As the adoption of digital technology has grown, so has the threat surface. With the year 2022 rapidly approaching, CISOs get ready to face new and increasing cybersecurity challenges.
The year 2022 will be one of greater resiliency and incorporating it into all parts of enterprise operations. This will necessitate a review of how companies of all levels are responding to a bigger scale of sophisticated threats. To build on the progress made in 2021, CISOs should consider how to incorporate innovation into their businesses without increasing their vulnerability to damaging attacks.
Here are four major trends that will shape the market in 2022 and which security professionals should be aware of:
The “assume-breach” mindset
Over the last five years, digital transformation has been a top focus for businesses. The adoption of a hybrid work strategy has recently been a component of this journey. This is a trend that will continue in the coming year and beyond, as more companies experiment with remote working options.
Employers can benefit from a hybrid work strategy since it increases productivity, but SOCs must be mindful of the vulnerabilities and security concerns that this poses.
Jon Fielding, Managing Director – EMEA at Apricorn says, “Companies will need to urgently improve security awareness and accountability of their employees, educating them in the changing risks associated with remote and hybrid working, and how control them. This means training the workforce in security policies and the proper use of security tools and technologies. But employees also need to understand the ‘why’, as well as the ‘what’ and ‘how’: the specific threats facing the organisation and the role they need to play in mitigating them.”
“We expect to see a continued increase in the use of data encryption, which will keep information secure whatever happens around it. Mandating the encryption of all corporate data as standard policy also provides the ability to demonstrate transparency and due diligence in the event of a breach,” he adds.
In 2021, many organizations have already increased their zero trust budgets. To combat the expanding threat landscape, zero trust adoption will spread to even more private enterprises and governments.
The use of zero trust can enable better visibility to improve an organization’s overall security posture as more companies become unified in their approach to managing cyber risks.
New risks and innovation in 5G
The adoption of 5G is picking up speed. More businesses will aim to invest in 5G technology in the coming year to improve their connectivity capabilities. They will be able to get new value from their existing core network assets and place their enterprises on the digital transformation path if they adopt 5G.
However, putting 5G in place is not without its complexities and challenges. Threat actors can take advantage of vulnerable connections to enter network infrastructure as 5G speeds up the expansion of the Internet of Things.
Organizations should ensure that they are protected from all 5G threats. They risk missing out on the advantages of a connected future if they don’t act now.
Personalization and customization with phishing techniques
As phishing scams have become more widespread, organizations have boosted staff training and awareness. As a result, people are more aware of phishing scams and can spot them more easily. To counteract this, attackers are refining their strategies to make their attempts appear more genuine.
Phishing attacks will become more sophisticated in 2022. Attackers will develop their strategy to leverage more specialized and personalized attacks based on intelligence gathered from social media channels, rather than depending on traditional approaches. It will be more difficult to separate these intensified personal attacks from legitimate communications.
The enterprise API ecosystem will reveal its flaws
After launching an attack, cyber criminals frequently use lateral movement strategies to infiltrate a company’s whole network. For instance, REvil used Kaseya’s network management and remote control tools in a ransomware attack earlier this year. This impacted not only Kaseya, but also Kaseya’s managed service provider (MSP) customers and their end-users.
Because of their ties to numerous industry ecosystems, attacks on this scale are especially dangerous. Threat actors will increase the number of attacks that use the lateral movement idea in 2022. They will apply this to an entire partner network using misconfigured enterprise APIs, starting with internal networks. Threat actors will be able to obtain access to a company’s wider ecosystem as a result of this.
For more such updates follow us on Google News ITsecuritywire News