Several research agencies and leading technology organizations have revealed their cyber security predictions for 2022 and beyond.
Google in August 2021 said it will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security.
Google is also planning to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security.
Microsoft will make an investment of $20 billion over five years to deliver more advanced security tools, says CEO Satya Nadella.
IDC, a leading research firm, said 60 percent of CIOs will multifactor authentication for its efficacy as an essential minimum to counter rising cybersecurity threats by 2022.
60 percent of CIOs will collaborate to use ecosystem capabilities as a critical source of innovation, data sharing, differentiation, and cybersecurity risk management by 2025, IDC said.
The Cyber Security Market size is predicted to reach $539.78 billion by 2030 from $183.34 billion in 2020, says a report in ResearchAndMarkets.com.
Check Point Software Technologies recently released its cyber-security predictions for 2022 detailing the key security challenges that organizations will face over the next year. While cybercriminals continue to leverage the impact of the COVID-19 pandemic, they will also find new opportunities for attack with deepfakes, cryptocurrency, mobile wallets and more.
“In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations’ supply chains and networks to achieve maximum disruption,” said Maya Horowitz, VP Research at Check Point Software.
Check Point Software’s cyber-security predictions for 2022
In 2022, hackers will leverage fake news campaigns like misinformation about COVID-19 vaccination, fake vaccine passport’ certificates, 2020 US presidential election, etc. — in order to execute phishing attacks and scams.
In addition, prior to the 2020 US presidential election, there was surge in malicious election-related domains and the use of “meme camouflage” aimed at shifting public opinion. In the run-up to the US midterm elections in November 2022, these activities will return and unleash misinformation campaigns on social media.
Supply chain attackers use lack of monitoring within an organization’s environment. They can be used to perform any type of cyber-attack, such as data breaches and malware infections. The SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April.
REvil ransomware gang exploited Kaseya, a provider of software for Managed Service Providers (MSPs), to infect over 1,000 customers with ransomware. The group demanded a ransom of $70 million to provide decryption keys for all affected customers.
Supply chain attacks will become more common and governments will begin to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sectors as well as other countries to identify and target more threat groups operating on a global and regional scale.
In 2022, the impact of the infamous Sunburst attack will be revealed. As investigations are still ongoing, security researchers will unveil some of the biggest questions regarding the attack.
The cyber cold war is intensifying, and taking place online as more nation state actors push western governments to continue to destabilize society. Improved infrastructure and technological capabilities will enable terrorists groups and political activists to further their agendas and carry out more sophisticated, widespread attacks.
There will be an increase in larger-scale data breaches. These breaches will have the potential to cost organizations and governments more to recover. In May 2021, US insurance giant paid $40 million in ransom to hackers.
46 percent of organizations had at least one employee download a malicious mobile application in 2021. The move to remote work for almost entire populations across the world during the COVID-19 pandemic saw the mobile attack surface expand dramatically, resulting in 97 percent of organizations facing mobile threats from several attack vectors.
There will be an increase in cryptocurrency related attacks as mobile wallets and mobile payment platforms are used more frequently.
The move to the cloud and DevOps will result in a new form of botnet. With microservices becoming the leading method for application development, and microservices architecture being embraced by Cloud Service Providers (CSPs), attackers are using vulnerabilities found in microservices, to launch their attacks. There will be large-scale attacks targeting CSPs.
Techniques for fake video or audio are advanced enough to be weaponized and used to create targeted content to manipulate opinions, stock prices or worse. A bank manager in the United Arab Emirates fell victim to the threat actor’s scam. Hackers used AI voice cloning to trick the bank manager into transferring $35 million.
Ransomware will grow, despite the efforts of law enforcement to limit this growth. Threat actors will target companies that can afford paying ransom, and ransomware attacks will become more sophisticated in 2022. Hackers will increasingly use penetration tools to customize attacks in real time and to live and work within victim networks.
Leading security company nortonlifelock predicts that the buying and selling of cryptocurrencies has become more accessible than ever before to casual investors, who may be more susceptible to scammers looking to take advantage.
The Covid 19 pandemic has created an environment where remote and online transactions must be accommodated and verified. Electronic identification – or eID – will become the new method of safely and securely allowing people to share their identity.
While the primary goal for cybercriminals is to make money, it can also be a form of protest. Hacktivism and cyber terrorism proliferated in 2021 and will likely continue, if not increase, over the next year.
Scammers have long capitalized on natural disasters, preying on the urgent financial needs of those directly impacted and those looking to support victims through donations.
Artificial intelligence and machine learning are becoming more accessible, and these tools will make it easier for cybercriminals to fuel their attacks, whether it’s sifting through large datasets to develop more personalized attacks or creating more convincing deepfake videos.
As consumers become increasingly aware of online tracking, companies and governments are introducing alternative options and privacy protections, along with more legislation that restricts online tracking.
Baburajan K