Cyber-Attacks in The Troubled Twenties: What We Learned in 2022

cyber-attacks

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Joseph Carson of Delinea examines the entwined rise in cyber-attacks and the technology behind cybersecurity in the 2020’s, and the biggest trends in 2022.

Premium Content2022 proved to be another unsettled and uncertain twelve months for cybersecurity. Many government agencies, public and private sector organizations, and citizens found themselves victims of cyber-attacks. Unstable political conflicts, economic downturn, and the growth of high-powered and efficient hacker gangs contributed to the uptick of malicious activity. The reality is that cyber threats are increasing at the same time many businesses are becoming completely dependent on digital services, cloud computing, and other technologies to carry out their operations.

These were the key trends that dominated the industry this year.

Expedited Rise of Social Engineering

Social engineering has been on the rise for the past decade, with research revealing that the average organization is targeted by more than 700 social engineering attacks each year. In 2022, social engineering attacks reached new levels. In response, more organizations worked to strengthen their security controls to combat this rampant issue, widely adopting two-factor and multifactor authentication (MFA) to reduce the risks associated with employees’ poor credentials and password hygiene. As attackers face this increase in security controls from organizations, they have adapted their techniques, looking for ways to bypass these additional security challenges through advanced social engineering and exploiting cyber fatigue. This should be a reminder to organizations and businesses that not all 2FA and MFA are created equal.

Cyber Insurance: The New Safety Net

In 2022, the average cost of a data breach reached a record high of US$4.35 million, according to IBM. The need to reduce the financial burden of cyber-attacks led many business leaders to look to the cyber insurance industry to secure a safety net for their organization, in the ever-growing likely event that they fall victim to an attack. This year, cyber insurance became a mandatory requirement for business resilience and continuity. Recent research revealed that 33 percent of IT decision-makers applied for cyber insurance due to requirements from Boards and Executive Management. Furthermore, their policies are getting a workout– almost 80 percent said they have had to use their cyber insurance, and over half of them said they’ve used it more than once. As a result of more cyber insurance policies being introduced and, ultimately, many businesses needing to use them, the cost of cyber insurance is continuing to rise at alarming rates. A trend that will continue next year and beyond.

Information Wars and the Algorithms Social Bubbles

In a world with so many geopolitical tensions and conflicts, we have witnessed a major increase in ‘information wars’, which has become a vital factor in how we perceive our version of reality. Algorithms are not only determining what data we see in our social feeds but also whom we are connected to. Algorithms also now shape our lives more so than any education system or curriculum. As we look through our social feeds, we only see what the algorithms want us to see. We now live in an era of information warfare where our digital society and digital DNA are overtaking our real world.

The Hybrid Workforce and Bring Your Own Office (BYOO)

As a result of COVID-19, in the past few years, we have experienced the explosion of remote working, which has also accelerated digital transformation to cloud services for many organizations. The post-pandemic reality is that we now have a modern hybrid workforce. The new working norm is that employees only go into the office about 3 out of 5 days of the week, if at all. This has resulted in employees’ homes becoming an extension of the workplace and introducing the evolution from Bring Your Own Device (BYOD) to employees needing to Bring Your Own Office (BYOO).

Deep Fakes: New Dangers

The advancements made in the quality of deep fakes in 2022 was another startling discovery. Now, with only a few images and audio clips available on the internet, an attacker can become a digital version of pretty much any individual. We have seen many deep fakes circulating on social media that make identifying the real original version almost impossible without technology assisting in analyzing the video and bits. We now must become aware that any digital video or audio must be validated for authenticity.

Conclusion

Each of these four trends dominated news headlines in 2022 and is set to continue in the new year and beyond. As we approach 2023, now is an ideal time to enhance your security posture. Successfully protecting against modern cyber warfare requires a host of initiatives, including but not limited to, implementing security controls found in least privilege, the creation of a security-first company culture and employee training, robust threat detection and response, and most importantly, operating on the mindset that it is not ‘if’ cyber-criminals will attack but when.

Joseph Carson
Follow Joe