Changes to Cyber Security every CISO needs to know about in 2022

It’s not good enough to be just cyber aware; today, every Chief Information Security Officer (CISO) needs to be prepared for all sorts of attacks that their organisation can encounter whilst simultaneously being equipped to deal with the problems that come from them.

Staying ahead of the game and being prepared is essential. That’s why your CISO needs to be ready for changes and challenges regarding Cyber security in 2022. There are many on the horizon and being prepared today means being able to deal with issues before they ever come up. 

In this article you will learn what the cyber security stats were in 2021, predictions for 2020 and further information on what the threats posed to organisations can look like. 

Cyber Security Stats - 2021

Cyber security has changed the way that organisations understand and look at threats aside from the day-to-day elements which are out of their control such as the economy or political decisions. 2021 was a year of rapid change - largely due to the pandemic. As businesses started to re-open and ramp up to pre-pandemic volumes, the number of cyber attacks equally increased.
Here are some brief cyber security stats from 2021, in brief;

  • Massive increase in cybercrime
    • Indicated to be up by around 600% 
    • Due to the COVID-19 pandemic
  • Explosion in remote working / WFH
    • Due to the pandemic
  • Average cost of a data breach increased by 10%
    • Due to more people WFH.
    • …the cost of a data breach in 2021 is US$ 4.24 million, this is a 10% rise from the average cost in 2019 which was $3.86 million.
  • Over half a million Zoom accounts were compromised and sold on the dark web.
    • Zoom became a favoured video conferencing platform in 2021.
  • The cybersecurity talent gap has widened in 2021
    • Vacancies for cyber security professionals in the US are indicated to have grown by around 38% between 2019 and 2022.
  • Sophisticated cyber crime services have become more accessible on the dark web. E.g. Rasomware as a service (RaaS).
  • Nearly 43% of cyber attacks happened to small businesses
    • Small businesses are more likely to be targeted by criminals as they won’t necessarily have experts in place to identify and help with cyber crime. 
  • 95% of cyber breaches are because of human error 
    • Employees need to be provided with proper training and the appropriate tools to reduce the changes of cybersecurity breaches from happening.
  • Only 16% of executives say that they are prepared for a cyberattack 
    • Growth in most industries depend on technology such as artificial intelligence (AI), advanced analytics, and the internet of things (IOT). 
  • 89% of healthcare providers experienced a cyber breach in the last 12 months
    • The healthcare industry is the number one most targeted industry for cybercrime.

Cyber Security Predictions for 2022

There is no crystal ball that we can use to predict the future - precisely however, we can use our knowledge of systems and what the kinds of attacks that are going to take place will mean for organisations to manage with the complex nature of these programs. 2021 beckoned in a very challenging year for cyber security - and these challenges are persisting into 2022.

There’s an old saying that goes something like, “failing to prepare is preparing to fail.” Here are our predictions when it comes to your cybersecurity requirements for 2022. 

Greater Risk from Smart Devices

  • Internet of Things (IoT) and increased deployment of smart devices will inevitably result in more cyber threats in 2022. From being able to control banal systems like lighting and heating to hardware and software in an office environment. This all couples to make a greater threat to organisations. 

Cyber Crime Becomes More Sophisticated and Dangerous

  • During the pandemic, cyber criminals have learned a lot and taken a more sophisticated approach to dealing with counter threat measures. In 2021, cyber criminals have become increasingly smarter and quickly retooled their knowledge and skills into responding to precautions and protections.
  • As noted - cyber criminals are even offering ransomware-as-a-service (RaaS) on the darkweb.
  • It has been suggested that:
    • “...Cyber criminals could weaponise operational technology environments to harm or kill humans in the next four years…”

Remote Working Brings New Security Challenges

  • Thanks to many organisations changing the way they work and the growth of home working since the start of the pandemic, 2022 promises to continue with these security issues that were originally instigated by the pandemic
  • Security threats will become more compounded with individuals on a network being more at risk of infecting wider systems and devices.
    • Devices used by home workers are often not subject to the same security precautions as devices in the office. They may not run security software or they may not have appropriate firewalls installed to protect the device from ransomware attacks
  • The greater the risk to individual systems the more stressful this can be for the CISO. It will mean having to work with individuals to get them up to speed and even take longer to ensure that cybercrime is stopped per device. 

Cybersecurity Talent and Skills Shortage Will Get Worse

  • There has been a huge shortfall in cybersecurity expertise and skills and the reality is that it is not getting any better. In 2022, we are expected to see this increase significantly. 
  • Due to the shortage this will impact businesses that don’t have the necessary knowledge / capabilities.

Machine Learning and AI Tools Increasingly Used for Automated Cybersecurity

  • Machine learning and AI have already begun to revolutionise the cybersecurity software tools market. From identifying vulnerabilities to strengthening the security measures required to protect against attacks. They do this by recognising long strings of code, patterns and even behaviours to persistently fight against advanced attacks. 
  • This means that security measures are becoming faster and that automated threat detection is getting simpler. 
  • One advantage to this is that cybersecurity professionals will be making greater use of these tools and resolving issues before they even appear. 

API Security is a Growing Concern

  • APIs (Application Programming Interface) have grown exponentially meaning that we have our logins and permissions connected with third party applications, boosting security threats. 
  • Security professionals are struggling to deal with these significant challenges as one site or program can cause a myriad of problems. 

Regulations and Penalties Likely to Increase

  • It’s becoming clear that countries are waking up to the need for rigorous cyber security, data security and privacy regulations and laws. (E.g. GDPR and the Californian Consumer Privacy Act)
  • Penalties for breaches are likely to become tougher with the European Court even imposing jail terms for mass security violations.

Cryptocurrency Security Risks will Increase

  • There was a lot of growth in the crypto market in 2021, so as the cryptocurrency market expands and more users get involved - crypto related cyber crime is also likely to increase.
  • This is where we can expect to see a growth in ransomware attacks and even more sophisticated blockchain ransoms in the coming years. 

Cloud Workload Security is a Priority

  • Because of WFH solutions and more mobile employee scenarios, there has been a boom in the growth of cloud based systems.
  • Cloud-based applications and workloads require a different approach to security than traditional, on-premises applications. From biometric access to VPN connections for more sensitive applications. 
  • Organisations will need to address these security challenges.

Millennials will Takeover the C-Suite

  • The average age of a CEO hire is around 54. This presents an opportunity for a younger workforce but also, an opportunity for millennials people born between 1981 and 1986) will increasingly be employed in senior executive roles.
  • They will have grown with technologies and are more aware of the threats that cybercrime can present to organisations. Being aware and being prepared can better identify threats for the future. 

In Conclusion 

Cyber security has changed the way that organisations understand and look at threats aside from the day-to-day elements which are out of their control such as the economy or political decisions. Failing to prepare is preparing to fail which is why understanding what is a cyberthreat and how it can be best managed is important. 

If you’re looking to protect your organisation or evaluate your cybersecurity requirements or challenges: Tel: 01252 917000 , email enquiries@bluefort.com or get in touch with us via our contact form