What can we expect in 2022? Are we past the worst or are we just at the beginning of a worrying development? Cyber security professionals are in demand like never before. Michael Scheffler, Country Manager DACH of the data security specialist Varonis Systems, dares four predictions.
And again, a turbulent year lies behind us, which has intensified many of the previous year's trends: We saw supply chain attacks on IT service providers with far-reaching consequences. Ransomware attacks also seemed to know no boundaries, be it in terms of the quantity and quality of victims or the sums required, which reached new highs.
Digital and physical disruptions in supply chains
That year, the attacks on SolarWinds and Kaseya had far-reaching repercussions. Possible attackers have learned from this that it is to be feared that there will also be significant disruptions in the digital supply chains in 2022. Cyber criminals always want to cause the greatest possible damage in order to derive the greatest possible profit. If they can still reach hundreds of victims with a single attack, the cost-benefit calculation is correct from their point of view. In doing so, they will increasingly make use of the cloud and target popular SaaS providers.
But the physical supply chains, which are already under pressure and which are struggling with global bottlenecks as a result of the pandemic, will increasingly become the target of attack. Cyber attacks paralyzed several production lines as early as 2021. We can assume that even more people, both privately and professionally, will feel the effects of cyber attacks in the next year.
Critical infrastructures in the crosshairs
Sure, it is disappointing when the new trainers are out of stock, but that's a small thing compared to cyberattacks that affect electricity and water supplies, infect hospitals and other healthcare facilities, and delay medical treatment and drug delivery. And contrary to assurances to the contrary on the part of cyber criminals, they are no exception for these areas. Rather, the opposite impression is made: attackers choose solvent targets that work with a particular urgency and are therefore more likely to be willing to respond to demands. This is exactly what makes critical infrastructures interesting targets, which they will continue to target, and which they will probably increasingly aim for. It is not only hospitals and energy providers that are caught in the crosshairs, but also manufacturers in the food and beverage industry.
With all of the attention paid to digital attack vectors, we should not ignore the “classic” method, as this has been proven to work best: Cybercriminals recruit insiders and use large sums of money to trick them into disclosing sensitive data that enables attacks. This often hits companies unprepared: When they forget to look outside, they all too often overlook the inside.
Ransomware attacks are rising in line with cryptocurrency prices
Attackers choose the methods that promise the most profit - and ransomware has proven to be one of the most lucrative cyberattacks of all time. The cryptocurrencies, which are by nature difficult to track, made attacks on this scale possible in the first place. In addition, due to their high price fluctuations, attackers can earn even larger sums of money if the crypto values soar.
Cryptocurrencies are also becoming increasingly popular with private individuals and speculators, but have not yet fully arrived in mainstream finance. Unless governments put in place anti-terrorism and anti-money laundering controls, they will still be the tool of choice for attackers to capitalize on cybercrime. Effective regulation is unlikely to be in place in 2022. Therefore, the financial flows will not dry up. As a result, we have to prepare for more waves of ransomware attacks rocking businesses, governments and critical infrastructures around the world.
Security professionals gain freedom because their skills are so in demand
As cybercrime rises and businesses become more aware of these dangers, the demand for cybersecurity professionals continues to grow. The global shortage of skilled workers in this area is now more than three million specialists. These are more in demand than ever and in the comfortable position of being able to choose their employer in a very targeted manner. Correspondingly, a real competition for top talent has broken out between the companies, which is going to intensify. Salary and benefits are important differentiators, but in order to secure the best talent, companies must also offer their security experts more flexible arrangements for working hours and locations as well as career opportunities. The days of sitting in an office working “nine to five” could be coming to an end, even for many traditional companies. You also need to open up to digital nomads who work from anywhere at flexible hours to balance their personal and business commitments. If “New Work” is currently being hotly debated for the broader workforce, this is especially true for cybersecurity experts.
More at Sophos.com
About Varonis Since its founding in 2005, Varonis has taken a different approach than most IT security providers by placing company data stored both locally and in the cloud at the center of its security strategy: sensitive files and e-mails, confidential customer, patient and Employee data, financial data, strategy and product plans and other intellectual property. The Varonis data security platform (DSP) detects insider threats and cyber attacks through the analysis of data, account activities, telemetry and user behavior, prevents or limits data security breaches by locking sensitive, regulated and outdated data and maintains a secure state of the systems through efficient automation .,