The cybersecurity landscape is forever changing.
But the last few years, in particular, have seen some dramatic shifts. Unforeseen world events have accelerated already growing trends, completely changing the work environment and bringing new cyber risks.
Business leaders need to be aware of the latest cybersecurity trends to protect their organization and employees.
Below are seven trends shaping the cybersecurity landscape in 2022:
- Cybersecurity talent shortage
- Cybersecurity is becoming a popular topic in board rooms
- Hybrid working brings great security challenges
- Increase in ransomware frequency and demand amounts
- Human error continues to be a risk
- Expansion in attack surfaces
- Cybersecurity mesh
#1 Cybersecurity talent shortage
The cybersecurity job market has been suffering from a lack of talent for years. But the shortage has never been more evident.
With the rapid increase in cyber threats, companies and governments are rushing to recruit talent. Yet, a rising number of job postings remain unfilled for months.
There are signs of improvement as 700,000 professionals have entered the field in the last 12 months. This has decreased the Cybersecurity Workforce Gap, which remains very high at 2.72 million.
Organizations will have to look at creative ways to cultivate and grow talent. Some actions to take include:
- Providing on-the-job training for current employees
- Increasing diversity to broaden the talent pool
#2 Cybersecurity is becoming a popular topic in board rooms
Data breaches have cost major companies and industries millions of dollars in damages.
Boards of directors across many organizations are starting to see the importance of cybersecurity. They are now less reluctant to dedicate part of their budget to tackling this issue.
Leadership teams viewed cyber risks as a “what if” scenario in the not-so-distant past. But, recent developments have prompted a more radical outlook.
Today’s leaders must take cyber risks seriously, as they’re the only ones who can make changes on an organizational level.
An insight report published by the World Economic Forum outlines the six principles for cyber risk board governance:
- Include security-aware individuals in decision-making positions
- Understand the economic impact of cyber risk
- Organizational design should support cybersecurity
- Cyber-risk management should align with business needs
- Systemic resilience and cooperation
#3 Hybrid working brings great security challenges
Hybrid and fully-remote positions are becoming the norm. Employees and managers are adapting, but the security risks in those environments remain far greater than in the office.
Employees have now become a significant factor in a company’s risk aversion. Accessing an organization’s data and communication systems from home or public networks leaves the door open for threat actors. Many home devices like printers and cameras are operating on default settings, creating further vulnerabilities.
Businesses have to constantly reassess their security tools and protocols to minimize risk.
Remote workers need to be made aware of these risks and the potential consequences. Using the following security measures is crucial in a hybrid or remote working environment:
- A VPN (which encrypts all data on a device)
- A password manager (which stores all login information in a single, secure location)
- Antivirus software (which detects and deletes malware)
#4 Increase in ransomware frequency and demand amounts
With the emergence of ransomware-as-a-service, attackers no longer have to write their code. RaaS is a paid malware that provides attackers with the necessary ransomware code and infrastructure to carry out attacks at a much higher rate.
The rate of attacks isn’t the only thing that’s on the rise. Demand amounts also keep climbing. In 2021 alone, ransomware attacks cost the world $20 billion.
37% of all companies experienced an attack. The average ransom amount rose to $220,298 in 2021, up by 43% from the year before.
Having a professional incident response support team is critical during and after a ransomware attack. Most companies are unable to support an in-house cybersecurity team. Many of them resort to outsourcing professional cybersecurity companies.
Thus, the cybersecurity sector has been experiencing massive growth in recent years.
#5 Human error continues to be a risk
The 2020 Cost of a Data Breach report by IBM found that human error was responsible for 95% of data breaches.
There are two types of employee errors that could lead to a data breach:
- Skill-based error – occurs when an employee knows the correct course of action but fails to follow it due to a lapse in concentration, negligence, or mistake.
- Decision-based error – occurs when the employee has no idea they’re making a mistake. This happens when the employee doesn’t have the necessary knowledge or doesn’t have enough information.
Making mistakes is human, and companies can’t eliminate the risk of human error. But they can decrease the likelihood of such mistakes.
Business leaders have to ingrain deep security awareness throughout the organization. Brief training videos are rarely enough, and employees often fall back to old habits.
There needs to be a radical change in prioritizing this issue.
#6 Expansion in attack surfaces
In the past, companies only had a few things to worry about: their in-house network and a handful of computers connected to it.
Now, there are dozens, if not hundreds, of devices that hackers can carry out attacks on.
On top of the ones provided by their company, employees often use their personal phones or laptops for work-related tasks. Over half of the global workforce is remote and is reluctant to return to the office. This means that even more devices are connected to a company’s network.
Hackers are using advanced tools and malware, making it easier to breach phones and other devices without much prior information and effort.
Aside from increasing internal risks, companies also have to worry about the rising dependency on external, highly-connected supply chains. This hyper-connectivity makes it easy for attacks to spread between different networks and organizations, jeopardizing large amounts of data.
#7 Cybersecurity mesh
As a response to the attack surface expansion brought by a large number of connected devices, companies are deploying a new cybersecurity approach.
Cybersecurity mesh is a strategy that individually protects each device on the network. It contrasts traditional security practices that try to protect the IT environment as a whole.
Cybersecurity mesh is necessary in the age where remote working and cloud computing is the norm. It’s no longer possible to have a single solution that would protect hundreds, if not thousands, of devices within the IT environment.
Cybersecurity mesh requires creative and user-focused solutions to keep each device safe. Some of the most popular solutions organizations are deploying to secure and verify each device are:
- Multi-factor authentication to verify the identity of users
- Data encryption to protect critical organizational data
- Remote wipe tools to remove all data from a lost or stolen device
- Virtual private networks to encrypt all network traffic
- Least privilege access approach to limit access across the network
- Monitoring tools to detect unusual behavior
Staying on top of the latest trends can be the difference between a data breach and data security. Business leaders have been finding it difficult to do their work calmly as they deal with cybersecurity talent shortages.
Meanwhile, the scope of attacks is getting higher. Human error continues to be the main reason for data breaches.
Making cybersecurity a top priority in board meetings and training employees properly are some of the ways to increase cyber resiliency within an organization.
Organizations should also look to deploy new approaches like cybersecurity mesh to protect an increasingly larger network of devices.
Lizzie Jacira is a cybersecurity expert. After gaining her bachelor’s degree in computer science and starting out as a software developer, she noticed how much top-level managers have yet to learn about cybersecurity, so she shifted her career path to a cybersecurity advisor. As of today, she has helped hundreds of businesses secure their assets and keep up with important trends in the cybersecurity arena.