Changes to Cybersecurity Every CISO Needs to Know About in 2022

It’s not good enough to be just cyber aware. Today, every Chief Information Security Officer (CISO) needs to be prepared for all sorts of attacks that their organisation can encounter, whilst simultaneously being equipped to deal with the problems that come from them.

Staying ahead of the game and being prepared is essential. That’s why your CISO needs to be ready for changes and challenges regarding cybersecurity in 2022. There are many on the horizon, and being prepared today means being able to deal with issues before they ever come up. 

In this article you will learn what the cybersecurity stats were in 2021, predictions for 2020, and further information on what the threats posed to organisations can look like. 

Cybersecurity Stats – 2021

Cybersecurity has changed the way that organisations understand and look at threats, aside from the day-to-day elements which are out of their control such as the economy or political decisions. 2021 was a year of rapid change largely due to the pandemic. As businesses started to re-open and ramp up to pre-pandemic volumes, the number of cyber attacks equally increased.

Here are some brief cybersecurity stats from 2021, in brief:

  • Massive increase in cybercrime:
    • Indicated to be up by around 600%
    • Due to the COVID-19 pandemic
  • Explosion in remote working/WFH
    • Due to the pandemic
  • The average cost of a data breach increased by 10%
    • Due to more people WFH
    • The cost of a data breach in 2021 is US$ 4.24 million, this is a 10% rise from the average cost in 2019 which was $3.86 million.
  • Over half a million Zoom accounts were compromised and sold on the dark web.
    • Zoom became a favoured video conferencing platform in 2021.
  • The cybersecurity talent gap has widened in 2021
    • Vacancies for cybersecurity professionals in the US are indicated to have grown by around 38% between 2019 and 2022.
  • Sophisticated cyber crime services have become more accessible on the dark web e.g. Ransomware as a service (RaaS).
  • Nearly 43% of cyber attacks happened to small businesses
    • Small businesses are more likely to be targeted by criminals as they won’t necessarily have experts in place to identify and help with cyber crime.
  • 95% of cyber breaches are because of human error
    • Employees need to be provided with proper training and the appropriate tools to reduce the changes of cybersecurity breaches from happening.
  • Only 16% of executives say that they are prepared for a cyber attack
    • Growth in most industries depend on technology such as artificial intelligence (AI), advanced analytics, and the internet of things (IOT).
  • 89% of healthcare providers experienced a cyber breach in the last 12 months
    • The healthcare industry is the number one most targeted industry for cybercrime.

Cybersecurity Predictions for 2022

There’s an old saying that goes something like, “failing to prepare is preparing to fail.” Here are our predictions when it comes to your cybersecurity requirements for 2022. 

Greater Risk from Smart Devices

Internet of Things (IoT) and increased deployment of smart devices will inevitably result in more cyber threats in 2022. From being able to control banal systems like lighting and heating – to hardware and software in an office environment. This all couples to make a greater threat to organisations.

Cyber Crime Becomes More Sophisticated and Dangerous

  • During the pandemic, cyber criminals have learned a lot, and taken a more sophisticated approach to dealing with counter threat measures. In 2021, cyber criminals have become increasingly smarter and quickly retooled their knowledge and skills into responding to precautions and protections.
  • As noted – cyber criminals are even offering ransomware-as-a-service (RaaS) on the darkweb.
  • It has been suggested that, “cyber criminals could weaponise operational technology environments to harm or kill humans in the next four years…”

Remote Working Brings New Security Challenges

  • Thanks to many organisations changing the way they work, and the growth of home working since the start of the pandemic, 2022 promises to continue with these security issues that were originally instigated by the pandemic.
  • Security threats will become more compounded with individuals on a network being more at risk of infecting wider systems and devices.
    • Devices used by home workers are often not subject to the same security precautions as devices in the office. They may not run security software, or they may not have appropriate firewalls installed to protect the device from ransomware attacks.
  • The greater the risk to individual systems, the more stressful this can be for the CISO. It will mean having to work with individuals to get them up to speed, and even take longer to ensure that cybercrime is stopped per device.

Cybersecurity Talent and Skills Shortage Will Get Worse

  • There has been a huge shortfall in cybersecurity expertise and skills, and the reality is that it is not getting any better. In 2022, we are expected to see this increase significantly.
  • Due to the shortage, this will impact businesses that don’t have the necessary knowledge/capabilities.

Machine Learning and AI Tools Increasingly Used for Automated Cybersecurity

  • Machine learning and AI have already begun to revolutionise the cybersecurity software tools market, from identifying vulnerabilities, to strengthening the security measures required to protect against attacks. They do this by recognising long strings of code, patterns and even behaviours, to persistently fight against advanced attacks.
  • This means that security measures are becoming faster, and that automated threat detection is getting simpler.
  • One advantage to this is that cybersecurity professionals will be making greater use of these tools and resolving issues before they even appear.

API Security is a Growing Concern

  • APIs (Application Programming Interface) have grown exponentially, meaning that we have our logins and permissions connected with third party applications, boosting security threats.
  • Security professionals are struggling to deal with these significant challenges, as one site or program can cause a myriad of problems.

Regulations and Penalties Likely to Increase

  • It’s becoming clear that countries are waking up to the need for rigorous cybersecurity, data security and privacy regulations and laws. (E.g. GDPR and the Californian Consumer Privacy Act)
  • Penalties for breaches are likely to become tougher with the European Court, even imposing jail terms for mass security violations.

Cryptocurrency Security Risks will Increase

  • There was a lot of growth in the crypto market in 2021, so as the cryptocurrency market expands and more users get involved – crypto-related cyber crime is also likely to increase.
  • This is where we can expect to see a growth in ransomware attacks and even more sophisticated blockchain ransoms in the coming years.

Cloud Workload Security is a Priority

  • Because of WFH solutions and more mobile employee scenarios, there has been a boom in the growth of cloud-based systems.
  • Cloud-based applications and workloads require a different approach to security than traditional, on-premise applications. From biometric access, to VPN connections for more sensitive applications.
  • Organisations will need to address these security challenges.

Millennials Will Takeover the C-Suite

  • The average age of a CEO hire is around 54. This presents an opportunity for a younger workforce but also, an opportunity for millennials (people born between 1981 and 1986) will increasingly be employed in senior executive roles.
  • They will have grown with technologies and are more aware of the threats that cybercrime can present to organisations. Being aware and being prepared can better identify threats for the future.

In Conclusion 

Cybersecurity has changed the way that organisations understand and look at threats, aside from the day-to-day elements which are out of their control, such as the economy or political decisions. Failing to prepare is preparing to fail, which is why understanding what is a cyberthreat and how it can be best managed is important. 

If you’re looking to protect your organisation or evaluate your cybersecurity requirements or challenges, Call BlueFort on 01252 917000 , email or get in touch with us via our contact form

Get in touch with BlueFort