2021 has been a record year for cyber security. We’ve surpassed 2020 in terms of the number of reported cyber events and with ransomware attacks seemingly making the headlines daily, there’s no sign of things slowing down. Constantly evolving in scale and sophistication, cyber criminals are set to persist into 2022 – with an extra bite.

An increase in mobile malware, human operated ransomware and advanced deepfake technology are among the evolving threats that all businesses should look out for in the coming months. And failure to manage these risks could seriously compromise the security of businesses, critical national infrastructure, remote workers and supply chains.

In 2022, we expect to see an increase in the automation of cyber attacks, driven largely by new technologies such as artificial intelligence and machine learning, which will remove some of the mistakes made by cyber criminals. Human operated ransomware will be the biggest cyber risk and will only increase as wormable variants such as Log4j are used more. Cyber criminals will exercise a higher level of offensive security knowledge to gain access to organisations and survey the environment for extended periods of time before launching a potentially devastating attack on data and systems.

At the same time, with remote and hybrid models now commonplace, we expect to see a large increase in mobile malware attacks in 2022. Cyber criminals will evolve and adapt their techniques to exploit the growing reliance on mobile devices and remote working. Although rising phishing attacks are nothing new, social engineering techniques will become more technologically convincing as deepfake innovations take flight. Newly remote employees will be particularly vulnerable to phishing emails under the guise of legitimate system updates.

We can also expect hackers to continue to set their sights on lucrative targets such as supply chains and cloud providers to maximise ransom value and payments. There have already been precedents: last year saw several hacker groups arrive, cause large-scale disruption and then promptly vanish, only to repeat the process months later. Buoyed by their success, hackers-for-hire and other nefarious groups will now use dark web forums to grow in volume and launch attacks on already vulnerable supply chains.

A new approach rooted in zero-trust

With hybrid working here to stay, zero-trust is set to be the de-facto cyber security approach in 2022. System-wide multi-factor authentication and extended detection and response will become the technologies of choice for zero-trust, enabling rapid detection and response of threats across endpoint, network, web and email, cloud and, crucially, identity.

As the speed and complexity of attacks grow, so too will the cyber skills shortage. This Catch-22 will see companies turn towards hybrid security operations centres to plug gaps in defences and combine existing in-house skills with the expertise of a managed security service provider. Demand for services such as managed detection and response will rocket as organisations seek to implement early warning systems to alert on signs of a potential breach. Security orchestration automated response solutions, will also be critical in helping to improve the efficiency of security operations.

Security as an enabler

While digital transformation became a necessity for businesses in 2021, in 2022, we expect to see more companies using cyber security transformation as a driver for digital transformation. Cyber security will shift from a box-ticking exercise to a business enabler, with CISOs and CIOs working directly with the CEO to develop an adaptive and customisable security model to ensure cyber security is as strong as possible before broadening the attack surface further.

Organisations will need confidence that their systems, data and processes remain protected, regardless of how the threat landscape evolves. The only solution lies in developing an agile and adaptive security strategy that strengthens defences and drives efficiencies.

Share Story: