Whether it was the Colonial Pipeline breach, or the attack on Scotland’s University of The Highlands and Islands, 2021 has been another year of major cybersecurity headlines. However, despite the disastrous consequences for the victims of the year’s breaches, there are at least some indicators that the tide is turning against cyber criminals.
Research from the UK government suggests that impact of attacks may be declining. This is at least partly down to the fact that more businesses are implementing basic cybersecurity hygiene.
So, what will the coming 12 months bring for businesses when it comes to cybersecurity incidents? At FITTS, we work with companies of varying sizes, helping them to protect themselves from potential attacks and breaches. Here are five cybersecurity predictions for 2022.
5 key cybersecurity predictions for 2022
Through conversations with our customers and analysing publicly available data, we have compiled a list five of the most important cybersecurity issues we expect to emerge in the next 12 months.
- Expanded information technology perimeters will start to bite back
The last two years’ lockdowns have permanently changed the way we work, and millions of people have begun connecting to their enterprise IT systems remotely, via VPNs or cloud apps. It’s now accepted that hybrid working (a mix of in-office and remote working) will become the norm for many companies.
This transformation has drastically expanded many firms’ information security perimeter, with people working on their personal devices and connecting to company content over home wi-fi networks. With a much-expanded IT perimeter, companies have more endpoints where potential breaches could occur. And, unfortunately, with more endpoints, cyber criminals have more targets.
We predict that this expansion of perimeters will lead to a rise in cybersecurity breaches for those that have not updated their security posture.
- Remote cybersecurity policies will get more sophisticated
Many organisations are starting to create remote working policies that cover things like work-life balance, location and reimbursement for equipment and hardware. But in 2022 we expect that a growing number of remote work policies will start to include cyber security considerations too (here’s how).
It will become more common for employees to hand over partial control of their personal devices to IT departments, or for companies to provide hardware for staff to use. Employers will also define things like which software licenses staff can use, enforce the use of antivirus software, and staff may need to hand over remote access to IT, among other requirements.
- Patch management will become a top priority
In 2019, a shocking 60% of cybersecurity breaches involved unpatched vulnerabilities. Patching is when an IT vendor releases an update to business technology which fixes known weaknesses in the underlying code. However, many businesses fail to install these patches – either because they lack awareness of the updates or because they do not have the time, skills, or resources in-house to implement them.
Nevertheless, when it comes to cybersecurity, this really is a ‘low-hanging fruit’, which firms can implement quickly and easily, and we expect many more to start doing this regularly.
- The IT skills shortage will continue
We have known for years that shortages in IT skills and a lack of appropriately trained staff are one of the top factors involved in cybersecurity events. Yet, despite hiring efforts from many companies, the problem is only growing. In 2022, existing IT teams will be responsible for more endpoints than ever before, with more software, systems and users to keep track of.
- Ransomware and phishing will remain the top cybersecurity risks
A 2020 survey revealed that a new organisation became a victim of ransomware every 10 seconds. The rise in remote working led to a sharp uptick in these kinds of attacks. Staff working from home may have been less vigilant than they would be in the office, and with huge amounts of misinformation circulating online, it was easier than ever for attackers to use sophisticated ‘social engineering’ techniques to access company systems.
Even before the pandemic, these human-focused attacks were the predominant cause of cyber security breaches. Sadly, without additional training and support, we predict many firms will continue to suffer from this sort of attack.
What’s your plan for cybersecurity in 2022?
As our cybersecurity predictions for 2022 above show, cybersecurity will remain a major risk facing organisations in the coming 12 months. The threats are many and varied, and attackers need to breach just one of an ever-expanding range of endpoints to access your systems. Nevertheless, there are reasons to be optimistic.
The decline in incidents last year proves that even basic cybersecurity hygiene can significantly reduce your risk of breaches. And with the right help and support, patches, updates, training and the use of data recovery solutions, you can really minimise the risks facing your business.
FITTS helps organisations across Europe and East Africa to adapt to cybersecurity risks and stay in control of their data. To find out how we can help you mitigate cybersecurity risks in 2022, contact us today.
James Haworth
James has 20 years of experience working within global businesses to deliver strategic digital and infrastructure transformations. With clients spanning Financial Services, Energy, Telecoms, Aerospace and Defence he has a broad array of knowledge and experience across multiple sectors. With a specialisation in security, James has been instrumental in defining, delivering and overseeing the delivery of digital strategies and is a sought-after advisor in a CIO/CTO advisory capacity.
As one of our founders, and our managing director, James focuses his time on delivering the FITTS mission, vision and value promise. James’ visionary and forward-thinking approach is valued by our partners and customers alike. He participates on strategic product boards to help define the future roadmap of existing platforms, alongside new products and services.
As well as our technology and strategy delivery, James is passionate about Diversity and Inclusion and partnering with organisations to ensure that their digital platforms are not just innovative but prioritise people-first.