The Cybersecurity Forecast for 2022

Companies worried about cybersecurity need scant research to find reasons to support their fears in 2022. This cybersecurity forecast from your NJ Cyber Insurance specialists explores prevalent trends and developments that endanger businesses in 2022. However, we’ll start with positive news in the cybersecurity space for balance.

First, the Good News

The US Boosts Internal and External Cybersecurity Measures

The US government has moved to bolster its military capabilities in response to recent events. In addition to the direction it offers to civilians, government agencies, and business owners, it makes countless guides available online to help improve our nation’s infrastructure. For example, helpful “playbooks” are available from CISAsafe@cisa.org, including the “CISA Policy Playbook,” which provides guidance on best practices for cybersecurity professionals.

Fighting Back Against Ransomware

In 2021, ransomware was a growing and dangerous threat facing organizations of all sizes. To combat it requires coordinated efforts from governmental agencies in different countries to defeat the increasingly sophisticated attackers. For example, a coalition involving the FBI, Interpol, Europol, French, and Ukrainian national police targeted two significant ransomware gangs resulting in multiple seizures, asset recoveries, and arrests. The gangs were responsible for damaging hacks, including $5 million in Bitcoin stolen from exchanges. Bringing international law enforcement organizations together to demonstrate their ability to identify and root out such groups is a most important milestone.

Automating Cyber Defense

Cyber defense and analytics experts now use machine learning to detect cybersecurity “flag” events. Their efforts automate identifying patterns involving unusual incoming activity, abnormal network behavior, and phishing emails and websites. In addition, automating the monitoring of high-volume attacks and filtering “junk data” reduces human stress and increases early detection.

Closing Dark Web Sites

Dark web websites are known to host illicit products, services, and information, including virtual markets for off-the-shelf malware for threat actors to purchase. The US, Germany, Netherlands, and Romania collaborated to take down sites known as the Dark Market, the White House Market, and others that provided resources hackers can use to attack major infrastructures and networks.

Wary Eye Outlook for Cybersecurity in 2022

Weakness in the Business Mesh

As we move into 2022, the business applications mesh—the growing network of integrations that enables automated business processes and data exchanges—is considered one of the weakest links. This mesh provides some lateral movement by attackers and is vulnerable because it is beyond the scope of most enterprises’ security policies. Moreover, it could lead to multiple large-scale security incidents related to a lack of controls in monitoring interconnected data paths among SaaS applications in cloud computing.

IT device manufacturers must beef up security for the connected devices that offer consumers and businesses many benefits because functionality requires connections to the internet via public networks, making them uniquely vulnerable and inviting targets to hackers.

Supply Chains Remain a Prime Target for Cyberattacks

Supply chain enterprises rely on various internal processes, systems, and technology to manage operations, each with potential vulnerabilities. Cybercriminals attack after discovering weaknesses and use them to exploit data breaches, malware infections, and more. The SolarWinds supply chain hack stands out for its size, notoriety, and influence, but others, including Codecov and Kaseya, were notable and damaging supply chain attacks.

Governments must develop new laws to deal with supply chain attacks and cyber security threats. Additionally, it will take the cooperation of international partners and privately held companies to identify and target more threat groups operating at global and regional levels.

Cryptocurrency Growing Pains

Since its inception, cryptocurrency has grown at an incredible pace, with new announcements from companies doing work with or adopting blockchain technology. Unfortunately, there are no guarantees for cryptocurrencies to operate perfectly, meaning there is a risk of significant losses when they don’t. For example, suppose a threat actor finds a vulnerability to exploit within an app designed for trading cryptocurrency. In that case, those who hold virtual money for use with the affected app could lose their funds.

Mobile Devices Are an Inviting Malware Target

Malware attacks on mobile devices will increase as mobile wallets, and new payment platforms become popular. According to an IBM study, half (46%) of companies surveyed reported having at least one employee who downloaded a malicious mobile app. With the growing remote workforce caused by a response to the COVID-19 pandemic, companies saw increases of 50 percent in the number of devices connected to their platforms. Naturally, malware attacks targeting these new devices followed. The growing use of mobile devices incentivizes more people to use them for online transactions. As a result, cybercriminals adapt by developing new ways to steal from them.

Adopting the Zero Trust Principle

The theory of “least privilege” is Security 101 for professionals in training for cybersecurity jobs. The “least privilege” concept dictates giving users the minimum access and functionality necessary to do their jobs. However, even though it is considered a best practice, it does not translate into widespread adoption. As a result, hackers attack organizations that don’t follow basic security practices because they have learned minimal security access provides opportunities for lateral moves that give them elevated levels of access to launch attacks.

Companies seeking a more stringent cybersecurity posture employ a modern information security architecture known as Zero Trust that applies security measures under an “assume the breach” context. Instead of waiting for an attack to limit lateral access into more critical systems, it becomes standard for all users.

Zero Trust utilizes techniques such as “micro-segmentation” that segments people into groups based on their online behavior; and “asserted identity” that identifies users by requiring multiple pieces of evidence (e.g., email address). However, the concepts are not new to those with lengthy cybersecurity experience. Still, they are finally becoming closer to “de facto” measures by companies who will identify them as Zero Trust in 2022.

You Can’t Beat Simple

As attackers become increasingly sophisticated in 2022, they’ll still like to target simple, well-known vulnerabilities that will predictably result in being among the year’s most damaging hacks. Common vulnerabilities such as SQL injection, remote code execution, cross-site scripting, etc., continue to exist because developers don’t always write secure code. As a result, organizations must improve their DevSecOps practices and runtime application security to mitigate these risks.

Cyber Insurance Soaring Premiums Not Deterring Sales

A sure sign of increased worry over cybersecurity issues is more companies purchasing more cyber insurance coverage than ever in the face of rising rates.

Cybersecurity insurance companies have seen an increase in payouts for their policies since the rise of ransomware attacks in 2013. As a result of the growing problems, in 2022, getting cyber insurance coverage comes with mandates for updated, current protection procedures, including multi-factor authentication (MFA) for remote access. Without it and other such requirements, clients may not get cyber insurance at the price they want, or at all.

According to a recent S&P study global, insurance companies saw cybersecurity incident losses increase by $50 billion last year. Cybercrime is an increasingly important concern for insurers who raised the rates for standalone cyber insurance policies by 29 percent in 2020, hitting $1.62 billion US dollars in premium. Because of carriers’ new security requirements, companies must now take extra precautions when dealing with their client’s personal information. Not only has the price of insurance increased, but insurers now actively scan and audit clients’ security procedures before providing cyber security-related coverage.

As an experienced agency offering NJ Cyber Insurance coverage and expertise, we are acutely aware of the growing need for our clients to maintain adequate protection against cybercrime. We stand ready to use our status as independent agents to place your business with the best cyber insurance carriers and provide you with comprehensive coverages at competitive rates.

About Dickstein Associates Agency

 Dickstein Associates Agency has distinguished itself as a leading provider of personal and business insurance in the tri-state area since 1965. We pride ourselves on being advocates for our clients and providing them with quality and affordable coverages. As Trusted Choice™ independent insurance agency, we partner with various national and regional carriers, allowing for flexible coverage for each client’s unique circumstances. For more information on how you can leverage all your insurance to work best for you, and how we can secure the best insurance in the marketplace suited to your specific needs and business objectives, contact us today at (800) 862-6662 or www.dicksteininsurance.com.