Cybersecurity continues to be a key focus for business leaders, as a range of trends affect their approach to boosting their digital defences in 2022. These include the rise of ransomware attacks, the adoption of zero trust models and more state-sponsored attacks amid the Ukraine war.

Ransomware attacks are increasing

Ransomware continues to be one of the biggest cybersecurity trends. The EU Agency for Cybersecurity estimates that there was a 150% spike in ransomware attacks between April 2020 and July 2021. Ransomware is a multi-faceted offensive campaign that could seriously damage a brand’s reputation as well as leaving the victim unable to access vital files. Attackers now operate secondary monetisation channels, auctioning exfiltrated data on the dark web.

These attacks are partly becoming more common due to the emergence of ransomware as a service (RaaS) business model. Operators behind RaaS operations lease out or offer subscriptions to their malware creations, meaning more cybercriminals can launch ransomware attacks. The RaaS model will continue to flourish in 2022 due to its lucrative nature and the difficulty of tracking down and prosecuting operators.

Supply chain threats are rising

Cybercriminals increasingly target software supply chains. These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Eighty per cent of IT professionals believe supply chain attacks pose the biggest cyberthreat out there, according to a survey from cybersecurity firm CrowdStrike. So it’s hardly surprising that supply chain attacks have a place among the key trends affecting the cybersecurity industry in 2022.

Supply chain attacks grabbed peoples attention after the 2020 SolarWinds breach. The attack saw Russian hackers compromise the company’s software systems and add malicious code to it. The hack became one of the biggest cybersecurity breaches of the 21st century. In the end, it affected thousands of organisations, including the US government.

Governments must address critical national infrastructure threats

Cyber threats against critical national infrastructure (CNI) are increasing. CNI includes everything from higher education and financial services to food and defence organisations. The 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI. The attack is part of a bigger trend.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Cybersecurity company Bridewell Consulting estimates that 86% of CNI organisations had detected cyberattacks on their operational technology or industrial control systems in the last year. Moreover, 93% had suffered at least one successful attack.

Zero trust models are in vogue

Zero-trust security models are emerging as long-term solutions to data breaches. It eliminates the concept of trust from an organisation’s network architecture. In a zero-trust world, only authorised individuals can access selected applications. However, implementing zero trust takes time. It took Google five years to complete its adoption of a zero-trust architecture. In 2021, the Biden administration in the US introduced a roadmap for government agencies to deploy zero trust by the end of the 2024 fiscal year. Still, it is one of the biggest trends affecting the cybersecurity space in 2022.

Increasing state-sponsored attacks

The Ukraine-Russia conflict will become a catalyst for increased state-sponsored attacks. Malicious state-sponsored attacks originate from a particular country. They attempt to further that country’s interests. Typically, attackers target the infrastructure, military and businesses of those countries. Iran was the victim of the first successful nationstate attack in 2010, where the highly sophisticated Stuxnet computer worm, reportedly created by the US and Israel took out Iran’s nuclear weapons infrastructure.

More recently, Russian programmers launched a nation-state cyberattack, NotPetya, in Ukraine in 2017. The attack affected Ukraine’s financial, energy, and government institutions but its indiscriminate design caused it to spread, affecting other European and Russian businesses alike. The Ukraine-Russia conflict risks creating similar widespread damage.

The cyber skills shortage continues

A cybersecurity skills shortage haunts the globe. While the gap closed for a second successive year in 2021, the size of the workforce is still 65% below what is needed, according to the cybersecurity professionals group (ISC)².

There are some encouraging developments. In the US, four-year colleges and universities have invested heavily in cybersecurity curriculums and degrees over the past five years. As a result, there should be a growing pipeline of computer science graduates entering the cybersecurity field between now and 2031. In addition, women are expected to represent 30% of the global cybersecurity workforce by 2025, with that figure reaching 35% by 2031.

GlobalData is the parent company of Verdict and its sister publications.