Phishing, ransomware, GDPR threats, the trends observed by cybersecurity players are clear: not only will cyber threats continue to hit public and private organizations in 2022, but they will increase in power. Opposite, the solutions to guard against and defend against it are developing, but better awareness must be generalized and accelerated.
2021, an already record year
The first figures collected show the extent to which computer attacks of all kinds have experienced a record year. The numbers are dizzying. More than $590 million was extorted between January and June 2021 by ransomware, according to a report from the US Treasury Department, which is $170 million more than in 2020. And the number of suspicious activities jumped by 30% d year to year.
For example, the Acer group fell victim to the REvil ransomware with a ransom demand of $50 million. Let us remember the extortion of sensitive data from 1.4 million patients from the Hospitals of Paris, which made the headlines in France. On a different scale, the Pegasus affair shed light on large-scale spying on smartphones. Hackers are never on a break.
Although it is still early to draw up a detailed assessment of cybersecurity in 2021, the National Agency for the Security of Information Systems (Anssi) has already shown that in 2020, the number of computer attacks against companies and French administrations had been multiplied by four compared to 2019. In view of the multiplication of cases over the past twelve months, the 2022 trend is clearly on the rise.
What are the major emerging trends? Do the growth of connected objects and accelerated digitization augur a larger attack surface?
Cybersecurity trends for 2022
Ransomware
If we no longer present them, ransomware will persist despite the means deployed to contain it. Attacks could become more sophisticated and target companies of any size as long as they are able to pay a ransom. Behind this type of attack hides a criminal network that has become organized and professionalized. In particular, it has benefited from the growth of teleworking and the vulnerability of employees isolated at home.
Data leak
They should also increase and again, the flaws will be more impactful and more costly for the organizations affected. For this kind of offensive, it is often the human who is attacked even before the IT infrastructure. Indeed, it is much easier to have spyware installed by someone who is unaware of their mistake, than to search for technical vulnerabilities. Phishing campaigns will therefore be quite common in 2022.
Cryptocurrencies
Cybercriminals will attack more widely virtual currencies whose development continues to progress around the world. With ever more asset holders, crypto portfolio management solutions and transactions, these are all doors to open for hackers.
Mobile devices, apps
In 2022, mobile devices will still be in the sights of hackers. A trend noted by the publisher Check Point which had shown in 2020 that 97% of companies had been confronted with mobile threats using several attack vectors. Not to mention that remote work has highlighted the increase in the attack surface. Each accessible device provides an entry point. 5G and IoT, targeted applications and services will become (very) lucrative. A trend confirmed by McAfee-Fireeye and the Gartner firm. In general, teleworking poses a major security challenge for companies and requires significant consolidation of existing security systems.
cloud
If the cloud has many advantages, it also tends to standardize. This is a boon for cybercriminals who can more easily test their attacks on precisely standardized solutions. In addition, vulnerabilities in the cloud make it possible to launch massive attacks.
deepfake
Deepfake technology is one of the strong threats for 2022. It refers to videos or audio recordings made or modified by artificial intelligence and which can be used to create false content, made credible. Aiming to manipulate, misinform and defame populations and organizations, the deepfake can make people fear the worst in terms of international destabilization.
supply chain
Attacks on supply chains are set to continue to the chagrin of businesses and governments. The sector, which is experiencing a strong digital transformation, has become an object of desire for hackers. Rather than confronting large companies equipped with security, they target their attacks on suppliers, who are likely to have confidential data (accountants, lawyers, etc.)
Social networks
Cybercriminals will continue to use them to infiltrate organizations through fake profiles. Disinformation and fake news campaigns will still be the source of mass phishing practices or scams. We saw it with the example of false vaccination certificates this year.
These trends only confirm the power of cybercriminals, whose professional networks are constantly growing and becoming more structured. To guard against this, private and public organizations must demonstrate greater rigor and focus their efforts on education in good practices. In 2022, it is no longer a question of whether we will be attacked, but when?