After a dismal 2021 performance as regards cyberthreats, 2022 now follows a similar trajectory with more regular attacks that are increasingly sophisticated, accurate and imaginative. This phenomenon was illustrated through the recent intrusion into Panasonic’s company servers, not forgetting the cyber attack on leading companies in France’s construction and public works industry.
Thanks to government initiatives and new technologies, solutions are being developed to fight these cyberthreats. However, more is still needed to ensure more informed decisions across the board as well as more substantial investment and practical strategies.
2021, a year of record cyberthreats
2021 will be remembered for all the wrong reasons when it comes to organisational cybersecurity. Together, the figures point to a spate of attacks.
For starters, in 2021, the French Network and Information Security Agency (ANSSI) reported 1,082 verified information system intrusions versus 786 in 2020, i.e., a rise of 37%. Parallel to this, in France, the government’s Cybermalveillance.gouv.fr platform observed a 101% surge in visitors in 2021, amounting to nearly 2.5 million. In the United States, report released by the Treasury Department found that more than $590m was extorted between January and June 2021 by ransomware, up $170m on 2020. Some attacks were the subject of close scrutiny by the media. First, some contextual background on how organisations kick-started 2022: we only have to consider the Pegasus affair, Acer Group and its REvil ransomware attack and the extortion of sensitive data from 1.4 million patients across Paris’ Hospitals.
Trends for 2022
To better prepare organisations, they must be kept up to date on the latest types of threats. Let’s kick off with that well-known danger called ransomware.
In 2022, ransomware attacks will not only be more advanced, but they will also target more companies of all sizes. 2022 will also see an acceleration in the trends already observed. These include: professionalised computer hackers; the rise of an informal economy focused on “data shaming”; not to mention an environment that is conducive to attacks through the growing adoption of remote working practices.
With respect to data breaches, they will only become more commonplace, burdening organisations with additional costs. Experts predict that computer hackers will use increasingly advanced phishing campaigns to steal data with greater effect.
What’s more, cyber-related attacks on smartphones – which are often overlooked or downplayed – will occur more frequently. The importance of such attacks is underscored by one key figure: in 2021, 46% of organisations reported that an employee had downloaded a malicious mobile app. Always keep in mind that each accessible device presents an entry point for computer hackers.
Where there’s cybersecurity, there’s also the Cloud! In 2022, the chances are that the vulnerabilities observed in microservices will trigger the launch of wide-scale attacks. Moreover, computer hackers will be sure to further exploit the flaws from implementing a DevSecOps Approach.
On top of that, the impact of multiple so-called “new” threats is likely to increase. In practice, there is no denying that the rising use of cryptocurrency in organisations that are private (in most cases) and public alike will expose them to attacks using techniques such as phishing, infostealer trojan horses, and flash loans for web 3.0 applications.
Another trend to watch out for is deepfakes. Deepfakes are videos created by artificial intelligence that can intentionally mislead human users. With this content, authorised access may be granted to sensitive company infrastructure through the manipulation of certain collaborators. In 2022, organisations will have to address this challenge on a more regular basis. As such, they must begin discussions aimed at adopting new security measures such as double visual validation in an effort to prevent such intrusion.
Cyber attacks will also continue their upward trend on social networks. This is clearly reflected in the creation of fake profiles aimed at manipulating collaborators coupled with official accounts which are hacked to tarnish an organisation’s reputation. Lastly, the Supply Chain will remain pressured. And the reality is that the frequency and strength of related attacks will only intensify. Recent geopolitical and health events have highlighted the vulnerabilities of such complex processes. The latter, which are packed with strategic data, can easily grind an entire organisation to a halt.
Organisational protection in 2022
From an organisational standpoint, decision-makers should continue their efforts to train collaborators in best practices (multiple passwords per application, two-step authentication, identifying suspicious emails, etc.).
Decision-makers must consider themselves as high-priority targets, adapting their use of IT tools and ways of sharing data accordingly. A case in point is the benefits observed for decision-makers within a closed ecosystem when there is a need to exchange Board meeting documents.
Furthermore, a growing number of organisations must make it the norm to strengthen their technical teams and to conduct compliance and security audits at regular intervals. In other respects, it’s vital that these organisations implement measures to safeguard integrity and enhance the traceability of sensitive data. To this end, organisations may benefit from data storage systems which leverage Cloud solutions using AES-256 end-to-end encryption. With all of this in mind, on the back of a cyberthreat-filled 2021, 2022 already appears to be a continuation of this trend. The frequency and complexity of threats will unquestionably pile further pressure on organisations. All structures are accountable for responding to new threats. They must also bolster currently deployed measures, tools and processes to counter recognised cyberthreats. While admittedly, there is heightened organisational awareness, many of them must do more to upskill in all things cyber.