Mike Wilson is the Founder & CTO of Enzoic, a cybersecurity company that helps prevent account takeover of employee and customer accounts.
getty
As we kick off the new year, one certainty is that cybersecurity issues are not going anywhere. In 2021 ransomware attacks plagued organizations across the globe and data breaches continued to grow. From the Colonial Pipeline to the JBS beef plants, attacks are happening with alarming regularity. It's clear that no industry is immune from the threat and, as the speed of digital transformation continues to accelerate, cybersecurity woes will continue to escalate in 2022 and beyond.
Let's look at some cybersecurity predictions for the coming year that you need to prepare for based on recent trends.
1. Attacks On Shipping and Transportation Increase
Expect 2021's supply chain crisis to deepen well into this year. Shipping and transportation companies are struggling to navigate the current pandemic-related logistics challenges, while hackers increasingly capitalize on these challenges by launching targeted attacks against these organizations. According to Israeli cybersecurity specialist Naval Dome, attempted cyberattacks on maritime vessels shot up by 400% between February and June of 2020. Be prepared, for example, for a major transportation provider to experience a cybersecurity event that could have a long-term impact on the global supply chain.
2. Ransomware: Government Lends A Hand
The past year underscored that every organization is at risk from a successful ransomware attack. In 2022, governments will jump into the fray, and there will be more cooperation between countries to find, extradite and ultimately prosecute ransomware groups. Offensive government hacking operations against these groups will also continue to increase. This, in turn, will alter the risk/reward calculation and change the behavior of hackers, and they will start to take a more cautious approach regarding whom to target.
3. Insurance Premiums Soar
As a result of the explosive growth in attacks and the rise in premiums, as a result, cybersecurity insurance organizations will need to reevaluate their model. Expect to see a more granular approach with premiums determined by each organization's actions to reduce the threat of a successful attack.
Insurance companies will continue to evolve security best practices and requirements and expect to see discounts linked directly to integrating specific policies and cyber solutions. This shift will drive an uptick in the number of platforms to help mid-sized organizations meet the evolving cybersecurity insurance requirements. These solutions will enable businesses to adapt to the ever-changing threat landscape and require fewer resources to implement.
4. Open Banking Opening Up Vulnerabilities
Financial services organizations have embraced open banking to enable the development of third-party apps. These bring both customer benefits and new security concerns, as API security has been a growing issue in recent years — Gartner predicts that API abuses and related breaches will nearly double within the next two years. In this environment, expect to see an increase in fintech-related account takeover and abuse.
5. Gig Economy 2.0: Hackers for Hire
The gig economy is booming for contract services in a variety of legitimate industries, but bad actors are increasingly getting in on the action.
Hackers-for-hire is emerging as a prime security threat, and it shows no sign of abating given the success of recent ransomware attacks. Heading into 2022, expect to see more mercenary-driven attacks and more creative strategies for recruiting contract hackers, such as the Russian group that created a fake company to recruit IT specialists.
5. Time's Up For Telcos And Identity Verification
As hackers gain access to International Mobile Equipment Identity (IMEI) numbers, be ready for an uptick in SIM-swap attacks. This will lead to threat actors gaining access to two-factor authentication by intercepting one-time passwords using a victim's phone number.
Given that the vast majority of SIM-swap fraud attempts have been successful in tests done by researchers, expect to see greater regulation to protect against these attacks in 2022. The FCC, telecommunications providers, wireless carriers and other stakeholders share a collective responsibility for ensuring consumers' identity is verified before making any changes to the account.
6. Security Basics Are Forgotten In The Rush To Adopt New Innovations
In 2022, there will be an array of AI and ML solutions. However, as organizations rush to integrate these innovations, you can inevitably expect some to ignore or forget about cybersecurity fundamentals. These can span essentials like endpoint detection, credential security and firewalls, which are vital to ensuring the success of emerging technologies and protecting the organization from attack.
It's critical that businesses are mindful of security as they integrate these cutting-edge technologies, otherwise, they will leave themselves exposed.
7. Band-Aid Solutions Cause Slow Security Bleed
The construction, manufacturing and utilities industries have historically been slow to update software or adopt new technologies, which has presented operating challenges as digital transformation efforts increased. These sectors have begun to modernize, but the process exposes many security gaps that hackers will eagerly exploit if organizations fail to address them quickly.
8. Focus On Data Privacy To Expose ATO
Organizations have traditionally relied on evaluating their account takeover (ATO) risk through a loss calculation lens. In 2022, with the increase in regulation around data privacy and new legislation coming to fruition, businesses will need to rethink how they calculate the risk.
Every organization must stay alert to the areas outlined above and keep security top of mind. Otherwise, they run the risk of bad actors exploiting vulnerabilities. Above all else, they must heed the fact that no business, irrespective of industry or location, is immune from the growing threat of a successful cyberattack.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
