2022 will bring a number of cybersecurity challenges to organizations around the globe. Unprepared businesses will find themselves stuck between a rock and a hard place as pressure is increased both by rising cybercrime and shifting regulations and compliance measures put in place by major governments.
Below are five of the most important cybersecurity trends emerging in 2022.
1. Liability Changes Target Company Directors
The public’s patience has run out regarding data breaches and the seeming lack of accountability by businesses. Governments are beginning to respond with legislation that targets company directors, making them financially and legally responsible for data breaches that occur on their watch.
Lawmakers in Europe, Australia, and the US have begun to implement laws that target boardrooms and encourage whistleblowers (even with monetary incentives). As a result of these laws and the FTC’s warning to board members, 2022 may see a meteoric rise in civil and criminal prosecution against company directors.
2. New Cloud Technology Brings New Risks
Businesses continue to transfer more of their operations to the cloud, and most enjoy greater security and flexibility as a result. However, new technology such as containers and cloud-native applications bring risks that could expose a company’s entire cloud architecture.
It will become critical for businesses to perform a regular inventory of IT assets and data—which won’t be easy if developers are building software within the cloud. Developers unfamiliar with cloud security will risk exposing cloud storage, serverless endpoints (FaaS), and management systems to malicious actors online.
Unchecked IAM policies may lead to situations in which one intruder can gain access to entire cloud systems and databases by compromising just one web application.
Cloud penetration testing will be a critical asset for businesses that push forward with a multi-cloud architecture and cloud-native app development.
3. Ransomware Attacks Continue to Rise
The rise of untraceable cryptocurrency transactions has caused ransomware attacks to become major criminal enterprises, and international law enforcement has been unable to keep up. Ransomware actors enjoy relative impunity as of early 2022, and we can expect more sophisticated attacks and larger ransoms this year due to the confidence of criminal kingpins. One of the most notorious ransomware groups, Ryuk, reports having earned over $150M in 2021.
In 2022, cybercriminals will have more opportunities to profit from stolen data as well. Over the last year, multiple marketplaces have opened on the dark web, where criminals can freely buy and sell sensitive data stolen from major businesses. This is leading to double extortion schemes in which criminals demand ransom in exchange for the release of data and for the refusal to sell that data on the dark web.
4. AI and Deepfakes to Increase Whaling Attacks
The human element of an IT infrastructure is often the weakest, and this link will become even more susceptible to attack in 2022. Whaling attacks, in which malicious actors imitate management within a company to trick others into giving them access to data, are on the rise thanks to advanced deep fake and AI technology. Essentially, it’s becoming easier to pose as another person, perfectly matching their looks, expressions, and voice.
According to the World Economic Forum, the prevalence of deepfakes increased by 900% in just one year, and the cost of producing a high-quality deep fake has dropped to around $30,000. These state-of-the-art deepfakes are nearly indistinguishable from reality, and the only defense that businesses have against them is to educate their staff and to require more rigorous clearance standards before revealing sensitive data, even within a company.
5. Data Protection Regulation Cracks Down
For some years, businesses have been required to disclose when a data breach has occurred. In 2022, these disclosure laws and other data protection regulations will become stricter, forcing companies to report cybersecurity incidents almost immediately or incur serious fines. The window for disclosure, which is 72 hours in the EU, is now seen as a luxury compared to new regulations by the FDIC in the US that require banks to disclose incidents within 36 hours.
Businesses will be left with very little time to manage internal crises and external damage control before having to deal with regulatory agencies. Keeping these incidents under wraps will be incredibly difficult due to incentives for whistleblowers. Even the largest companies are not immune. Amazon was handed a fine of nearly a billion dollars for violating EU GDPR.
More data regulation laws are expected to pass in 2022, and businesses will need to remain extremely diligent to maintain compliance.
Protect Your Business with Robust Cybersecurity
2022 will bring a host of new cybersecurity challenges to businesses and other institutions. But falling victim to an attack or to regulatory consequences is not inevitable. Companies can protect themselves by investing in robust cybersecurity measures (including technology and education) and by prioritizing data protection compliance.