The plethora of new and evolving cybersecurity threats means that the information security industry must be put on high alert. Increasingly sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more are putting the data and assets of corporations, governments and individuals at constant risk.
The industry continues to suffer from an acute shortage of cybersecurity professionals, and experts warn that the stakes are higher than ever as the cybercrime epidemic risks undermining public faith in ideals.
The nonprofit Information Security Forum, which describes itself as "the world's leading authority on cybersecurity, information security and risk management," warns in its annual Threat Horizon study of the following major threats
With cybercrime-related damage reached $6 trillion in 2021 , let's take a closer look at cybersecurity threats for 2022.
Phishing is becoming increasingly sophisticated. Phishing attacks, in which carefully targeted digital messages are transmitted to get people to click a link that can then install malware or expose sensitive data, are becoming more common.
Now that employees in most organizations are more aware of the dangers of phishing emails or clicking on suspicious links, hackers are upping the ante - using machine learning, for example, to create and distribute convincing fake messages much faster in hopes that recipients will unwittingly compromise their organization's networks and systems. Such attacks allow hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware strategies are evolving. Ransomware attacks are believed to cost victims billions of dollars each year because hackers use technology that allows them to literally steal individual or organization databases and store all the information for ransom. The rise of cryptocurrencies such as Bitcoin has been attributed to fueling ransomware attacks by allowing them to anonymously pay ransom demands.
As companies continue to focus more on creating better protection against ransomware hacks, some experts believe that hackers will increasingly target other potentially lucrative victims, such as the wealthy.
Cryptojacking is a trend in which cybercriminals take over third parties' home or work computers to "mine" cryptocurrency. Because mining cryptocurrency (e.g., bitcoins) requires huge amounts of computer processing power, hackers can make money by secretly copying other people's systems. For businesses, cryptojacking systems can cause serious performance problems and costly downtime as IT works to track and solve the problem.
Cyberphysical attacks. The same technology that has allowed critical infrastructure to be upgraded and computerized also carries risk. The constant threat of hacks into electrical grids, transportation systems, water treatment plants, etc. represents a serious vulnerability for the future. According to a recent report by The New York Times, even America's multi-billion dollar military systems are at risk .
State-sponsored attacks - In addition to hackers seeking to profit by stealing individual and corporate data, entire nations are now using their cyber skills to infiltrate other governments and conduct attacks on critical infrastructure. Cybercrime today poses a serious threat not only to the private sector and individuals, but also to government and the nation as a whole. State-sponsored attacks are expected to increase, with attacks on critical infrastructure being of particular concern.
Many such attacks target government systems and infrastructure, but private sector organizations are also at risk. According to a Thomson Reuters Labs report, "State-sponsored cyberattacks pose a new and significant risk to private enterprises that increasingly challenge those sectors of the business world that are convenient targets for geopolitical problems."
IoT attacks - The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT will reach 75 billion by 2025). These include laptops and tablets, of course, but also routers, webcams, home appliances, smart watches, medical devices, manufacturing equipment, cars, and even home security systems.
Connected devices are convenient for consumers, and many companies are now using them to save money by collecting vast amounts of informative data and streamlining business processes. But more connected devices mean more risk, making IoT networks more vulnerable to cyber intrusions and infections. Being controlled by hackers, IoT devices can be used to create chaos, overload networks or block necessary equipment for financial gain.
Intelligent Medical Devices and Electronic Medical Records (EMRs). The healthcare industry is still in the midst of a major evolution, as most patient medical records are now online and healthcare providers are realizing the benefits of advances in smart medical devices. However, as the healthcare industry adapts to the digital age, a number of privacy, security and cybersecurity threats arise.
According to Carnegie Mellon University's Institute for Software Engineering, "As more devices connect to hospital and clinic networks, patient data and information will become increasingly vulnerable. Of even greater concern is the risk of remote hacking of a device directly connected to a patient. In theory, an attacker could increase or decrease the dose, send electrical signals to the patient or disable vital signs monitoring."
As hospitals and medical facilities are still adapting to digitizing patients' medical records, hackers are exploiting many vulnerabilities in their defenses. And now that patient medical records are almost entirely available online, they are a prime target for hackers because of the sensitive information they contain.
Third parties (vendors, contractors, partners). Third parties, such as vendors and contractors, pose a huge risk to corporations, most of which do not have a secure system or dedicated team to manage these third-party employees.
As cybercriminals become more sophisticated and cybersecurity threats continue to grow, organizations are increasingly aware of the potential threat posed by third parties.
The RiskManagementMonitor.com report, "Third-Party Relationship Security Risks," includes an infographic showing that 60 percent of data breaches involve a third party and that only 52 percent of companies have security standards in place for third-party vendors and suppliers. contractors.
Connected cars and semi-autonomous vehicles - While the unmanned car is just a project, the connected car already is. A connected car uses onboard sensors to optimize its own performance and passenger comfort. This is usually done through embedded, tethered devices or integration with a smartphone. As technology advances, connected cars are becoming more and more common. By 2020, approximately 90 percent of new cars will be connected to the Internet, according to a report titled " 7 Connected Car Trends Fueling the Future."
For hackers, this development in car manufacturing and design means another opportunity to exploit vulnerabilities in unsecured systems and steal sensitive data and/or harm drivers. In addition to security concerns, connected cars pose a serious privacy threat.
As manufacturers rush to market with high-tech cars, not only will the number of connected cars likely increase in 2020, but also the number and severity of system vulnerabilities discovered.
Social Engineering - Hackers are constantly becoming more and more sophisticated, not only in their use of technology, but also in their psychology. Tripwire describes social engineers as "hackers who exploit one weakness that every organization has: human psychology. Using a variety of media, including phone calls and social media, these attackers trick people into offering them access to sensitive information."
There is an acute shortage of cybersecurity professionals. The cybercrime epidemic has escalated rapidly in recent years, and companies and governments have struggled to hire enough qualified professionals to defend against the growing threat. This trend is expected to continue into the future, with some estimates suggesting there are about 1 million unfilled jobs worldwide (potentially growing to 3.5 million by 2022 ).
The severe shortage of skilled cybersecurity professionals continues to be a cause for concern, as a strong, smart digital workforce is essential to combat the more frequent, more complex cybersecurity threats emanating from around the globe.