What are some of the cybersecurity trends we’re seeing emerge in 2022, and certainly leading in from 2021? According to the Identity Theft Resource Center (ITRC) 2021 Data Breach Annual Report, there were more data compromises in the U.S. last year than in any year since the state data breach notice law was enacted in 2003. Key statistics from the report include:
- The number of data compromises increased 68% over 2020
- There were more cyberattack–related data compromises in 2021 than all data compromises in 2020
- The new record number of data compromises is 23% over the previous all-time high
So, with that let’s talk about some 2022 trends.
Ransomware Continues to Go Unchecked
There’s no surprise here. Cybersecurity Ventures predicts there will be a new ransomware attack every 2 seconds as bad actors refine their malware payloads and extortion practices. The firm predicts that ransomware costs will reach $265 billion by 2031, and estimate we suffered $20 billion globally in damages last year.
The average cost we’ve seen so far per ransomware incident is $761,000. What we see is a lot of smaller transactions as well. Most of the ransomware actors target smaller organizations with smaller amounts of money. But often, even if they start out with a small amount for an organization that’s larger, they end up coming back knowing that they’ll pay and they increase the amounts. That’s very common tactic by attackers.
We’re seeing recent reports around EDR and even XDR missing a lot of these new variants that are occurring. That’s really one of the big challenges right now. Ransomware is based on some very common malware: CryproLocker, LockBit, etc. But at the same time, there are so many variants being created, and different techniques being used, traditional SIEM and XDR solutions are too static in nature to detect these ransomware variants.
More Phishing Attacks and Stolen Credentials
The next thing we’re seeing is more phishing attacks and stolen credentials. That’s a big issue as well. The biggest problem with phishing attacks is that they end up being inevitable in terms of initial compromise. When you have a large amount of phishing attacks going after an organization, unfortunately as much as we try to train people not to click on links, phishing attacks are formulated very strongly. They are very tricky. They look legitimate in a lot of cases. So invariably someone does click on a link. And that starts an initial compromise and gets someone into an organization through that system or through that user.
What we’re seeing is that it’s becoming more apparent that credential theft is another mechanism people are subject to in addition to phishing attacks, and very often they’re combined. We’re seeing that there’s been a lot of investment in things like risk scoring and vulnerability assessments. But attackers really aren’t going after vulnerabilities. They’re really going after users through social engineering and phishing and they’re very successful getting in that way.
They might exploit a vulnerability, but the initial compromises isn’t based on that. They are evading all the perimeter defenses and patching that we’re trying to accomplish. They are getting past those things. This really means that investment in threat detection response is more important than ever, and this is where we’re seeing more people focusing.
Give Me More Cloud!
So, we already know that there has been a strong migration to the cloud. We’ve seen that mainly based on the pandemic forcing organizations to support a remote workforce. That’s enabled much more cloud deployment. Companies were moving to the cloud anyway, just for economies of scale. But now they are embracing the cloud because they can make applications available through cloud networks – public cloud specifically – and that growth rate is continuing.
What we are seeing now is that larger organizations are using multi-cloud. They’re spreading their data across multiple cloud systems. Part of that is for uptime, for redundancy, because cloud outages can be extremely impactful to an organization. So, they are spreading their data across multiple clouds. That is a big initiative for this year, especially. It started in 2021. And again, it’s grown significantly and expected to be even higher this year.
The other problem is that 40% of companies in 2021 suffered a cloud-based breach of some sort. Attackers are definitely focusing their efforts on trying to attack cloud systems, because there is a lack of visibility around cloud in general and security controls around all the infrastructure we’ve built up. Every organization is going to face a threat that’s going after their cloud-based networks and systems. That’s what we’re looking at for 2022. It is a very strong focus for attackers so be forewarned.
We’re expecting major problems at certain public cloud vendors. Invariably, there’s going to be at least one high profile attack against one of them. We haven’t seen that quite yet. We’ve seen some attacks on CloudFlare and some other ones, but we’re expecting a major one this year.
Security Teams Remain Understaffed and Overburdened
One thing that hasn’t changed unfortunately, is that security teams continue to be understaffed and overburdened. I’ve written a lot about this over time. A lot of what’s going on is that there are changes in the demographics of the workforce. We have a lot of network security experts, who came from strong networking backgrounds that are retiring quite honestly. In the beginning days of networking where we had ethernet and everything was really strong in the ’90s and 2000s. Well, a lot of that workforce is aging out and we’re getting a new set of folks that are going into (cyber) security.
However, they haven’t had the same network expertise and that trial-by-fire, transitioning into security, learning about security, and growing up in that environment. A lot of them are coming fresh out of college and school, and they’re getting some great training on threats and understanding security in general, but they don’t have that practitioner experience. So that is causing some strain in terms of a lot of junior security analysts are learning in real-time in terms of how to do things and what the impact is on applications, desktops, networks, etc.
I think the other part of it too, is just finding those resources and to fill the demand for security staff. It’s very difficult. This is where we’re seeing that current teams are overburdened significantly. This is fueling, of course, the migration to more managed services. We don’t see that ending anytime soon, it’s going to continue to grow. Certainly, even large enterprises are starting to outsource portions to managed services, but it’s really key that a managed service provider deliver really strong value when organizations are migrating their security components or parts of their program to them.
Help is On the Way
Yes, it’s true – cyberattacks and cybercriminals are getting more and more sophisticated. But so are our defenses. Cybersecurity companies are really upping their game when it comes to developing and delivering real-time, automated, advanced threat detection and response capabilities. Gurucul is thrilled to be at the bleeding edge of the Machine Learning and AI-powered SOC automation front. With the right technology and processes, security teams can protect corporate data and IP from theft, destruction, and ransom.
Need help? Contact us to discuss your needs. We are highly effective in our approach to protecting your IP and corporate assets.