According to The Washington Post, just under $1 trillion was lost globally in 2020 in cyber-attacks[i]. While many attackers have a directive, most are just scanning the world looking for opportunities. It appears they are still very successful in their efforts.
As Duffy Compliance is at the forefront of the cybersecurity industry, I put together some predictions and trends for 2022.
We know that Ransomware is still a very active threat vector. According to PurpleSec, 92% of malware is delivered by email, and 7 out of every 10 malware payloads were ransomware.[ii] Security awareness training is still the best defense in recognizing and preventing them from succeeding. There are applications that can help, but there is always the risk something will get through. Therefore, the results ultimately depend on the end-user recognizing malicious intent. My first prediction is that ransomware will continue to be a major threat vector and will find new ways to enter the system outside of email. We should be looking for additional protection in our supply chain access, cross-site scripting attacks, and automated communication vulnerabilities.
COVID-19 appears to be going nowhere fast, and so more organizations should be looking for better security solution from home-based offices and work production. End-point protection and remote monitoring should be on the radar this year, if they are not already in place. Be aware that spam and malicious attempts can come from anywhere: online offers, emails, social media, and fundraiser calls. My second prediction is that attackers will continue to use COVID-19 as an avenue for attacks, and once the pandemic ever gets under control, the solutions will also be used to generate additional attack vectors.
Another sideline of COVID-19 and remote working are additional security needs that come with more complications. The problem with remote workers is not just accountability, which can be measured through productivity, but the risk to the organization. Risk can be increased if companies are not aware of privacy laws when you allow people to use their own systems or when you ignore anti-virus protection or malware detection. Having a VPN is great, but it doesn’t go far enough to protect an environment if the end-points have malicious code on them looking for new hosts. The VPN opens a doorway to additional hosts and can make a small problem really big since it by-passes many of the external protections.
Finally, I predict federal and state regulations will increase repercussions for cybersecurity violations. We saw the onset of the Department of Justice (DOJ) using the False Claims Act as a means to hold federal contractors accountable for protecting Controlled Unclassified Information (CUI). This is not a catch-all solution, but it is a deterrent should an organization believe they can get away with self-certification without any supporting documentation or evidence to prove the status of the regulation within the organization.
If we can help you put safeguards and monitoring in place, please don’t hesitate to reach out.
May you stay safe and secure in 2022!