What threats will carry over from 2021 to 2022?
A lot of trends from 2021 will continue in 2022
Those who believed that spending a good deal of money on the latest security software would ensure their company was fully protected from future cyberattacks have surely already realized their mistake. A look at the cybersecurity landscape in 2021 shows that attacks are becoming more sophisticated, more human-centric, more frequent and harder to detect. Not exactly a comforting outlook.
Top cybersecurity threats in 2021
In its Threat Landscape Report for 2021 the European Union Agency for Cybersecurity (ENISA) lists the cyber threats that had the greatest impact on business and individuals in the past year (April 2020 to July 2021 report):
- Ransomware – Ransomware clearly tops the list, rising not only in terms of frequency (a ransom attacks happens every 11 seconds worldwide), but also in terms of the amount demanded. Cyber criminals were estimated to collect more than $20 billion from enterprises in 2021, compared to $11 billion in 2020, primarily through phishing emails and brute-forcing on Remote Desktop Services (RDP).
- Malware – Fortunately, malware continues its decline from 2020. Yet criminals are opting more often for unconventional codes in order to go undetected.
- Cryptojacking – Cryptojacking experienced quite a surge in early 2021 and, similar to ransomware, shows a steady upward curve.
- E-mail related threats – Since email remains the most important communication channel, it comes as no surprise that it still is one of the most attractive targets for attackers. The focus of email threats, especially business email compromise, has shifted almost entirely from technical vulnerabilities to exploiting human errors and behavior.
- Threats against data – Data breaches continue to be equally compelling to criminals as money-related attacks. In times of the pandemic, they were particularly felt in the healthcare sector, where hospitals and medical facilities suffered intense pressure on their databases. Data-driven organizations have been busy not only with compliance to regulations, but also with strengthening their security.
- Threats against availability and integrity – Threats of the type Denial of Service (DoS) and Web Attacks can affect the resources, performance and service-readiness of companies.
- Disinformation/ misinformation – This type of threats is multiplying at record speed regardless of awareness campaigns. They spread mainly via phishing and aim to manipulate people’s views and behavior.
- Non-malicious threats – In 2021, the upward trend in human-caused, non-malicious incidents continued, which, along with email threats, highlights the importance of building security awareness among employees.
- Supply-chain attacks – The complexity and efficiency of supply chain attacks is escalating rapidly, making them one of the major threats to enterprises and, in particular, managed service providers.
Outlook for cybersecurity threats in 2022
What the statistics show is that almost all the threats from 2021 will persist in 2022, and more will come. Researchers report an increase in zero-day vulnerabilities as well as the complexity and sophistication of the codes and tactics, making them more difficult to detect.
Ransomware is here to stay simply because it is so lucrative. And considering that in the first quarter of 2021 alone, the number of ransomware tripled compared to all of 2019, it is going to get serious. VPNs, unprotected RDP ports and phishing play a vital role in spreading, however, getting infected via cloud and USB devices is quickly catching up posing a serious threat to critical infrastructure. Combining comprehensive endpoint and phishing protection with employee trainings to recognize potential threats has been shown to significantly reduce ransomware success.
Gartner estimates that by 2025, the threat of supply chain attacks will force 60% of companies to select partners based on their cybersecurity maturity. In addition, legislation is expected to tighten and companies will be punished more strictly for information leaks. Gartner also expects industry-standard security rating systems to play an increasingly important role in assessing a partner’s trustworthiness in the future. For companies with large networks, securing their supply chain will be paramount to their survival and competitiveness.
The increased use of Internet of Things (IoT), which enables different devices to exchange data in an online environment, opens up countless vectors for attacks. Through household appliances, connected cars and smart whatever, cyber criminals can bypass the security of digital systems and gain access to their data.
Speaking of data, interest in it will continue to rise on a global scale in 2022. Attackers will use any human error or technical vulnerability to steal credentials and get hold of critical data which can cause a significant image or financial loss for an organization.
Deepfakes are also referred to as a tool that will continue to be used in 2022 to compromise business emails and manipulate multi-factor authentication and know-your-customer ID, thanks largely to the use of crypto-money.
In 2022, phishing attacks deserve close attention, as they are becoming more targeted than ever, involving ever more sophisticated tactics such as personalization or geographic localization. The good news is, phishing is relatively easy to prevent. Having good email protection software capable of detecting malicious content and properly securing credentials should provide a solid foundation.
Regrettably, these are far from the only attacks that companies and private individuals are exposed to. Even small businesses are not exempt from attacks. Regardless of how good their cybersecurity is, companies should remember that keeping it up to date and future-proofing it, as well as raising employee awareness of prevention, is an ongoing process.
GBS has more than 30 years of experience in cybersecurity and offers one of the most comprehensive solutions for email protection in Germany. The innovative iQ.Suite covers all the hot topics such as ransomware, phishing, supply chain attacks, business email compromise, encryption, data loss prevention, content recognition and ensures compliance with regulations and GDPR. Learn more about the security features of iQ.Suite or contact firstname.lastname@example.org to request further information or a demo.