While few of us foresaw how widespread or long-lasting the impact of the novel coronavirus first identified in Wuhan, China, in December of 2019 would turn out to be, the cyberattack trends that have followed in the wake of the global COVID-19 pandemic have been more predictable. As organizations adopted new technologies and changed their business models on a massive scale in an effort to keep up with the dramatic adaptations that the pandemic necessitated, attackers were as opportunistic as ever. They targeted remote workers, searched for misconfigurations in hastily-implemented cloud infrastructures, and set up COVID-related phishing schemes.
Early in 2021, here at BTB Security, we predicted that both cybersecurity spending and breach numbers would continue to rise. Regrettably, we were right. By October, the number of breaches that had been reported to the Identity Theft Research Center had already surpassed 2020’s total by 17%. And global cybersecurity spending was projected to reach a new peak, growing 12.4% to an all-time high of $150.4 billion according to research from Gartner.
Indeed, many of the trends we’ve seen over the past year represent the culmination of longstanding tendencies. But our industry continues to evolve, and we do believe there are some grounds for optimism in 2022.
Here are the top six cybersecurity trends we observed in 2021.
#1: Ransomware still reigns supreme.
Ransomware attack volumes are up, and payment demands have skyrocketed as criminals have figured out how to target those victims who are most likely to pay. Cybersecurity researchers believe that 2021 is likely to have been the most profitable year in history for ransomware operators, while a string of high-profile attacks have made headlines around the world.
The upside to all this activity is that it’s finally getting attention from senior leadership and boards. Although attackers will continue to innovate, coming up with an ever-expanding array of clever new strategies for extorting profits from their victims, decision-makers are taking notice of the seriousness of the financial risks their organizations face. Let’s strike while the iron is hot by taking advantage of this newfound interest to invest in shoring up policies, strengthening cyber hygiene, and implementing technologies that enhance visibility — these are basic steps, but ones that can have a major impact on risk.
#2: There’s increased awareness in the importance of maintaining visibility across complex environments.
With the increasing convergence of technologies has come a greater recognition that cybersecurity monitoring cannot be single-threaded if it is to be effective. Thus, the growth of interest in extended detection and response (XDR) comes as no surprise, since security teams are becoming acutely aware that enhancing visibility is key for improving detection capabilities and reducing risk.
Work-from-home highlighted the importance of leveraging technologies like endpoint detection and response (EDR) since it showed that it’s vital to collect data on system-level processes, behavioral anomalies, and additional context from end-user devices if security teams are to understand what’s going on in highly distributed remote work environments. People are also recognizing that they need to monitor and protect cloud resources to secure today’s computing ecosystems.
#3: The buzzwords are still buzzing — people continue to talk about artificial intelligence (AI) and Zero Trust.
Interest in AI-powered cybersecurity solutions is nothing new. Organizations have long struggled to find, train and retain scarce cybersecurity talent, even if the COVID-19 crisis made these challenges more acute, especially on a global scale. Looking to AI and machine learning (ML) to fill in the gaps by automating rote processes within security operations workflows still shows promise.
Meanwhile, President Biden’s Executive Order on Improving the Nation’s Cybersecurity drew renewed attention to Zero Trust architectures, especially in government agencies (and organizations that look to the public sector as a model of best practices.
Still, terms like AI and Zero Trust don’t have concrete definitions that have been universally agreed upon. Instead, vendors compete to use them in ways that amplify their own solutions (and brand reputation), and that aren’t always as meaningful as we’d like.
#4: There’s greater interest in highly specific niche services.
With a talent gap of an estimated 2.72 million professionals worldwide, the cybersecurity skills shortage is nothing new. What’s different is that when confronting the age-old challenge of finding, training, and retaining talent, today’s organizations tend to be more budget-conscious. As a result, they’re looking for sharply-focused, narrow-scoped service engagements — almost a hybrid between project-based work and staff supplementation. There’s also greater interest in highly-specific skill sets like third-party risk management.
#5: Insurers are getting pickier.
As data breach- and ransomware-related losses continue to climb, cybersecurity insurers are presenting their customers with more detailed and stringent requirements. In the past, insurers had little to say about the use of end-to-end (E2E) encryption during data transmission, but making such detailed stipulations is becoming increasingly common. So is requiring ongoing security monitoring. A growing number of organizations are making decisions about such things on the basis of their insurers’ requirements.
Such requirements are only going to become more intrusive for organizations seeking this sort of coverage.
#6: Software supply chains require more scrutiny than ever.
In 2021, we rang in the New Year with the news of the SolarWinds hack — a major software supply chain incident that impacted thousands of companies and U.S. government agencies, and prompted us to advise our clients to implement and maintain active third-party risk management programs. Incidents like the Kaseya ransomware attack, in which attackers leveraged a vulnerability in software used by managed service providers (MSPs) to monitor their customers’ networks and endpoints to deploy ransomware in thousands of small businesses’ IT environments, reminded us that criminals would continue to try to exploit business relationships — as well as software dependencies — to cause widespread harm.
Late in the year, the news of the Apache Log4j vulnerability reinforced our concern about the software supply chain. In this case, a critical vulnerability within a Java logging library that’s in use in just about every enterprise software application can readily be exploited for remote code execution. Because this vulnerability is challenging to identify, regular scanning is in order — and we should all become more conscious of the “ingredients” within our software.
What will 2022 bring? We can’t say for sure, but we can pretty much guarantee that it’ll be interesting. And we know that our team of experts will be here to help.
To learn more about our extensive managed detection and response (MDR) capabilities as well as our other service offerings, set up a free consultation with one of our industry-leading security experts today.