The ripples of the COVID-19 pandemic have been felt throughout 2021. As the waves hit, people continued to work from their homes and threat actors exploited every opportunity they could to extract sensitive data. From the Kaseya attack in June to the Log4Shell vulnerability exploits in December, the year 2021 has been victim to some of the most devastating cybersecurity failures of all time. As 2021 comes to an end, we explore rising trends in this article that are likely to materialise in 2022 and leave their impressions for years to come. 

Ransomware and double extortion

The world witnessed a surge in the number of ransomware attacks in 2021, with ransomware-as-a-service becoming a booming industry. However, as companies resorted to better backup practises attackers restored to double extortion - a threat to publicly release sensitive company data if the ransom was not paid. A report by Verizon discovered that 10% of all attacks in 2021 consisted of ransomware which doubled its frequency compared to the previous year and is likely to increase in 2022. 

Threats in a world of IoT

As more devices become part of the internet ecosystem, more consumer data is at risk. The Internet of Things has created multiple access points for sensitive data, allowing malicious activity to be conducted in ways that were previously thought improbable. Devices as mundane as toasters and refrigerators can now be used to gain access to a private network, where users can exploit vulnerabilities or extract sensitive information from devices using the network. With the number of connected devices projected to reach 18 billion in 2022, data will evolve harder to protect. 

AI and ML

The advent of artificial intelligence and the ability to teach machines to perform advanced tasks has allowed entities at each end of the cyber security industry to achieve mean feats. For the security teams, AI and ML have made the identification of vulnerabilities and breaches easier and faster, allowing companies to protect their systems before damage is dealt with. However, threat actors have also been able to leverage the capabilities of AI to create automated systems that attack vulnerable systems. Further, threat actors are increasingly attacking ML systems in the learning phase to damage entire systems rapidly.

The quantum problem

Rising investments in quantum computing have made cybersecurity experts anxious as such advanced computing could mean the end of encryption as we know it. The binary systems that run the world today are not nearly capable of breaking encryptions on secure systems in a single lifetime. However, with the introduction of qubits which can be used to represent a zero and a one at the same time, the data encryption landscape changes completely. Major economies are already taking note of the problem as the US placed export restrictions on eight Chinese quantum computing companies. 

Survival against prevention

The number of cyberattacks is bound to rise and companies need to address this as an endemic situation. Moving into 2022, companies must avoid investing to prevent attacks, and focus their resources on survival and becoming resilient. Leading enterprises are now betting their money on ensuring that business operations continue in the event, creating redundancy plans, investing in backups and preparing business continuity roadmaps to survive in a world of cyber-attacks rather than trying to avoid them.

Risk and business considerations

Data has become one of the most important assets for any company in today's economy. Consequently, more companies are closely monitoring access to their information and how it is shared. Gartner predicts that by 2025 more than 60% of all companies will consider cybersecurity risk a major consideration while engaging with third parties, with cyber risk ratings likely to become just as important as credit ratings. 

The cost of risk

Since the number of cyberattacks is rising, insurance companies are commanding higher premiums for indemnifying data beaches. As per a report, premiums for insurance against cyber attacks rose to 96% in the US within a year. Moreover, insurance companies are requiring companies to install critical control to reduce the damage and/or effects of cyber attacks. 

Trusting the experts

Big business has been more trust in the hands of experts and taking cyber security seriously. As enterprises witness the devastating effects of cyberattacks, more companies have adopted the practice of including technology experts on the board of directors. Further, companies are increasingly considering dedicated cyber security teams that are overseen by qualified board members to improve their cybersecurity posture. 

However, since affordability is a serious consideration for small and medium-sized businesses, they are looking at outsourced solutions to improve their cyber defence strategy. Owing to labour shortages and skill gaps, smaller businesses are unable to afford and even find qualified personnel to handle their security operations. As a result, more of these businesses are relying on outsourced services to protect their data and remain cost-efficient in the process. As per a survey by Cisco, 53% of the companies that outsource their cyber security operations sought third-party services for the prompt response to threats and industry-leading capabilities that helps preserve company data.