For many organisations in the UK and around the world 2021 was undoubtedly an incredibly tumultuous year. The pandemic hit the UK economy hard, with companies needing to flip between being in and out of lockdown at various points throughout the year. Global trade took a hit, not just because the infamous Ever Given was stuck in the Suez Canal for almost a week, but also because the strain on supply chains became unmanageable. And, on top of that, 2021 saw some of the most prolific cyber attacks in recent years, including the entire Twitch user data base being stolen and ransomware shutting down Colonial Pipeline, the largest fuel pipeline in the US.
With data breaches, ransomware attacks, and phishing scams sadly becoming a regular occurrence in the news, businesses are becoming desensitised to these threats, and a certain degree of cyber security fatigue is starting to set in. Many organisations in the UK are resigning themselves to the fact that this is just the reality of doing business in modern times. But the truth is that the threats out there have never been more dangerous and the need to act never been more urgent than right now. With that in mind, here are five key trends that are set to dominate the cyber security space in 2022.
Ransomware attacks are highly effective, lucrative, and relatively easy to execute. As a result, they continue to be on the rise and the UK’s National Cyber Security Centre has recently disclosed that helping organisations deal with ransomware attacks has dominated its activities this year. In 2022 the number of attacks will continue to grow significantly, especially given the number of connected IoT devices that can be used as a stepping stone for bad actors to gain access to company systems. While there is no silver bullet against ransomware attacks, organisations need to invest in powerful device visibility and control solutions to adequately protect themselves against this growing threat.
2022 cyber surge of ransomware
2. Supply chain attacks
A golden rule of cyber security is that hackers will always look for the easiest, most efficient way to breach a system or device. As organisations continue to boost their own defences, bad actors increasingly target the weakest link within a supply chain, causing widespread disruption across multiple companies and increasing their chances of a lucrative pay out. While many vulnerabilities were found in TCP/IP stacks and RTOSesin 2020 and 2021, cyber criminals are likely to target common implementations of application-layer protocols and industry-specific SDKs used in OT devices in 2022. Organisations across a whole supply chain network need to work closely together and implement stringent policies and deploy potent cyber security tools in order to protect themselves – and each other – from these attacks.
3. OT and IT convergence
The convergence of Operational Technology and IT has gradually become a key industry topic in recent years. Devices and systems that are decades old and weren’t designed with security and modern cyber attacks in mind are suddenly becoming connected, often including underlying vulnerabilities that bad actors will all too happily exploit. With OT and IT teams still often operating separately across many organisations, IT and OT security leaders will need to break open these silos and consolidate teams, policies, tools, and reporting to offer their organisation holistic protection from cyber attacks targeting connected devices.
The challenge of the hybrid workplace for security teams
4. Zero trust
Zero trust has made a big splash this year and is set to become one of the cyber security buzz words of 2022. At its core, the zero trust security model is incredibly powerful at preventing successful data breaches as it only gives devices access to those systems that they actually need access to, eliminating the possibility for bad actors to move laterally across networks after compromising a device. As this approach to cyber security matures and becomes more widespread, organisations will need to make sure they deploy the right solutions to help them on their journey to zero trust. The key to success with this approach is to ensure a mix between Policy Enforcement Point (PEP) and Policy Decision Point (PDP) solutions that implement a zero trust policy on both the micro and macro level of an ecosystem.
5. Hybrid work
Due to the pandemic, remote work has become widespread across the UK in a relatively short period of time. This has caused a scramble amongst cyber security professionals trying to frantically secure millions of devices that were suddenly using private networks to access sensitive company information. With lockdowns lifting and company offices opening up again, hybrid work, which increases flexibility, productivity, and employee happiness, will be the modus operandi for most organisations in 2022 and beyond. This will pose a significant challenge for IT and cyber security teams that need to deploy a wide variety of policies and tools, based on where devices are based. It is crucial that these teams have powerful and extensive device visibility and control solutions in place that give them a holistic view of every device and its potential vulnerabilities to ensure organisations continue to be protected against cyber attacks, no matter where their employees might be based.