Cyberattacks are becoming more complex and sophisticated. What can we expect in 2022?
Cyberattacks have become increasingly sophisticated and complex in recent years be and pose several threats to businesses. One of the main reasons for this is the increased prevalence of off-the-shelf ransomware, according to the IT security firm NCC.
“Over the last year, we have seen a consistent uplift in sophisticated cyberattacks, particularly following the rise in off-the-shelf ransomware variants in recent years, which can have a significant impact on businesses,” explains Matt Lewis, commercial research director at NCC Group. "Our Strategic Threat Intelligence team is seeing ever-evolving tactics from ransomware groups. For example, threat actors are increasingly using data theft and the threat of extortion to pressure their victims into sending a ransom.”
This means that having a proactive security strategy in place - with a fully-formed plan to detect and respond to attacks effectively - is critical for all businesses.
This stresses projections from other agencies. In an earlier report, Cybersecurity Ventures had suggested that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Spending on cybersecurity will also grow beyond $1 trillion from 2017 to 2021.
Smart home’s precarious position
A home filled with smart devices could be targeted by over 12,000 attacks in a single week, according to an investigation by Which? supported by NCC. Citing this finding, Lewis pointed out that this highlighted the scale of the issue at hand.
Cybersecurity will be one of the biggest challenges that the smart home industry is set to face in 2022. This is concerning because the US alone is set to have 63 million connected homes by next year, according to Berg Insights. As more and more devices become connected and integrated, the vulnerability rises, providing more opportunities for hackers.
As consumers deal with cybersecurity, some of the biggest concerns are the extent of the vulnerability, what devices may be considered weak, and what makes them so. Lewis indicated that certain key measures from the customer and the manufacturer could lower the risk.
“Devices with poor encryption, access control measures, and anti-tamper protection are all at risk,” said Lewis. “It's important that manufacturers factor security into the manufacturing process for every product, and ensure that end users are educated about the risks and how to mitigate them.”
Many manufacturers and experts continue to point out that people are the weakest link in cybersecurity. Weak passwords, default passwords, and sloppy approaches regarding upgrades and updates are all the usual issues. While these are all valid, we cannot deny that some attackers are smart enough to circumvent even the toughest measures.
Also read: How to make the most of hybrid cloud in physical security
Potential for large-scale attacks
The year 2021 saw some of the biggest and complex cyberattacks ever. If SolarWinds and Kaseya are any indications, we could see more attacks that exploit the supply chain to access large numbers of customers simultaneously. The worrying part is that this could be initiated either by criminals or nation-states that would have endless resources at hand.
Dealing with cybersecurity in the coming years will depend on how quickly organizations can adapt to their changing attach methods. The pandemic continues to make hybrid work a part of most industries, and companies are forced to deal with multiple network connections. A consolidated approach to IT and OT would be necessary for businesses to deal with cybersecurity threats in the future.
Shortage of skilled workers
Perhaps the biggest problem is not the sophisticated nature of the increased vulnerability but the lack of skilled professionals to deal with them. Writing in Forbes recently, James Legg, President, ThycoticCentrify, pointed out that there are nearly 465,000 unfilled cyber jobs in the US.
“Recruitment is difficult,” Legg writes. “Once hired, employees often face huge workloads, triggering a high rate of burnout that results in even more job vacancies. Organizations of every type are being hurt by the shortage, which is confirmed by an explosion in cybersecurity job postings now three times greater than the overall IT market, even though cybersecurity accounts for just 13 percent of all IT jobs.”
Cybersecurity issues are here to stay and will only get more challenging in the future. Businesses and experts need to think out of the box and be flexible as threats evolve. Getting more talented people interested in this field is also necessary.