As any security professional is all too aware, cybersecurity is continuously evolving in light of changing technology and threats. It can feel hard to keep up, but it’s crucial for your company’s security that you stay in the know.
With that in mind, let’s look at how cybersecurity may be changing in 2022 and beyond:
A Greater Emphasis on Cybersecurity Awareness Training
In recent years, it’s become clear that cybersecurity incidents are more influenced by people than they are by technology. The data reveals that more than 80% of breaches are caused by some form of human error, not weaknesses in technical security.
Since people are often connected to cyberattacks, it only makes sense to support and empower them with the knowledge they need to properly defend against targeted threats. As social engineering and other forms of people-focused attacks become more prevalent, your team will become an increasingly important part of your company’s defensive strategy.
Geo-Targeted Phishing Threats
Phishing, one of the most common forms of cyberattack, has been around for decades and continues to become more sophisticated. Social engineers are now going to greater lengths to deceive users over email—and more recently, phone (vishing) and SMS messages (smishing)—weaving intricate pretexts to hyper-target their victims. It’s part of the reason why 32% of all data breaches result from phishing emails.
In the near future, we predict that phishing threats will only get more and more personalized and localized. For example, the FBI along with other governing bodies receives complaints all the time about shopping scams, which it compiles in its annual Internet Crime Report. One concern that is trending involves businesses using deceptive “Contact Us” information to claim a physical address in one country while the company is actually located elsewhere. In the future, could a social engineer create misleading content like this to convince you to trust their “local” business?
More and More Remote Workers and Cyberattacks
For years we’ve been seeing businesses switch to remote operations—with the COVID-19 pandemic only exacerbating the increase in work-from-home employees. Cybercriminals have been capitalizing on the remote work landscape, targeting unprotected home networks, spoofing legitimate Wi-Fi networks, and more to use home connections as a way into corporate servers. Expect to see this trend continue (and likely increase) in 2022 and beyond. While threat actors are in full force trying to exploit remote teams, businesses that invest in remote-specific security awareness training can be better prepared.
More Sophisticated Artificial Intelligence and Machine Learning
Artificial intelligence (AI) and machine learning (ML) have made rapid developments in the last few years. They’re now a staple within the cybersecurity industry for helping IT professionals improve threat detection, aiding in our journey towards combating digital vulnerabilities. However, while AI and ML are being used to help build mightier defenses, cybercriminals are leveraging them to crack passwords, bypass authentication measures, and more.
A recent example of the incredible power of AI is deepfake videos: the product of AI and ML analyzing hours and hours of pictures and videos to generate believable footage of a person on camera. While we probably don’t have to worry about these deceptive videos being used against businesses in 2022, the technology could come a long way in just a few years, making it a more scalable and approachable threat.
The Rise of Ransomware
You may have noticed in 2020 and 2021 that ransomware-related cyber breaches were making headlines left and right. But many wondered if breaches were really increasing or if they are just becoming more high profile. Between 2019 and 2020, ransomware attacks indeed rose by 62% worldwide. Many speculate these attacks are rising because companies are often willing to actually pay the ransom to gain back access to their data and systems.
Further proof that ransomware attacks are becoming more mainstream is the creation of ransomware as a service (RaaS) groups, which design the malware script that serves as the base for highly targeted attacks. The accessibility of this base code allows cybercriminals to springboard their attacks, meaning cybersecurity professionals everywhere should expect more ransomware exploits in the coming years.
One survey by Google found that 75% of respondents get frustrated trying to keep track of their passwords, juggling handfuls of unique passwords across dozens of different platforms. Because of this, many people use easy-to-guess variations of passwords, putting them at high risk of account breaches.
To combat password fatigue, more and more organizations are moving away from passwords and using other forms of authentication to grant users access instead. For example, some organizations are testing biometric data, physical security keys (AKA tokens), and similar forms of entry. On modern smartphones, the facial recognition feature is probably the most common example of a passwordless entry. Other examples include location, IP address, and fingerprint, which we may see more of for personal and business protection alike.
Stay In the Know With Living Security
Interested in keeping up with the latest news in the world of cybersecurity? Join the Living Security Community and meet like-minded professionals eager to share upcoming trends. It’s a cybersecurity professional’s haven for sharing ideas and resources with peers.