Internet security is among the most important topics of our time. Ransomware attacks accounted for approximately $20 billion in global corporate losses in 2021. Each week it seems like another major company or government agency reports a costly attack on its network, resulting in data privacy breaches that expose sensitive details about customers, staff and company financials.
Heading into a new year, digital security concerns are only increasing as vulnerabilities persist and existing popular solutions prove insufficient for stopping criminal activity. Based on our customer engagements, here are four trends that I expect will be top in 2022.
Fixing Vulnerabilities At The Root
Cybersecurity relies on an architecture called the chain of trust, which essentially means each link in a networking system is called on to validate both its preceding and succeeding link, checking them to detect and eradicate malware in disguise. The chain begins at the root with hardware and its performance at startup. As software has not adequately stopped hackers, perhaps the leading trend to watch in 2022 is a shift away from legacy applications and toward a more holistic and comprehensive security network that prioritizes hardware as the cornerstone of anticybercrime action.
Next-generation servers will likely incorporate dedicated security orchestrators in silicon. With a trusted control/compute unit, hardware can be secured at the chip level, preventing illegal penetration of a network. Such security-by-design can help provide additional layers of protection that limit the risk of an attack that targets software applications that are notably weak links in the chain of trust.
For all the great things that software programs do for allowing a company to achieve results and shape business strategies, they are also the most likely targets for a viable attack. As security experts realize that hardware could provide a far thicker level of protection, this change to hardware could quicken in the coming months, though that does not mean companies should stop investing in upgraded software.
More Remote Work Attacks
In its report on cybersecurity threats in 2021, Cisco analysts stated: “In the last year, cybercriminals delivered a wave of cyberattacks that were not just highly coordinated, but far more advanced than ever before seen.” Ransomware invasions occurred in 61% of organizations in 2020. My company’s own research shows that 16.3 billion digital records — including sensitive personal and financial data — were lost globally during 2015-2020. The majority of these data were illegally swiped by hackers.
In the coming 12 months, expect these threats to continue as cybercriminals become bolder and more adept at executing their schemes. Since the pandemic, hackers have adapted far better than employers and governments to the change in humanity’s digital behavior. The health crisis forced employees to work remotely, and it’s not clear that there will be a full-time return to the office even when Covid-19 becomes manageable. As we look to 2022, the cybersecurity threats that took advantage of this remote work dynamic will receive even further attention.
Remote workers were among the first targets of cybercriminals who spotted trends during the pandemic. Employees working outside of the office and during odd hours tended to log into their employers’ network during downtimes in security monitoring. That habit turned them into targets. Cybercriminals could hone in on those vulnerable staffers knowing the network’s security team was absent. As office workers return home, that vulnerability may lessen, but fixes to networks will be among the expenses enterprises undertake after a miserable year of seeing their systems under constant assault.
Modern-day cybercriminals are nimble, operate in small numbers, use updated software and are often relentless with their plots, determined to find an application and method of communication that will convince their victim to let them into the targeted network. The good news is their days of having the upper hand may be numbered. Artificial intelligence is the great hope for the next generation of security solutions. With AI engaged, a system that is charged to make a company’s data impenetrable can provide deep learnings and always-on monitoring of activity.
AI-based actions can include generating proactive reports on the state of the platform, runtime monitoring, verification and attestation on the security state of a platform and the collection and processing of data to enable automated alerts when unusual activity is identified. As AI blossoms as a critical tool for network security, expect it to be so well designed that there will be minimal invasive software updates as well as faster interfaces that remove bottlenecks in the transfer of data. Currently, the available solutions are useful only after an attack has already happened. These solutions are built on legacy interfaces that try to provide only boot-time protection, and they rely on a chain of trust that is not trustworthy.
Clearly, it’s time for a new approach to bring about safe and confidential computing. A shift to AI — a possibility in 2022 — would meet the urgently needed gaps in the cybersecurity industry.
The cybersecurity conundrum is causing anxiety-inducing insecurity among many business and government leaders. The World Economic Forum was clear that the threats are weighing on the minds of executives and academics. In a recent report, it stated: “Cybersecurity complaints to the US Federal Bureau of Investigation more than tripled during the pandemic last year, while the average payment by victims of ransomware jumped 43% in the first quarter of 2021 from the preceding quarter. Attacks on the software supply chain are growing exponentially, and the burgeoning Internet of Things (IoT) and 5G wireless technology offer more vulnerabilities to exploit.”
What those numbers reveal is the most predictable trend in cybersecurity: It’s going to be costly. The learning lesson going forward, though, is that organizations can reduce the fiscal and institutional harm of a cybersecurity hack by investing in upgraded hardware and software, putting trusted computing at the center of how they guard their company, their customers and the entirety of their data.