In 2021, more than one in two companies suffered at least one successful cyberattack. Increasingly numerous and complex cyber threats are proving ever more effective in extorting organizations.
More than ever, understanding the evolution of computer attacks and the means to protect against them is essential for companies. Overview of top cyber threats and advances in cyber security trends in 2022.
The 7 main Cyber Security Trends in 2022
Not all cyber threats pose the same danger to businesses. We take stock of the 7 main computer threats, from the most widespread to the most original.
- Ever more harmful ransomware
Ransomware continues its worrying progression: it represents no less than 79% of cyberattacks recorded, according to Sophos.
Ransomware attacks increased by 60% in the first 6 months of 2021, after increasing by 255% in 2020, according to the latest figures from ANSSI.
In 2022, this cyber threat is evolving and perfecting. We observe the rise of double extortion: the hacker demands a first ransom to decrypt the data, then a second to prevent the data from being resold on the dark web.
Some analysts even mention the emergence of a triple extortion mechanism: in addition to encryption and the threat of data resale, cybercriminals carry out DDoS attacks to increase the pressure on the victim.
These practices could cause up to twice as many victims in 2022, according to a study by the start-up Anozr Way.
- DDoS attacks on the rise
Just like ransomware, Distributed Denial of Service (DDoS) attacks aim to take down company infrastructure.
The cybercriminal sends millions of requests simultaneously to a target. The connection volume is so large that the targeted server cannot respond and ends up becoming unavailable.
DDoS attacks as we know them today have been around for over 20 years. But we are currently witnessing a multiplication and a more complex nature of this type of threat.
Significant fact: the attack surface of Information Systems being both more extensive and diversified, it is logically easier today to generate distributed attacks from many compromised devices available on the Internet.
Some figures speak for themselves: AWS, Amazon’s Cloud entity, had to counter a DDoS attack with a record volume of 2.3 Tbps.
Some studies show that the use of bandwidth to attack a single company is up 49%, and that of the packet rate by 91%.
- Identity theft (or “president fraud”): a classic in cybersecurity
The art of pretending to be someone else does not date from the Internet. But with the global network, this manipulation has taken on a whole new dimension.
The company initially suffers data theft (via a phishing technique, for example), to recover the identity of employees.
The hacker, who may be on the other side of the earth, then pretends to be a collaborator to demand urgent payment. Believing to be dealing with a legitimate request, the requested person complies.
Fake presidents and fake vendor frauds are among the most popular cyber threats. And many companies have been victims: 2 out of 3 suffered at least one fraud attempt in 2021. No doubt identity theft is still something to be taken seriously in 2022.
- More Zero Day vulnerabilities
Unresolved but immediately exploited computer flaws by hackers affect many applications used by the company. These flaws are difficult to counter because they are not well known.
As soon as they are identified, it is essential to apply the security patches published by the manufacturer or to use detection probes. 2021 broke the record for discovered faults, and 2022 should break it again.
- Supply chain attacks up 300%
Supply chain attacks are a new breed of cyber threats targeting business logistics, previously ignored by cybercriminals.
Tensions linked to shortages of electronic components and raw materials (accentuated by the geopolitical context) are putting even more pressure on companies that are already working in just-in-time conditions.
Cybercriminals have understood this and are seeking to disrupt the already fragile supply chain in order to paralyze the company’s products and thus put themselves in a position to demand a ransom.
These attacks have increased by 300% between 2020 and 2021. Everything suggests that this type of attack will continue to progress in 2022.
- Growth of the IoT: an increased exhibition surface
The IoT is a growing sector, and its potential is considerable, especially in the industrial sector. In 2022, more than 12 billion objects are connected to the internet, according to the firm IoT Analytics.
However, many of them do not have integrated security, especially in the industrial and health sector. In other words, unsecured connected objects are all gateways to companies’ IS: a godsend for hackers!
In 2021, the volume and attack surface using IoT malware increased by 700%, according to a Zscaler report. This trend is expected to increase in 2022.
- Attacks boosted by artificial intelligence
Hackers are increasingly using artificial intelligence (AI) to spot targets and automate attacks on an even larger scale.
This is a real-time and money saver for them! AI helps them develop malware (early launch anti malware) and clever infection and phishing scripts, bypass security filters, and manage and expand networks of botnets (zombie machines). In 2021, botnets reportedly participated in over 2.8 million DDoS attacks.
While computer threats are ever more numerous, and sophisticated and the surface of exposure is constantly increasing, new technologies are emerging to meet the cybersecurity needs of companies: cyberthreats are evolving, and so are the means of protection!
The new means of protection of the IS
The new means of protection reinforce the surveillance of the IS. The SASE architecture and the Next Generation SOC represent two important advances in cybersecurity.
By offering better protection for terminals, the physical network, and remote servers, these solutions adapt to changes in companies’ IS.
SASE: centralized management of cybersecurity in the Cloud
When it comes to cybersecurity, complexity is a risk factor. While the digital transformation of companies continues to evolve IS companies, are increasingly using the services of many cloud providers to store their data and business applications.
The result is an increase in the exposure surface and an increased complexity of cybersecurity management: cyber risk increases.
Faced with this evolution, the Secure Access Service Edge (SASE, pronounced “SASSI”) is emerging as the major cybersecurity trend of 2022.
The SASE promise is simple: manage all of your company’s cybersecurity from a single Cloud platform.
The SASE brings together a set of innovative cybersecurity and network technologies, controlled from a centralized management interface. These technologies include the following 3 network security tools:
- The NG SWG (Next Gen Secure Web Gateway) next-generation secure web gateway aims to protect web and cloud traffic (web filtering, antivirus, DLP, firewall).
- The CASB (Cloud Access Security Broker) secures the company’s SaaS and IaaS applications.
- ZTNA (Zero Trust Network Access) technology handles connections between employees authorized to access specific applications.
In summary, the SASE is ideal for enabling your company to successfully migrate to the Cloud or manage a very heterogeneous fleet of teleworkers or international nomads while guaranteeing the security of data and applications from a single management console.
By simplifying the organization of your infrastructures, you effectively define your security policy for all your users and thus reduce your exposure to risks.