Happy New Year.This blog post is from Deccember 2021 and it applies to the Year 2022.Enjoy

Cybersafety connections December 2021 Vol#47 

As we go into the new year beware of new and yet not so new cybersecurity trends which may be a carryover from 2021. Digital transformation, work-from-home, and hybrid work model have all contributed to the rise of cyberattacks which is not letting down.  

 Stepping into the new year, here are 5 Big cybersecurity trends individuals and businesses can expect in 2022 according to Bernard Marr so we can be prepared in the fight against cyberattacks.  

  •  AI-powered cybersecurity  
  • Increasing threat of ransomware  
  • The Internet of Vulnerable Things  
  • Cyber-security and Third-Party exposure risk  
  • Emerging Regulation to counter risk.  
  • AI-powered cybersecurity  

In the financial industry, AI is used in fraud detection. In the same manner, AI can be employed in the fight against cyberattacks using its ability to recognize a pattern in large/big data that is being generated per second and the ability to use that to predict future events happening like cyberattacks.  

Cybercriminals are also aware of the power of AI and Machine learning and are using these tools to commit cybercrimes and evade detection. So, AI can be a force for good and bad.AI then is vital in the fight against cyberattacks. 

 • Increasing threat of ransomware  

Do you know how most of 2021 was spent keeping up with cyberattacks/breaches/ ransomware in the Cybersecurity Landscape? Examples of notable ransomware attacks were Solar Wind 2019, in 2021 Kaseya, JBS Meat Packaging, Colonial Pipeline, T-Mobile……etc. That trend is not going away any time soon and maybe on the rise as indicated by 61% of technology executives according to PWC research!

You are aware that ransomware is a /software/virus that infects computers, encrypts files, locks the computers, threatens to destroy or publish stolen information online and the bad actors demand ransom in return to unlock your files/computer. Worthy of note is that the payment is usually demanded in a cryptocurrency that is not traceable.  

The way most ransomware attacks happen is through phishing whereby employees/people are deceived into providing personally identifiable information online or clicking on email links which leads to downloading malicious codes/ransomware/malware on the computer.  

The strategy to mitigate against ransomware attacks through phishing attempts? Education is key in the fight against ransomware attacks.  

 • The Internet of Vulnerable Things  

Internet of things (IoT) refers to our devices that are interconnected, and that collect and transfer data over a wireless network without human interference. I had previously referenced the internet of things (IoT) in the previous article Cybersafetyadvocate.  IOT trend is expected to increase to 18 billion by 2022.  

The threat posed by IoT is not new. And with the digital transformation, remote, and hybrid work model, more devices are connected to the network providing more access points. Talk about smart homes where cybercriminals can gain access to the network through the fridge and smart TV. These access points give cybercriminals just the opportunity needed for cyberattacks by gaining entry to the network through the connected devices.  

Not only is IoT becoming wider spread, but it is also becoming more sophisticated as well with the use of “digital twins” to simulate real systems and businesses. These digital twins are connected to the real operational systems to use the data collected by the operational systems. That means more access points and more data to steal. 

IoT brings us to the concept of edge computing that resulted from the growth of IoT. Edge computing involves decentralization, distribution of data collected from IoT devices in a centralized cloud data center, where data is sent to be operated at the point/edge it is collected. Both the decentralized edge and centralized cloud structures and systems are vulnerable to cyber-attacks.  

So the way forward is education and awareness to protect against the vulnerability as well as an audit of access devices to know what vulnerability the device would create.  

  •  Cyber-security and Third-Party exposure risk  

Cybersecurity operations involve both internal and external factors to businesses like third-party vendors and supply chains which all pose cybersecurity risks and make businesses more vulnerable. According to  Gartner’s research by 2025, organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. This is to ensure third parties have cybersecurity measures in place to protect against data breaches/theft/losses. 

Additionally, businesses dealing with multiple parties who would have access to their data would have to deal with regulations/legislation regarding data protection like the European General Data Protection Regulation (GDPR) and others that followed suit such as the Chinese Personal Information Protection Law and the Californian Consumer Privacy Act. Organizations stand to be penalized for data breaches and so have to perform due diligence before conducting third-party transactions and business engagement to limit their risk. 

  • Emerging Regulation to counter the risk  

Cybercriminals have taken advantage of the fast pace of technological change and regulations that do not keep pace with technological changes. These changes make policing cybercriminals difficult. In 2021, the cost of cybercrime was set to top $6 trillion in 2021. There were efforts already underway in 2021 in terms of efforts by regulators like International Cybercrime Prevention Act mentioned in cybersafetyadvocate June 2021. This would involve penalties for bad actors and organizations as well. 

Going into 2022 expect a tougher stance by regulators. Along these lines, legal obligations are also been given to the Chief Information Security Officer like that of the Chief Financial Officer. This action is done to limit the impact data theft, losses and breaches will have on customers. The burden placed on those responsible for the information security business is intending to build consumer trust which is needed for organizations that want to keep having access to our valuable information.  

Subscribe to get the latest post.