If 2021 has been a year that has put the cybersecurity of companies and public organizations and institutions to the test, for next year the experts agree that these cyberthreats will continue to increase. In the following lines we will see what are the threats to cybersecurity in 2022 that organizations will face.
What are the main threats to cybersecurity for companies in 2022?
The digitalization of companies and administration, remote work and hybrid environments, a greater use of IoT (Internet of Things) devices, the dependence on mobile devices and the 24/7 connection to the Internet or the use of more digital services, are some of the elements that will mean that by 2022 the threats to cybersecurity not only continue to occur, but also increase in number and intensity.
Although no one will be completely safe from threats to computer security (unless one decides to completely disconnect from the Internet), it is the companies and public administrations that are most exposed to this type of attack and those that will suffer the most from its consequences. economic and reputational.
But what are the threats to cybersecurity in 2022? According to the report prepared by the security company Check Point, the trends for next year will be led by ransomware, attacks on the supply chain, attacks based on exploiting fake news, exploitation of vulnerabilities and an increase in calls cyber cold war
supply chain attacks
In 2021 we have already seen some of the most notorious supply chain attacks, such as those suffered by SolarWinds vendors Codecov and Kaseya. The danger of these attacks lies in the fact that they not only affect the service provider company, but also those that depend on them, thus spreading the attack throughout the chain and affecting countless companies, public entities and individuals.
These attacks, sophisticated and with the potential to cause serious damage to countless victims, could lead (or should) governments to create much stricter and more demanding regulatory frameworks with the security measures of companies, to protect vulnerable networks and avoid the failure or interruption of essential services.
Digitization, especially that which had to be done quickly and urgently when lockdowns were imposed by Covid-19 and the need to telework in order to continue operating, have resulted in an increase in security breaches. This leads companies and administrations to have to invest more money not only in preventing these breaches, but also in recovery protocols, including the need to pay a ransom if they have been victims of ransomware and face possible administrative sanctions.
Speaking of ransomware attacks , these have already featured in many of the news about computer attacks during 2021 and the trend, according to experts, is that this type of attack continues to increase. They have become a lucrative source of income for various groups of cybercriminals, since they not only get money in exchange for unlocking encrypted systems, but also for not publishing the information that they have managed to exfiltrate during the attack process or for selling it on the internet. darkweb.
In addition, ransomware has become one of the products offered on the dark web as MaaS (malware as a service or malware as a service), which means that cybercriminals with less technical knowledge can also use this type of attack.
cyber cold war
Tensions seem to grow between different countries in the international arena and this is also reflected in the digital plane; the so-called “cyber cold war” seems to be intensifying at the same time and that leads experts, by 2022, to predict that there will be an increase in cyber attacks sponsored by some States to damage key or critical infrastructure of other governments, such as gas pipelines , pipelines and power plants.
Fake news (false news or disinformation) is not exactly a threat to cybersecurity, but cybercriminals do take advantage of it to carry out other types of attacks, especially phishing and other scams related to the theft of data and credentials.
An example of this is the disinformation surrounding Covid-19 and vaccines and the sale of false Covid or vaccination certificates on the dark web, some of them accompanied by malware to be installed on the devices of their buyers.
Deepfakes , thanks to the development of the technology that makes them possible, are increasingly sophisticated and difficult to detect, which means that cyberattacks based on them are going to become more common. We already have examples of this in 2021, with company workers who were deceived by a telephone deepfake, in which the cybercriminal, using the voice of a manager or superior, pretended to be that person to request money transfers.
Deepfakes also have the potential to influence people through social media by damaging the image and reputation of their victims.
Cryptocurrencies and other types of crypto assets, such as NFTs, are becoming more and more popular and reaching more people, who decide to invest in them. This has caused cybercriminals to also focus on them and design attacks to steal crypto assets from exchanges and user wallets. One of these attacks is carried out using free NFTs that are used as an entry vector to steal users’ wallets by taking advantage of security flaws or vulnerabilities.
Vulnerabilities, especially those present in containers and cloud services, are another target for cybersecurity threats in 2022, since more and more companies and public entities depend on so-called cloud services and, many times, these are left out of control. organization’s information security strategy. Cybercriminals know this and have started attacking and exploiting the vulnerabilities that these sites and services may present.
Hybrid environments and mobility
Remote work, both in its full format and in its hybrid format, has brought with it new weak points, especially related to attacks on remote desktop applications and mobile devices, so this trend is expected to continue to rise by 2022.
In this case, the weak point is the employee who does not apply or does not follow the instructions and security measures implemented by the company and can leave the door open to all kinds of attacks whose objective is to penetrate the company’s internal network to achieve their targets, often related to ransomware attacks or exfiltration of sensitive information.
Malicious use of defense tools
Defense tools were designed to test an entity’s cybersecurity measures, however, cybercriminals also exploit them to their advantage and use them to launch much more efficient cyberattacks. It is a trend that has been increasing throughout 2021 and it seems that it will continue to grow in 2022, since it allows you to customize these tools to penetrate the defenses of entities “more easily”.
As in other threats that we have seen throughout this article, they are mainly used to launch ransomware attacks and exfiltrate data.
These are the predictions of cybersecurity threats in 2022, a year in which all experts agree that cyberattacks will continue to increase and that the tools and technologies to carry them out will become more sophisticated. It is up to the organizations and their CISO and RSI (responsible for information security) to create strategies and implement security measures that prevent these threats and reduce their impact, in addition to training and raising awareness among the entire workforce of the importance of follow the security protocols implemented.