2021 was a tumultuous year for cybersecurity and, unfortunately, we saw the effects of successful cybersecurity attacks across major companies and industries. The trends we observed in 2020 largely continued in 2021. Ransomware attacks continued to increase and a few major hacks dominated news media around the world.
The Colonial Pipeline attack showed how devastating these ransomware attacks could be, and the immediate impact to supply chains and municipal infrastructures. The aftermath of 2020’s SolarWinds hack was also at the top of most companies’ minds in the beginning of 2021 and the end of 2021 reminded us that zero-day exploits are some of the most worrisome threats out there, with the discovery of the log4j vulnerability.
What does 2022 look like for cybersecurity? We’ve got a few cybersecurity predictions and corresponding advice so you can be prepared in this new year.
1. Ransomware will continue to ramp up
Since COVID, ransomware began trending up rapidly and we expect that the number of attacks and compromises will only get worse in 2022. The new ransomware evolutions that we’ve seen develop over the last few years may come in full force this year, so organizations need to be prepared.
Double and triple extortion attacks will be the norm
Ransomware attacks don’t just stop at encrypting your files. They’ll threaten to release your sensitive files to the public or hit your network with a DDoS attack to push you to pay up. As these attacks become more relentless, organizations will find it difficult to ignore ransomware prevention.
Ransomware will find its way in via more targeted ways
Malicious attackers are finding other ways to target organizations with ransomware and leveraging tools beyond traditional phishing and spam emails. They’re looking for other ways into an organization, exploiting vulnerabilities or third parties to increase their odds of success.
RaaS will be much more common
The use of RaaS (ransomware as a service) is a recent trend that’s likely to become more common in 2022. Ransomware continues to be lucrative and smaller players are likely to join in on RaaS, increasing their odds of success and their financial gain.
Attacks will cast a wider net
Equipped with new methods of attacks and additional resources, hackers are likely to increase the volume of attacks and target even more companies. They’ll widen their scope of industries and likely target smaller and newer companies who don’t have the robust cybersecurity budget larger enterprises have.
YOUR MOVE: Prioritize protecting all endpoints and adopt a more comprehensive cybersecurity strategy to deal with these new ransomware developments. To learn more, check out our ransomware security infographic.
2. Companies will continue to struggle with the cybersecurity talent shortage
The talent shortage has always been a problem in cybersecurity — there just aren’t enough skilled employees to fill the cybersecurity needs organizations have. This problem is especially challenging for SMEs.
Major corporations are writing huge paychecks to attract cybersecurity talent and build out major cybersecurity departments. Bank of America spends upward of $1B on cybersecurity alone, and they’re not the only company with large cybersecurity budgets.
SMEs are also forced to compete with traditional cybersecurity vendors and corporations. The cybersecurity market is expected to grow by nearly $200B by 2025, increasing by a 15% annual growth rate. By the nature of these companies, they’re looking to attract the best and brightest cybersecurity minds, leaving smaller companies with a limited talent pool that traditionally has higher turnover rates.
This will lead to companies having little to no cybersecurity resources at their disposal, meaning they’ll be struggling to keep their organization secure. Ultimately, this turns into a significant risk management issue, even if organizations invest in cybersecurity tools. The right tools can’t work as well if there’s no team to use and manage them properly.
YOUR MOVE: Invest in a cybersecurity partner like a modern MSSP. Rather than just investing in tools, companies can work with a managed security partner who will essentially provide security expertise, tools, guidance, and 24/7 protection.
3. Cyber insurance will become a costly necessity
Over the last decade or so, cyber insurance has gained in visibility and is a recommended expense that all companies should consider. It acts to lower the financial burden companies face as a result of a compromise or other successful cybersecurity attack.
But the cyber insurance market is changing rapidly in reaction to a more hostile environment and rise in the number of SMEs trying to get insured. We recommend companies to consider these changes in 2022, especially if you don’t have cyber insurance.
To better prepare your organization for cyber insurance, keep in mind the following:
Investing in cybersecurity lowers premiums
Much like auto or home insurance, the more steps you take to lower the risk of a data breach or hack, the lower your cyber insurance cost may be. If you take the time to invest in some cybersecurity fundamentals and must-haves, not only are you improving your cybersecurity posture, you’re also lowering your cost.
You will have to meet certain security requirements
Depending on the cyber insurance you need, you’ll have to meet some often complex requirements before you’re able to get covered. While this depends on a per-policy basis, some basic examples may include:
- Having updated AV and a firewall in place
- Having a cloud-based external back up of your files
- Having user access controls and permissions in place
These tools do provide some basic protection and ensures that the cyber insurance company isn’t covering a recklessly risky organization. However, for SMEs and newer companies who may not be prioritizing cybersecurity, they may find themselves surprised at being unable to find a broker that will insure them.
YOUR MOVE: Take a proactive approach in your search for cyber insurance and be prepared to make some significant investments in your current cybersecurity posture.
A strong security posture can deal with increased risk
While these predictions may make it sound like SMEs have a tough road ahead of them in 2022, it doesn’t mean they’re powerless or can’t take steps to prepare themselves.
SMEs should work towards having comprehensive and foundational coverage, which will cover their bases across a number of different attack vectors. Prioritize protecting your endpoints, your email, and your employees — this will protect you against most of the attacks you’re likely to face.
Lastly, consider investing in a key security partner like an MSSP, instead of devoting budget to tools that can’t be utilized to their fullest potential or to building an internal security department, which will be both complex and costly. The right MSSP can provide the expertise your business may currently lack, bring in the right tech stack, experienced personnel, and guide your company in appropriate security and risk measures as you grow.