One thing is for sure – 2021 has surprised us in many ways. Technology has been more used and more useful to people than ever, especially because of the pandemic. As a result of this, we’ve witnessed tremendous digital transformation across a variety of sectors.
Start with remote workplaces to apps and tools that helped people do their tasks more effectively, it goes without saying that 2021 was a remarkable year for technology.
Right alongside rising trends and usage, cyber security threats are developing and increasing. GovTech’s article on predictions for cyber threats for this year makes it evident that we have a lot ahead of us.
Based on what was trending in the cybersecurity world in the past months, and the threats that are anticipated for the future, here’s a rundown of what we can expect in 2022.
1. Stricter and more numerous regulatory data privacy and security enforcements
The cyber-world has focused greatly on security in these last couple of years. Data privacy laws are now a lot different from before. They are strengthened, lengthened, and improved in many regions around the world.
Failure to follow the laws and regulations now results in high fines and lawsuits. In many cases, this even leads to the prohibition in using websites – or keeping them online.
If you want to get acquainted with what’s announced and planned in terms of data security in 2022, reading Osano’s article on data privacy laws is a great start. Nowadays, virtually every country in the US, Europe, and worldwide has enacted and improved its data privacy laws at least a bit.
As technology users, it is our responsibility to learn about the laws and regulations. They exist to regulate how websites collect the information, what control subjects have over information, and what risks exist that said information won’t remain private.
There are tons to be learned in terms of privacy laws right now, and we can expect this to develop further in the months that follow. Right now, we are already witnessing increased obligations for privacy compliance based on the California Privacy Rights Act or CPRA, the Colorado Privacy Act or ColoPa, etc.
2. Ransomware on the rise
When it comes to cybersecurity trends, there hasn’t been a more meteoric threat to us in the last decade than ransomware. US Treasury’s financial trends article on ransomware states that $2.2 million were paid to cybercriminals on a daily basis!
The CyberCrime magazine goes as far as to say that these numbers will only increase throughout the new decade. They estimate that the cost will reach – and surpass $265 billion in 10 years.
So yes, we will need stronger and more advanced tech safeguards to prevent – or at least minimize ransomware attacks on our data. Security awareness is being emphasized as we speak, with numerous training programs and educational methods of keeping organizations and individuals informed.
These issues have proven to be severe and as a result, 2022 will most likely bring continued action by various governments and cybersecurity experts. They will address all sorts of issues related to this, undoubtedly including the cryptocurrency role and trade sanctions in this matter.
On top of this, we can expect more tightened measures in the cyber insurance market. This is already unraveling in the European Union. The Union is working on cyber policies that are more expensive and more difficult, but offering coverage that is less fulsome, and requiring that insurers cover more of the ransom payments.
3. Crypto as the center stage of cyber attacks
Ransomware is definitely a trending matter in the cyber world now, and it is very closely linked to cryptocurrency. Why is this? Cybercriminals used it to extract funds from organizations last year, and a few years before that, which caused the crypto market to skyrocket. Seeing how this is a very private, very anonymous way of getting paid, most of them required their ransom in cryptocurrency.
Take, for example, Colonial Pipeline. This victim was one of the most public, biggest scapegoats of crypto-ransomware schemes. They paid criminals a ransom of around $4.4 million in cryptocurrency.
Despite all efforts, the Department of Justice managed to recover a small portion of this big sum. The list of organizations that have been victimized in this way is enormous. You can read all about it in the CNet’s article on the biggest ransomware attacks.
Not all ransomware attacks are connected with cryptocurrency, but the biggest of them all sure are. It is not only this that makes crypto anonymous with cybercrime. The world has witnessed other types of attacks alongside ransomware.
One example of this is Discord Malware, a case where crypto enthusiasts were directly targeted and turned into victims. To learn more about this malware threat and how to detect it, read TechRadar’s article on the topic.
Also, make sure to check Statista’s list of the biggest crypto cyber attacks:
4. Mobile threat variants becoming more numerous
Do you know how many people use mobile devices on a daily basis nowadays? GSMA Intelligence’s article reports that there are 5.29 billion mobile users in the world at this moment. This makes mobile devices one of the biggest targets of cybercriminals. Tons of the attacks nowadays are made on mobile specifically, and we can only expect this to continue and grow in 2022.
In 2021, McAfee reported that their sample database found over 4,000 mobile threat variants. All this made it evident that we are in a dire need of defending our smart devices. Since we live in a world where smartphones are used for virtually everything connected to technology, not to mention payments, QR code scanning, etc., we should all be on high alert.
In the months that follow, we can expect data privacy laws to focus even more on mobile security, as well as for governments to work toward educating mobile users on how to detect and avoid smartphone cyber threats.
5. More data breach costs for organizations
Data breaches are becoming more grave and expensive for organizations today. It’s not just the criminals that are doing more with what they steal. It is also the privacy laws that include severe penalties for those who didn’t meet the requirements for the protection of customer data.
A data breach has always been a costly thing, but the amount that organizations lose depends on their industry, operating regions, size, and the current privacy laws. One thing is certain – we can expect these numbers to grow at a rapid pace in the years that follow.
The numbers certainly point in this direction. Do you know how much CNA Financial Corp, a big insurance company from the US paid following a ransomware attack? According to Bloomberg’s article on this, they paid over $40 million to criminals who seized control of the network. The worst part was that the company claimed to adhere to all the regulations and laws as a set of regulatory bodies – and this still cost them a fortune!
This puts a huge amount of pressure on organizations that operate in 2022 – and it definitely should. Data privacy laws have higher penalties than ever, and criminals are relentless these days!
6. Social Engineering and phishing attacks are becoming impossible to detect
Even organizations and employees, and even individuals that are familiar with how hackers trick people are struggling these days. Criminals are getting very innovative and sophisticated with their phishing attacks. Everything we know about the social engineering and phishing techniques used in the previous years is outdated now.
This year, we can expect very legit-looking messages that will end up being a cyber threat, which is rather devastating.
For example, there are many messages nowadays that direct the recipients who click on the links to something that appears as ‘HTTPS’. This instantly brings a sense of trust when it is actually a phishing message. Not to mention, criminals have started using known and trusted branding and brand logos.
According to Gone Phishing Tournament’s article, one in five participants click on such an email link.This is a real thing, so we can expect that security awareness training programs of 2022 will include the many new ways that criminals trick people.
All of this makes us wonder – can we expect to be safe in 2022 and the years that follow? The answer is yes, but only if we are aware of cyber threats and know how to protect the most sensitive information. In this accelerated transformation of the digital world, it’s only natural that threats will continue to exist.
However, a silver lining exists – governments, organizations, and individuals can focus on gaining more security awareness and changing the user behaviors to prevent such attacks from happening.
It is not easy, but it never has been. If we clearly communicate how important cyber security is among us, have good training campaigns, and have high engagement in them, this should be at least minimized. A bit of effort can go a long way to safeguard people’s and organizations’ sensitive data – not only in 2022 but also beyond.