It was another challenging year for cybersecurity, and we’re anticipating more of the same in 2022.
It’s estimated there were more than $6 trillion in damages from ransomware attacks and other cyber crimes in 2021, and we expect to see that increase this year as attackers use more sophisticated tactics. However, government agencies and private sector companies are fighting back.
With that in mind, here are some cybersecurity predictions we expect we’ll see in the coming year.
Ransomware attacks have increased and many companies are still paying ransom, sometimes into the millions of dollars.
More sophisticated hacking techniques – and ransomware becoming the cornerstone of revenue for international organized crime organizations – have led to more attacks. The increase in remote work due to the pandemic also introduced new cybersecurity vulnerabilities.
The fastest-growing ransomware targets are small to medium-sized businesses. In 2021, there was a 57% increase in attacks on companies with fewer than 250 employees. All too often, SMBs are unable to survive the disruption spawned by a ransomware attack.
Yet even the most protected networks are not immune. Even the Olympics have a history of cyberattacks, including the “Olympic Destroyer” virus that impacted TV and internet services during the 2018 Winter Olympics and the 450 million attempted attacks cybersecurity officials thwarted during the 2020 Olympic Games. The most common attacks involved phishing, fake websites, ransomware and distributed denial of service attacks, according to Gov Tech.
With the 2022 Olympics just days away, cybersecurity officials have already identified a serious encryption vulnerability in an app all athletes and attendees are required to use that contains personal health information, passport details and other sensitive data.
Historically, cybersecurity has been over-reliant on securing the perimeter of the network. But more often than not, to borrow the phrase from the scary urban legend, the calls are coming from inside the house. Many security breaches come from employees opening what’s believed to be an email from a coworker or something similarly innocuous and providing sensitive information. Some employees also act maliciously to expose data assets.
To guard against this, many companies are implementing zero-trust security principles. That means applying the tenets of zero trust, including multi-factor authentication and the principle of least privilege, to everything from network resources to enterprise data.
Zero trust was a focal point in the past year, but another prediction is that it will continue to be front and center going forward. Already, the Biden administration has made Zero Trust mandatory for federal agencies.
President Joe Biden’s executive order is the first step in a series of actions to improve cyber resiliency. The bipartisan Cyber Incident Notification Act was introduced in the Senate last July, requiring notification of customers within 24 hours of the discovery of a potential data breach. The Ransom Disclosure Act, introduced in October in both houses of Congress, would require reporting all ransom payments made to cybercriminals, and several state legislatures are considering laws making ransom payments illegal.
In 1997, Steve Haase, an Atlanta-based insurance agency, worked with AIG to write what’s regarded as the first cyber insurance policy.
Since then, internet activity has exploded for work and recreation, sparking an increase in multiple sectors of the economy, from online retail to cyber insurance. It’s estimated that in 2021, companies paid $2.7 billion in cyber insurance premiums.
That represents a 22% increase over the previous year, and we can expect the upward trend to continue.
The increase in cyberattacks is leading to an increase in payouts to the point where they often exceed premium payments by clients. The insurance industry had a limited frame of reference initially when writing cyber insurance policies, which used to be a comparative bargain. But as more companies are paying out enormous sums in claims, we anticipate they’ll start tightening restrictions on what is covered by their policies, making sure certain safeguards are in place by the companies they cover – and continue to increase their premiums.
Ransomware attackers like the Conti ransomware gang are now targeting backup and recovery solutions knowing they have more leverage if a company can’t access any previous versions of its data.
While cloud backup solutions have increasingly replaced physical media to store copies of data, they don’t allow you to restore your data once it becomes encrypted in a ransomware attack.
A better alternative to stand-alone backup and recovery solutions is to focus on protections that actually transform your enterprise data, rather than just copying it, so your organization is able to withstand attacks. That means going beyond standard encryption.
Although cryptocurrency has been around for more than a decade now, there is a growing awareness of it and an explosion in people investing in it. A recent Pew Research survey showed 86% of Americans had heard about cryptocurrencies, and 16% had invested in or used one. Among men ages 18-29, 43% have.
As more people enter the cryptocurrency market, mobile wallets could become more vulnerable to attacks. This could affect enterprises that have invested heavily in cryptocurrency as well as individual investors.
The application of cybersecurity solutions across enterprises has been siloed and inconsistent in many ways. The growth of remote work and the increase in unstructured data demands new cloud storage solutions, each of which requires protection.
Unfortunately, many cybersecurity teams still implement a single solution at a time for a specific use case. These disparate solutions don’t always integrate well together or offer enterprise-wide visibility. They can also be difficult to scale as a company grows, leading to vendor lock-in and a lack of flexibility.
To address these challenges, forward-thinking security and IT leaders are focusing on combining data storage and policy controls so they can apply a full suite of data protections across multiple locations.
Myota’s Converged Data Security Platform combines best practices for data encryption, data sharding, data dispersion and resiliency to help your company avoid the high costs and downtime of ransomware attacks. Your company can easily apply it to any of your existing storage platforms to protect critical data and restore previous file versions immediately.
In this recorded webinar, you’ll discover how Myota helps you eliminate security silos and improve your infrastructure and technology, to anticipate, withstand and recover from attacks with technology across any data storage environment.