By Isaac Kohen, VP of R&D at Teramind, and provider of employee monitoring, data loss prevention (“DLP”) and workplace productivity solutions.
2021 was a devastating year for cybersecurity. As business accelerated digital adoption and people played out their lives online, threat actors were ready to capitalize on the transitional moment, savagely targeting everything from critical health infrastructure to small and medium-sized businesses.
By Q4 of 2021, the number of reported data breaches had already surpassed 2020 totals, which were historic in their own right. Collectively, 281.5 million people have been impacted by a data breach in 2021, while cybercrime costs companies $1.79 million per minute, demonstrating the across-the-board impact of today’s cybersecurity landscape.
In response, more than half of CIOs view cybersecurity as a top operational priority both now and in the year ahead. Many leaders are devoting significant resources to this priority. One survey found that more than 25% of executives expect to increase their cybersecurity budgets by double digits in 2022 to address shifting and accelerating theft trends.
As businesses look to accelerate growth after a pandemic year, allocating those resources effectively will be critical to defending digital infrastructure and optimizing return on investment. To inform those decisions, here are three can’t-miss cybersecurity trends for 2022.
1. People Are Often The Problem
Phishing scams and ransomware attacks are typically the most popular methods for today’s threat actors. These attacks allow threat actors to operate with relative impunity while presenting an opportunity for significant financial payouts. Both phishing scams and ransomware attacks increased in scope, frequency and cost in 2021, and businesses should expect these trends to continue in 2022, as well.
However, how businesses respond to these threats can make all the difference. Before making significant investments in the latest cybersecurity software, consider the human element, which plays a central part in 85% of cybersecurity incidents.
When employees click on a suspicious link email, forget to update their software, fail to practice digital hygiene best practices or maliciously compromise IT integrity, they are putting cybersecurity and data privacy at risk.
Simple employee training can go a long way. For example, one study (paywall) found that frequent employee training improves their ability to identify phishing attempts. Similarly, encouraging employees to implement digital hygiene best practices, including regularly updating account passwords, can thwart potential cybersecurity threats. When paired with employee oversight initiatives, companies can address their most significant cybersecurity vulnerability — their people.
2. Money Is The Motivation
Cybercrime pays. Threat actors often act with relative impunity, shirking laws and regulations by harnessing the world wide web to enact cybercrimes from anywhere in the world. While this is true for threat actors — like the increasingly problematic and prevalent ransomware-as-a-service (RaaS) operations (paywall) — it also applies to insider threats who have access to highly valuable company and customer data.
For example, one Russian national was offered $1 million to install malware on his company’s network. In addition, a U.S. scientist attempted to steal trade secrets worth $1 billion. While he received a two-year prison sentence in lieu of payment, it underscores the financial motivation that guarantees that cybercrime will continue to proliferate in the year ahead.
When money is the motivation, companies will need to enhance their defensive posture to protect their most valuable assets.
3. Costs Will Continue To Increase
In 2021, the average cost of a data breach passed $4 million for the first time. These costs increased as remote and hybrid teams made breaches both more likely and more difficult to contain. Indeed, the average cost of breaches involving remote work was $1.07 million higher than that of their on-site counterparts.
Meanwhile, the cost of a ransomware attack is increasing even more quickly. In 2018, the average ransomware payment was just $7,000. Just two years later, the average ransomware payment was more than $200,000 — a shocking increase in such a short time. With several prominent victims making multi-million-dollar ransom payments, there is no reason to expect that this number will go down any time soon. At the same time, regulatory fines, opportunity cost and customer loyalty are all making cybersecurity failure an increasingly costly reality.
Across the board, business leaders should expect that the costs of cybersecurity failure will continue to increase, making it more important than ever to adequately protect digital infrastructure and sensitive data.
Staying Ahead Of The Trends
As companies reflect on the past year and plan for 2022, the shifting cybersecurity landscape is necessarily a top concern. While establishing priorities and allocating financial resources are excellent outcomes of those discussions, they are best executed when responding to the latest trends and threat patterns.
In other words, just as threat actors never stop looking for new vulnerabilities and attack methodologies, companies can’t rest on their laurels. Rather, cybersecurity must be an ever-evolving aspect of any successful and sustainable company.