Ransomware Readiness: PCI DSS Compliance and a Sound Backup Recovery StrategyMarch 24, 2022
GM Sectec and SecurityScorecard Bolster Design Partnership to Accelerate Global Adoption of Cybersecurity RatingsMarch 24, 2022
Cyber Defense In 2022: Business As Usual?
Héctor Guillermo Martínez, President and Board member | GM Sectec
Feb 8, 2022
New Year, new tactics, same techniques. As we set our gaze on the opportunities and challenges in this new year, we also reflect on the two-year mark of an ongoing pandemic. Now that the "new normal" today seems like business as usual, with its fair share of Covid flareups, we have to continue to think about how cyberattacks have also transitioned into a new normal in our day-to-day lives. The cyber incidents and breaches that happen now on a daily or hourly basis have upended the way we consume technology and our appreciation for how cyber is an organic element of how technology facilitates commerce.
From nation-state actors blurring the lines between the Russia-Ukraine conflict to good old cybercriminals pervasively looking at every angle to impact and profit from global markets, the following threat vectors and industry nuances will present themselves front and center in 2022:
Ransomware And Extortionware/Data Hijacking Are Not Going Away Any Time Soon
Given how popular the work-from-home movement has become and that the enlarged attack surface has provided a better return on investment (RoI) for threat actors in the wild, this attack vector will continue long into the decade. The banking sector has been disproportionately affected, experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.
Furthermore, hackers will likey be emboldened by the string of successful and high-profile attacks last year, including those carried out against Colonial Pipeline, JBS and the NBA. In fact, Cybersecurity Ventures estimates that an attack took place every 11 seconds in 2021. Indeed, we are in for headwinds.
Cyber Insurance Costs Will Escalate
A consistent theme over the past few years has been how organizations protect themselves with cyber insurance policies. What has shifted radically is the velocity at scale on claims related to cyber incidents and breaches across the fold. Multi-national insurance carriers have doubled down on how they pay out over these policies and simply becoming insurable has been an uphill battle during renewal season. One insurance broker believes rates will increase between 50%-150% in 2022. Buckle up, as this will be one bumpy and costly ride.
Fintech And Crypto Will Be Honeypots For Bad Actors
Both of these sectors will continue to evolve with new entrants appearing every day. Underpinned by the growing popularity of cryptocurrencies and the mainstreaming of thin client-based platforms to perform transactions, the opportunity for theft has never been greater. Security continues to be a reactionary control rather than preventative, and certainly, financial technology companies are prioritizing their UI/UX over security.
This leaves the front and back doors open for bad actors to infect and extract. In 2021 alone, financial damages caused by data breaches grew by 10% year on year. Suffice to say that fintechs and crypto wallets must heed the call and ensure they practice a layered cyber hygiene approach.
As 2022 kicks in high gear, the question that remains is will we adopt a proactive approach to security and prepare effectively for the unknown, or will we look to security as a necessary evil and bolster it as a reactive reaction? Certainly, the recent discovery of the Apache log4j vulnerability is a headline not to be missed or taken for granted. Cyber defenders and IT teams across the globe are scrambling to patch weaknesses, which will take months or even years to fully comprehend. Security is and always will be a continuing process over an end state.