8 February 2022
Cyber ​​security: what to expect in 2022?

On the one hand the race for technological innovation, on the other the strengthening of criminal attacks on cyber security: the new trends that will influence the digital security sector.

Greater growth in digitization implies an increase in cybercrime techniques and objectives.
Attacks will continue to exploit mostly the same vulnerabilities as in previous years and, not only that, new strategies will emerge that will make 2022 a critical year for corporate digital security.

The Zero-Trust Approach

In the new year it is expected that most companies will finally move to “Zero Trust” , one of the oldest cybersecurity models that assumes the absence of a secure network and according to which every network transaction must be authenticated before can be realized through continuous and rigorous checks.
Based on the principle of ” never trust, always verify “, this model replaces the traditional perimeter defenses which deemed any access “reliable” within a corporate network, since users could move within the same network and tamper with any data they legitimately had access to.
The zero-trust approach provides for the identification and authentication of every single user and device, with the aim of obtaining access as limited as possible and being continuously monitored.

Ransomware, a new type of attack

Although it has already been the subject of debate and legislative activity in 2021, the topic of ransomware attacks will continue to dominate the scene. We are in an era where cybercriminals are no longer limited to setting traps with the familiar phishing and malware techniques that remain the weak points of a company’s cyber security today. Leveraging the extortion of significant data, including credentials, and the violation of the software supply chain, hacker attacks will have an even greater impact on a company’s business by coming into possession of sensitive information that could discredit the same organization.
In light of the considerable ability of ransomware attackers to transfer money, governments are beginning to recognize this common problem and to work together nationwide to provide security on a large scale.

The importance of data backup

The pandemic has shown that cybercrime is always around the corner and does not hesitate to exploit crises to attack critical infrastructure such as healthcare, energy, financial services and education.
To live with the current health emergency it will be necessary to minimize potential attacks aimed at digital security by keeping the aforementioned infrastructures informed on the main protection moves which are summarized in avoiding the theft of credentials, consolidating access to applications and finally back up your data. Carrying out the latter operation is underestimated by most companies and public administrations: BEC (Business Email Compromise)
attacksthey occur due to the lack of offline backups even for important data.

Race to outsource IT security

In 2022 and in the years to come, the XDR (Extended Detection and Response) solution will be adopted in proactive security against cyber risks , which guarantees the company greater production and efficiency during the phases of detection and response to cyber attacks thanks to the integration of different technologies, but from a single manufacturer, developed to cooperate with each other.
The aforementioned holistic approach to threat detection and response, adaptable to any type of business reality, brings countless advantages: first of all, greater protection and efficiency for the company by collecting and relating detections and in-depth data on activities on multiple levels of safety. Emails, servers, endpoints and workloads in the cloud and network, a deep analysis of these data enhances the detection of cyber attacks and consequently improves the investigation and response times of IT security analysts.
Consequently, among the forecasts for the new year, there will be the outsourcing of IT security management of a corporate perimeter through Cyber ​​security as a service services.
In other words, there will be a considerable push towards more robust mechanisms and therefore more outsourcing or acquisition of SOC and security management services in general.
With the term SOC (Security Operation Center)an operations center is indicated through which the IT security management, analysis, monitoring and defense services of a company are ensured. With this SOC, the entire flow of data is analyzed and strict control is exercised on all company devices that access it, identifying and neutralizing cyber security threats before they have an impact on the company. Furthermore, a service of this type provides access to qualified professionals in the sector, continuously updated and trained on new technologies and threats, and therefore provide personalized IT protection.
In fact, a company that adopts cyber security as a service is as if it were orienting itself towards a more efficient security model, as it relies on a supplier that allows for a more incisive and better threat detection and response capability, thanks to the XDR service provider that has higher intelligence capability.

Single factor authentication, an outdated model

In addition to the considerable growth of SMSishing , a type of cyber attack that occurs via malicious text messages (SMS) targeting messaging platforms such as WhatsApp, we will see the failure of single-factor authentication in favor of a hardened solution for recognition and digital identity validation: two-factor authentication (2FA) .
The latter, sometimes referred to as two-step verification or two-factor authentication, is a security tool that requires the user to provide two different authentication factors to verify their identity in order to deny access to malicious parties.

Cybersecurity assessment, the methodology for measuring cyber risk

Measuring the effectiveness of the degree of IT protection is a fundamental aspect that no company should underestimate. This practice, normally known as cybersecurity assessment, uses two different macro-approaches:

  • Qualitative assessment : this approach includes methodologies that aim to enhance subjective elements and aspects that are difficult to measure;
  • Quantitative assessment : unlike the first approach, the quantitative analysis assumes that the evaluation elements are measurable and in the most objective way possible, with the aim of limiting any impairment of the measured data deriving from considerations of a subjective nature.

Qualitative assessment methodologies are often adopted where an assessment process carried out in a “lean” and rapid manner is preferable. On the other hand, quantitative methodologies are more suitable where a quantitative risk measurement is required which includes: loss of turnover, direct economic damage and reputational damage and in addition the identification of mitigation activities that can reduce these risks.
One does not exclude the other, indeed, both approaches constitute solid pillars for an effective cybersecurity assessment.

In conclusion, the battle against cyber criminals continues unstoppable and a safer digital ecosystem must necessarily be built for both private and public entities, enhancing IT security tools such as firewalls, antivirus software, intrusion detection methods but also adequate training for employees of a company to prevent them from falling into so-called cyber traps.

Other News