Chris Berry, CTO and GM of security solutions at PDI Software, says in 2022 we will continue to see the proliferation of ransomware hitting all sizes of businesses.
“However, we’ll also see an escalation of the ransomware attack model with extortionware,” he says. “With more businesses maintaining secure backups to avoid paying a ransom to unlock encrypted data, cybercriminals are now threatening to publicly expose sensitive data.
“Doing so can cause significant business risk, especially when the blast radius extends to customer, partner, or vendor data. That’s why it’s so important to make sure you’re preventing threats by securing your perimeter. But you also need the capabilities to detect potential threats and respond in real time if you suspect you’ve been breached.
“Unfortunately, a large number of businesses still aren’t adequately protected against today’s sophisticated threat landscape.”
Richard Walters, CTO at Censornet, adds: “Ransomware has shifted from targeting large organisations to mid-market organisations over recent years. This is a clear signal that ransomware will continue to permeate our society.
“The next cause for concern will be when ransoms are demanded to keep ‘Operational Technology’ (OT) operational – a hospital medicine dispensing machine or a power plant, for example.”
Agility will be key to countering growing zero-day exploits and ransomware attacks, argues Andy Green, CISO at Gemserv.
“2021 saw almost double the number of zero-day exploits compared to 2020, and the highest number ever on record,” he says.
“Another trend that is almost certain to continue is the evolution and prevalence of ransomware attacks. 2021 saw exponential growth in ransomware and this is set to continue well into 2022.
“Multi-staged attack chains will become more prevalent in the delivery of ransomware, for example phishing attacks, leading to malware loaders, to secondary loaders and information stealers and onto ransomware.
“In the face of this increased number of infections and ransoms, we can expect to see cyber insurance premiums continue to surge – we saw increases of over 50% last year as insurers seek to keep pace with the claims.
“Overall, the key maxim in security for 2022 will be agility. Ensuring agile security strategies are in place that allow for your organisation to adapt and respond to the uncertain year ahead will be paramount.”
Brian Murphy, CEO and founder of ReliaQuest, warns of the cybersecurity skills gap.
“If this past year taught us anything, it’s that cyber attacks are only increasing, so it’s paramount that organisations have the best talent to prevent and address these breaches when they occur.
“In 2022, the industry will need to make substantial progress in addressing the cybersecurity skills gap as efforts thus far haven’t shown the progress we need to properly address increasing threats.
“While it’s great to see the efforts of the private sector prioritise training in cyber skills, and making cyber awareness training accessible to everyone, I hope, and expect, the industry will direct more of its efforts into tackling the broader skills transfer issue.
“There are plenty of people ready to raise their hand and help with this ongoing problem, but we need to better equip them with the right skills. I hope to see more companies in the new year investing in meaningful skills initiatives, like Microsoft’s work with community colleges and ReliaQuest’s work with 3DE high schoolers.”
Zoom CISO Jason Lee says more companies will drive to adopt the Zero Trust security model as a result of the shift to hybrid working.
“Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the Zero Trust approach to security. I believe that companies need these tools to make sure their employees can get work done as safely as possible from wherever they are – commuting, traveling, or working from home – and that all of their endpoints are secured with continual checks in place.”
He adds: “The security hiring boom will continue. We know that cybersecurity professionals are a hot commodity across industries, due to more available jobs than trained applicants.
“At Zoom, we expect to continue to hire highly-qualified security professionals throughout 2022. I believe we’ll see the cybersecurity talent pool grow as more professionals choose to enter the field due to increased demand and in many cases, the ability to work from anywhere.”
Steve Harrington, MD of EMEA at Aryaka, adds: “As we head into 2022, cybersecurity cannot be thought of without considering the wider network. Even more so, enterprise leaders need the reassurance of a secure network, while they come to grips with a majority workforce that is outside the traditional office.
“Hybrid workplace environments demand the right kind of connectivity and security technologies so employees can remain productive and able to collaborate. This is already disrupting the status quo of legacy telco managed technologies and complex do-it-yourself solutions.
“Although it is promising to see EU ministers and large investments being used to alleviate the pains of dispersed and changing work environments, there is clearly still a long way to go.”