2022 cybersecurity must-know

Organizations increasingly rely on technology to deliver the best and safest interaction experience, not just for their customers, but for suppliers and employees.

In addition to technologies such as the Cloud and the Internet of Things (IoT), the adoption of the 5G network brings numerous benefits to people and companies. These technologies bring with them an increase in the cyber attack surface that can be exploited by malicious users to gain improper access to infrastructure, steal or destroy data and cause irreversible damage.

Thus, to ensure business continuity, security leaders need to know the main threats of the present, thus prioritizing investments and efforts that will bring good future results. And for 2022, as technologies evolve and countries pass new data protection laws, cybersecurity experts present their predictions for the new year. You will find some of these trends in more detail in the Cybersecurity Trends for 2022 webinar.

According to Cisco, connected devices should reach the 29 billion mark by 2023, including essential sectors such as utilities, smart cities and healthcare, which we call critical infrastructure. Gartner estimates that by 2025,

malicious agents will turn these environments into weapons to cause even human deaths.

In this way, attacks on so-called critical infrastructure, such as generation and distribution of energy, water and gas, can have serious impacts not only on organizations but also on governments and society. And this is one of the biggest challenges for cybersecurity teams, ensuring the functioning of these services and preventing malicious actions against critical infrastructure.

The jargon “data is the new oil” is already well known in the market. And speaking of data leaks, the trend is for news of this type of incident to be even more frequent and the volume of data affected, even greater.

One of the ways that countries have found for organizations to guarantee the protection of personal data processed is through the elaboration of specific laws. In this regard, China and Saudi Arabia were some examples of countries that have passed data protection laws.

Gartner, for example, estimates that,

by 2023, the personal data of 75% of the world's population will be covered by specific personal data protection legislation.

In 2021 we saw (once again) an increase in attacks involving ransomware. And the trend is that new records of infection by this type of malware are reached. According to a SonicWall study, there were

a 148% increase in attacks involving ransomware in the year 2021. The expectation is that we will end the year with this number reaching 700 million in this type of attack.

The development of Ransomware-as-a-Service also made it possible to scale the process of creating and breaking into devices and infrastructure. In this way, even people with little programming experience can spread ransomware and perform malicious actions.

The increase in cyber attacks has created a huge demand for organizations to create and enforce their cybersecurity policies. However, the market is experiencing a shortage of qualified personnel to prevent, detect and combat cyber-attacks.

According to a study by the Information Systems Security Association and ESG, 62% of professionals surveyed experienced an increase in workload, with 38% indicating unfilled vacancies, as did the burnout rate of cybersecurity professionals. ISC2 estimates that, despite the 15% reduction, there are still 2.72 million vacancies in this market.

Still talking about people, we often say that it is useless to invest in state-of-the-art cybersecurity solutions without properly addressing the weakest link in this chain: people. And this process must be continuous, considering that the techniques used by malicious attackers are constantly evolving. In this way, it is necessary to invest in the training not only of personnel in the information security area, but also to work on the cyber awareness of employees in other areas.

With the increase in the attack surface, one of the ways to scale the incident detection and response processes is through the use of tools based on Artificial Intelligence and Machine Learning. And solution providers will use these technologies in the development of their solutions, with the aim of reducing operational costs and attack response times as much as possible.

Cyberattacks involving SolarWinds and Kaseya are good examples of incidents involving the supply chain in 2021. And the tendency is for malicious attackers to exploit service providers to reach as many organizations as possible. Or that governments use these strategies to carry outattacks against other nations' critical infrastructure to steal data and cause damage.

The migration to remote work models has eliminated the concept of a security perimeter. Considering this fact, the new security models are based on the concept of Zero Trust, or Zero Trust. The Zero Trust concept provides that all users and devices must be constantly verified, eliminating all levels of trust in the infrastructure.

Demand for Zero Trust-based architectures and functionality will increase in 2022, forcing security leaders to adopt this type of approach. senhasegura Domum is an example of a solution developed taking into account aspects related to Zero Trust.

We expect 2022 to be even more challenging in terms of cybersecurity. With more attacks and fewer people able to respond to these threats, security leaders will have a tougher job fighting cybercrime. And with security risks increasingly linked to business risks, ensuring the protection of customer, partner and supplier data is more than a demand, it's a business requirement.