The end of 2021 brought with it two high-impact events. One was the appearance of the Omicron variant that has led to a resurgence in the number of cases worldwide. Another was the Log4J vulnerability that reminded us of a similar cybersecurity event that occurred at the end of 2020 – the SolarWinds hack.
In spite of these grave situations, when I look back at 2021, I can only feel immense gratitude towards our employees, partners and customers. As we enter 2022, my team and I wish you a happy, healthy, and successful New Year.
I take this opportunity to present some highlights from 2021 and the top trends for 2022.
Significant milestones for the company:
- We acquired the PCI Forensic Investigator (PFI) License which authorizes us to conduct breach investigations which involve card numbers.
- We added clients in the US, Africa, and Middle East to our portfolio and expanded existing relationships.
- We established offices and local presence in Netherlands and Australia.
- We successfully launched our Online Learning Platform.
- Our Cybersecurity Training Programs saw more than 800 professionals attend and get certified.
Significant cybersecurity events:
- The rise in Ransomware Attacks: Throughout the pandemic, a notable 58% of U.S. companies reported a loss of revenue as the direct result of a ransomware attack.
- The exploitation of Zero-Day Vulnerability: At least 66 zero-days have been reported in 2021, almost double the total for 2020 and more than in any other year on record.
- Increasing risks from Supply-Chain Vulnerabilities: The Log4J incident coming nearly a year after the SolarWinds attack highlighted the risk from vulnerable components in use by major vendors.
- Growing cases of Malware Attacks: Over the last year, companies reported that 35% of the attacks used previously unseen malware.
- Compromised Passwords and Data Breaches: According to a data breach analysis from the Identity Theft Resource Centre (ITRC), publicly reported data breaches in the U.S. have climbed to 38% through the second quarter of 2021.
Now, as we move into a better tomorrow, here are five top trends to look out for in 2022.
- The Exponential Growth in Ransomware: Research by PwC indicates that 61% of technology executives predict the rise of ransomware in 2022.
- The Internet of Vulnerable Things: IoT is getting more sophisticated. The number of connected devices is forecast to reach 18 billion by 2022. One result is a hugely increased number of potential access points for cybercriminals looking to attack digital systems.
- Increase in Cloud Services, resulting in Cloud Security Threats: Cloud vulnerability continues to be one of the biggest cyber security industry trends. The rapid and widespread adoption of remote working following the pandemic increased the necessity for cloud-based services and infrastructure drastically, with security implications for organizations.
- Cybersecurity measures will be AI-Powered: AI is and will continue to increasingly counteract cybercrime by identifying patterns of behaviour that signify something out-of-the-ordinary. On the other hand, cybercriminals are also leveraging AI to launch more powerful attacks.
- Regulation starting to catch up with risk: With the cost of cybercrime to global economies set to top $6 trillion in 2021, it is expected that in 2022 regulators will pull out the stops to and release more comprehensive frameworks.
As we take a deep breath and get ready for the next set of challenges, I wish all of us all the very best in this never-ending battle to protect our financial, emotional, and physical well-being.
K. K. Mookhey (PCI QSA, CISA, CISSP, CISM) is the Founder Director at Network Intelligence (www.niiconsulting.com) as well as the Founder of The Institute of Information Security (www.iisecurity.in). He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients in India such as the top 4 private bank, the top 4 public sector banks, the top 5 IT companies, and some of the largest industrial conglomerates. Internationally, he has done consulting and audit engagements for United Nations organizations, numerous Banks and manufacturing firms in the Middle East, as well as various government entities. He has published numerous articles, two books, presented at numerous conferences such as Blackhat, OWASP Asia, ISACA, Interop, and Nullcon.