Every day, new technologies are disrupting and improving our lives, businesses, industries, and in the larger landscape, the conveniences and efficiencies we once thought to be the stuff of futurists. If anyone asks the average person how they thought the future would look, they will give an unimaginative answer “Where’s my flying car?” You can now answer, not with speculation but with facts: the prototypes are tested. With this comes the inevitability of threats to all cybersecurity. As we know, with every new technology comes a seemingly endless amount of threat actors immediately working on the discoveries of cracking it open. It’s much easier to think of threat actors, not as individual hackers, or even as individuals at all, but as an unavoidable force. Threat actors are like the weather: regardless of your desires, they will continue, and that is outside of anyone’s control. In response to this, we must be as proactive as we possibly can. Here are the cybersecurity trends we will see heading into 2022.
User Awareness and Simulation
In 2022, cybercrime will increase, as it has been increasing every year since its inception. Its growth will never diminish, leaving both individuals and organizations feeling anxious. Beyond significant financial detriment, breaches cause levels of anxiety that psychologists say, “even rival those of traditional terrorism.”
As such, we must be vigilant and according to cybersecurity trends 2022 we must have a significant uptick in the amount of simulations companies run within their framework. Hacking and phishing simulation efforts will need to be redoubled and looked at not as a weekly nuisance with emails asking you to open a link or a file, but as a major part of company culture in full. It doesn’t have to be drilled into employees. It should not. It needs to be an encouraging effort that employees see as forward-thinking towards the company’s health.
Protection Coupled with Detection
A degree of protection is almost a given. We run anti-virus software that comes pre-installed on every computer purchased today, and smart businesses run even more innovative and encompassing software. Because this software is so ubiquitous, it’s almost instantly the first target of cybercriminals. It’s the sine qua non, the essential element to get past.
This is why detection should be the Sine qua non in 2022 and this requires detection efforts to be doubled. It’s paramount that we are vigilant. Malicious and nefarious behaviours need to be identified at greater speeds. Criminal processes launched through backend channels need to be examined relentlessly. The inevitability of cybercrime necessitates the never-ending evolution of detection methodology, and your IT professionals need to be keenly aware of all of it.
In the post-pandemic contemporary landscape, we have so many people working remotely. This is a fantastic advance for people to better divide their personal and professional lives. It also creates a significant number of challenges in the cybersecurity sphere. As EY points out, “Almost 70% of all breaches still originate at endpoints, despite the increased IT spending on endpoint security solutions.”
2022 will see the emergence and growth of two specific responses in our already acronym-heavy vocabulary: endpoint detection and response (EDR) and extended detection and response (XDR). The increasingly antiquated paradigm of detection acts reactively: it matches against what we already know — attack patterns, signatures and previously recorded threat trends.
In contrast, EDR is built for prediction. Because so many of the threats we encounter haven’t ever even been seen by anyone other than the threat actor who created them, EDR combines already acquired threat knowledge with advanced data file analysis and puts it through the filter of machine learning. By collecting and disseminating endpoint behaviour, EDR will become a cornerstone of any serious security architecture this year.
XDR is fundamentally an evolution of EDR. In a sense, it’s the big picture EDR. It utilizes the principles of EDR but across all channels: endpoints, networks, clouds, servers, hubs, etc. In short, anything and everything. As Forbes stated, it “provides a unified, single pane of glass view across multiple tools and attack vectors.”
As per cybersecurity trends in 2022, we will see a skyrocket in multifactor authentication because even a modest company would be reckless not to implement it. Human behavior and habits reveal the inherent insecurity of how usernames and passwords are used. It’s built into us genetically. We create things we can remember. This is actionable knowledge that threat actors are keenly aware of, and getting a target’s credentials is tantamount to breaking open the pinata.
Simply assigning or compelling someone to create a complex password with letters, numerals, and characters is no longer a tenable security solution in any way, shape or form. Threat actors employ everything from tried-and-true brute force attacks to extremely sophisticated automated password cracking programs. The importance of multifactor authentication can never be overstated, and its necessity can never be overlooked. Moreover, it plays into the larger picture of detection in this increasingly remote working world: after multifactor authentication occurs, security experts need to be pinged on where it occurs. If your user lives in Pennsylvania, why on Earth is he logging in from Timbuktu.
Cybersecurity insurance premiums will grow significantly in 2022. The never-ending rise in breaches and ransomware occurrences simply dictates that. As a relatively young industry, its own metrics will become more advanced, and its premiums will reflect accurate assessments of the levels of risk inside a company. Already implemented, though not widely publicized yet, there will be an increase in the use of what’s known as an individual cyber score — fundamentally a credit score, but instead of financial reliability, the metric examines the individual’s cyber credibility. We’ll likely begin to see questions like “would you hire someone who’s had their identity stolen?” or “would you take a bump in your cybersecurity premiums to hire an individual whose security was previously compromised in their private life?” It’s somewhat cynical, but cybersecurity trends in 2022 likely have as much excitement as it does cynicism, and when it comes to the bottom line, I’d predict an upward swing in both.