After a record year of cyber-attacks in 2021- from supply chain to ransomware, marked with sophistication not witnessed in the past, 2022 is set to bring its own set of challenges.
Egress CEO, Tony Pepper is of the view that after the major supply chain hacks of 2021, this (supply chain) will become least trusted channel and this will drive adoption of zero-trust methodologies. Egress, is one of the leading providers of intelligent email security solutions. However, buyers should beware vendors that claim to single handedly solve zero trust – instead, organisations will need to layer combinations of technologies to truly achieve.
“In 2022 we’ll see a rise in multi-vector attacks. We’ve already seen hackers combining phishing, smishing and vishing, and the next step will include collaboration platforms. Hybrid work has created huge demand for collaboration tools, and they can be a treasure trove of company data that is often unsecured. Hackers will always follow current trends, and they know to take advantage of changes in the way that organisations store their data, so I expect that we’ll see a rise in attacks targeting these platforms,” pointed out Pepper.
Ransomware, phishing and social engineering attacks will all continue to increase. Major ransomware attacks will continue to dominate the headlines, with criminal gangs trying out new and increasingly inventive ways to turn the screws on their victims. Popular tactics include making threatening calls to company employees, and leaking or selling the organization’s sensitive data online.
“In 2022 we’ll see a disappointing but inevitable continuation of attack vectors that have been plaguing businesses for years. In response to this, we’ll see a renewed focus on preventing ransomware – and because over 90 per cent of malware is delivered via email, organisations will ramp up their anti-phishing defences,” pointed out Steven Malone, VP of Product Management, Egress.
Cyber Training Saturated?
This also raises the question whether cyber training initiatives as we know it have got saturated? According to Malone the answer is yes.
“Cyber training programmes will hit their limit in 2022. Cyberattacks have already outpaced the defence that security awareness training (SAT) can deliver. Despite continued investment in SAT, people continue to pose the biggest cybersecurity risk – and security teams are realising that training isn’t enough to solve the problem,” said Malone. Instead, there will be a focus on de-risking behaviour in place using technology, to provide a safety net for employees as they carry out their work, he said.
