Newsletter & Blog

H2 Newsletter Edition 7

By way of a change, moving away from scams, I thought it would be worthwhile looking at the trends for Cyber security as they start to develop in 2022. Firstly though, some interesting stats from 2021 are making themselves known. I’ve listed some here, with their sources. Although much of this comes from the US, it is equally applicable to the UK, it’s just that UK stats tend to follow.

·     The average cost of a data breach was $4.24 million in 2021, the highest average on record. (IBM)

·     The average time to identify a breach in 2021 was 212 days. (IBM)

·     The average lifecycle of a breach in 2021 was 286 days from identification to containment. (IBM)

·     The likelihood that a cybercrime entity is detected and prosecuted is estimated at around 0.05 percent. (World Economic Forum)

·     Personal data was involved in 45 percent of breaches in 2021. (Verizon)

·     Identity theft rose 42 percent in 2020 compared to the year before. (Insurance Information Institute)

·     Security breaches have increased by 11 percent since 2018 and 67 percent since 2014. (Accenture)

·     64 percent of Americans have never checked to see if they were affected by a data breach. (Varonis)

·     56 percent of companies don’t know what steps to take in the event of a data breach. (Varonis)

Now of course, not everything applies to you, but the UK SME market is just as liable to suffer a breach as anyone else and in fact, evidence suggests that they are more vulnerable because they often lack the expertise to protect themselves adequately.

So what are we seeing emerge as the year progresses and company's recover from COVID:

Ransomware attacks are increasing

Ransomware continues to be one of the biggest cybersecurity trends. The EU Agency for Cybersecurity estimates that there was a 150% spike in ransomware attacks between April 2020 and July 2021. Ransomware is a multi-faceted offensive campaign that could seriously damage a brand’s reputation as well as leaving the victim unable to access vital files. Attackers now operate secondary monetisation channels, auctioning exfiltrated data on the dark web.

 

These attacks are partly becoming more common due to the emergence of ransomware as a service (RaaS) business model. Operators behind RaaS operations lease out or offer subscriptions to their malware creations, meaning more cybercriminals can launch ransomware attacks. The RaaS model will continue to flourish in 2022 due to its lucrative nature and the difficulty of tracking down and prosecuting operators.

Supply chain threats are rising

Cybercriminals increasingly target software supply chains. These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Eighty per cent of IT professionals believe supply chain attacks pose the biggest cyberthreat out there, according to a survey from cybersecurity firm CrowdStrike. So, it’s hardly surprising that supply chain attacks have a place among the key trends affecting the cybersecurity industry in 2022.

Supply chain attacks grabbed peoples attention after the 2020 SolarWinds breach. The attack saw Russian hackers compromise the company’s software systems and add malicious code to it. The hack became one of the biggest cybersecurity breaches of the 21st century. In the end, it affected thousands of organisations, including the US government.

Governments must address critical national infrastructure threats

Cyber threats against critical national infrastructure (CNI) are increasing. CNI includes everything from higher education and financial services to food and defence organisations. The 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI. The attack is part of a bigger trend.

Cybersecurity company Bridewell Consulting estimates that 86% of CNI organisations had detected cyberattacks on their operational technology or industrial control systems in the last year. Moreover, 93% had suffered at least one successful attack.

Zero trust models are in vogue

Zero-trust security models are emerging as long-term solutions to data breaches. It eliminates the concept of trust from an organisation’s network architecture. In a zero-trust world, only authorised individuals can access selected applications. However, implementing zero trust takes time. It took Google five years to complete its adoption of a zero-trust architecture. In 2021, the Biden administration in the US introduced a roadmap for government agencies to deploy zero trust by the end of the 2024 fiscal year. Still, it is one of the biggest trends affecting the cybersecurity space in 2022.

Increasing state-sponsored attacks

The Ukraine-Russia conflict will become a catalyst for increased state-sponsored attacks. Malicious state-sponsored attacks originate from a particular country. They attempt to further that country’s interests. Typically, attackers target the infrastructure, military and businesses of those countries. Iran was the victim of the first successful nationstate attack in 2010, where the highly sophisticated Stuxnet computer worm, reportedly created by the US and Israel took out Iran’s nuclear weapons infrastructure.

More recently, Russian programmers launched a nation-state cyberattack, NotPetya, in Ukraine in 2017. The attack affected Ukraine’s financial, energy, and government institutions but its indiscriminate design caused it to spread, affecting other European and Russian businesses alike. The Ukraine-Russia conflict risks creating similar widespread damage.

The cyber skills shortage continues

A cybersecurity skills shortage haunts the globe. While the gap closed for a second successive year in 2021, the size of the workforce is still 65% below what is needed, according to the cybersecurity professionals group (ISC)².

There are some encouraging developments. In the US, four-year colleges and universities have invested heavily in cybersecurity curriculums and degrees over the past five years. As a result, there should be a growing pipeline of computer science graduates entering the cybersecurity field between now and 2031. In addition, women are expected to represent 30% of the global cybersecurity workforce by 2025, with that figure reaching 35% by 2031.

If you want to know more, or just want to chat things over, give us a call.