dangers.

Warning: The Cost Of Rebounding From Ransomware Is Huge

The cost of rebounding from ransomware damages outweighs the cost of investing in appropriate solutions.

1. Large enterprises spend an average of $2–5 million on cybersecurity each year, with a single ransomware attack costing an average of $4.62 million to a company.

The high cost is one of the reasons why, according to a recent survey of more than 3,000 executives, 69 percent of respondents predicted that cybersecurity spending would increase in 2022.

According to one estimate, spending on data protection and risk management could rise by 11 percent between 2021 and 2022, reaching $172 billion.

The Most Important Cybersecurity Threat Today Is In…

With the proliferation of remote work, organisations must ensure that only authorised individuals have access to critical data, resources, and apps.

That makes Identity Security the key area for cyber investments.

Sub-sectors within this vertical include

1. Identity and Access Management (IAM)
2. Privileged Account Management (PAM), and
3. Identity Governance & Administration (IGA)

Between 2021 and 2026, it is expected that these sub-segments will grow at an average compound annual growth rate (CAGR) of 19 percent.

Companies in this vertical are responsible for safeguarding the integrity, confidentiality, and accessibility of a network against misuse or unauthorised access.

Overly permissive networks can lead to the spread of cyberattacks horizontally (that is, from one user to another) once a single individual has been compromised.

Specific industries and segments where this will be evident are:

1. Manufacturing
2. IoT
3. Cloud Services

How The Federal Government Tackles Cybercrime

In May 2021, President Biden signed an executive order with the goal of modernising federal cybersecurity capabilities, standardising response strategies to cyberattacks, and increasing information sharing requirements for government contractors.

A national security memorandum signed by Vice President Joe Biden in July, is intended to protect critical infrastructure, such as electric and water distribution systems and transportation systems.

All of these measures were translated into real dollars by the Infrastructure Investment and Jobs Act, which allocates $1.7 billion in dedicated spending and an additional $7 billion in potential spending to improving the country’s cybersecurity.

Also in 2021, the Senate unanimously confirmed the White House’s first national cyber director, who was appointed by President Barack Obama.

Congressional passage of the National Defense Authorization Act of 2021 resulted in the creation of the position, signalling an increased emphasis on cybersecurity in future administrations.

How You And I, Are Affected By Cybercrime

Consumers are responsible for a small but growing portion of cybersecurity expenditure.

1. Approximately 53% of consumers have been the victim of at least one cybercrime, prompting many to take precautions such as personal virtual private networks (VPNs), two-factor authentication, and identity theft protection services to protect themselves.
2. Individuals faced increased risks as a result of the pandemic, as emboldened scammers took advantage of the increased amount of time consumers spent online. As of October 2021, Americans had lost $586 million as a result of COVID-related scams.
3. Consumers, on the other hand, are acutely aware of the increased danger. The pandemic’s impact on online activity resulted in nearly 40% of adults taking precautionary measures to protect their online activity last year.
4. Consumers’ adoption of cybersecurity services could be accelerated if they adopt digital protection habits learned during the pandemic.

How Companies Can Protect Themselves

Using Zero Trust Networks (ZTNs), for example, users can access internal applications without having to connect to a company’s network or expose themselves to the public internet.

There are several cybersecurity sub-segments within this vertical, including

1. Zero Trust Network Access (ZTNA)
2. Software-Defined Wide-Area Networking (SDWAN)
3. Network Detection and Response (NDR)
4. Firewall / Next-Generation Firewall / Unified Threat Management (UTM),
5. Secure Access Service Edge [SASE]

These sub-segments are built-in security requirements for the management and protection of sensitive machine-generated data.

They are not separate security requirements. Cybersecurity sub-segments within this vertical include Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP).

Between 2021 and 2026, the Endpoint Security vertical is expected to grow at a compound annual growth rate (CAGR) of 8 percent.

Beyond these rapidly expanding areas, cybersecurity companies are increasingly considering mergers and acquisitions.

Customer data is typically protected by a patchwork of different cybersecurity providers, as most cybersecurity providers specialise in specific verticals. This dynamic can result in costly delays and other potentially damaging inefficiencies.

In fact, the average data breach was discovered and contained in 287 days in 2021, according to the National Institute of Standards and Technology.

As part of an effort to improve protection capabilities from beginning to end, several prominent cybersecurity providers were merged and acquired during the year 2021.

The acquisitions of Humio by CrowdStrike Holdings for $352 million and IntSights by Rapid7 for $335 million, respectively, were noteworthy transactions that allowed the companies involved to field more integrated product offerings.

The Next Steps For CTOs

More data, spells more breaches

The world’s ongoing digital transformation will only increase the likelihood of similar attacks occurring in the future.

The lessons from digital protection in 2021 will help to accelerate the adoption of cybersecurity services by companies, the government and individuals, in the future.

Following the recent financial commitments made to thwart cybercriminals, cybersecurity companies will benefit from the all-round investments in 2022.

Long-term investment in cybersecurity will rise

This is forecast to grow at an average CAGR of 24 percent between 2020 and 2026.

Endpoint security is important

The explosion of internet-connected devices creates new entry points for hackers.

This increases the difficulty and complexity of effectively managing security for both businesses and individuals alike.

IoT will add more security layers

Successful IoT installations only mean multi-layered, end-to-end security.