From the Colonial Pipeline, JBS and Kaseya ransomware attacks to the massive Microsoft Exchange data breach, it’s safe to say 2021 was a tumultuous year for the cybersecurity community. Global losses from cyberattacks were projected to exceed $6 trillion, a $5 trillion increase from 2020, as cybercriminals, insider threat actors, and nation-state attackers capitalized on the vulnerabilities created by distributed work environments and an evolving threat landscape. In turn, 2022 will be critical for adopting proactive cyber defense approaches – particularly in the data security space – to strengthen America’s cybersecurity posture and help level the playing field against our adversaries.
Below are five emerging cyber trends to watch this year on behalf of RackTop Chief Technology Officer Jonathan Halstuch.
1. The Dire Need for Data-Centric Zero Trust
Further aligning our cyber defense models with an evolving threat landscape will be an imminent need across cybersecurity in 2022. With the current state of Zero Trust, narrow investments on just two-factor authentication, ZTNA, and other network-based approaches fail to protect unstructured data. Making measurable strides in 2022 will require a foundational shift to data-centric Zero Trust approaches that better secure high-value data assets sought after by cybercriminals. By shifting to data-centric Zero Trust with innovative cyberstorage solutions that integrate enhanced levels of control to data security, organizations can enhance their ability to prevent, identify, mitigate, and recover from attacks.
2. A False Sense of (Cyber)Security About Ransomware
Expect more visible ransomware attacks that affect enterprise revenues and the ability to deliver goods or services. In 2021, a false sense of security across the public and private sectors was a key component to the meteoric rise of ransomware. Unfortunately, that complacency still exists today as most companies believe merely increasing their cyber spend will alleviate vulnerability to attacks. However, investments in legacy technologies without a comprehensive security architecture only make the problem worse and doesn’t address the real root of the problem – unprotected data. Until organizations target their cyber budgets more efficiently with a bigger emphasis on securing high-value data assets, the ransomware-as-a-service (RaaS) digital extortion model will continue to cause chaos.
3. Lack of Data Security Within Federal Cyber Initiatives
Last year, the federal government appeared to finally take cybersecurity seriously. New initiatives like President Biden’s Executive Orders, CISA’s Joint Cyber Defense Collective, the Cyberspace Solarium Commission, stricter regulations on incident reporting, the creation of the first-ever National Cyber Director position, and the White House cybersecurity summit with corporate giants were all positive steps in the right direction. In 2022, leaders of the public and private sectors could build on that progress by leveraging their innovation and expertise to help proactively combat adversaries. However, impactful progress cannot be accomplished without appropriate funding and more urgency for data security and data-centric Zero Trust policies.
4. More Cyber Expertise at the C-Suite Level
My fellow RackTop co-founder, CEO Eric Bednash, recently wrote about the importance of building a “cyber dream team” within your organization. I think the cyber winners of 2022 will be the organizations that do exactly that – taking proactive steps to build a more diverse presence of high-level cybersecurity experts within their C-suite and IT leadership. By integrating more expertise into organizational policies and cyber-related decisions, they will better position themselves to formulate effective data security strategies that address vulnerabilities and align with the threat landscape.
5. Increased Targeting of Smaller Supply Chain Entities
In contrast to the spike in attacks on large suppliers over the past year, 2022 will feature a notable increase in attacks on smaller entities of the supply chain ecosystem. The largest enterprises and major utilities have the resources to implement IT defense mechanisms of major critical infrastructure — electrical grids, water treatment plants, oil refineries, and healthcare facilities — are designed to protect high-value targets on the supply chain. However, their smaller partners and service providers and downstream supplies often lack the resources to maintain the same level of protection. Attackers will capitalize on that imbalance and target exfiltration points in an effort to gain access to the wider supply chain network.