It was an eventful last year. Between the continued battle against Covid-19, an increase in the remote workforce, and a non-stop barrage of cyberattacks in the headlines, it is enough to make a cybersecurity professional’s head spin.
It seems like every time you turn on the news these days, you hear about a new cyber threat, whether it be from local scam artists targeting non-tech-savvy citizens or nation-state threat actors looking to compromise the nation’s infrastructure.
Unfortunately, the constant influx of cyberattacks is unlikely to stop in 2022. If anything, with more people working from home than ever, we are likely to see an increase.
With all that is going on globally, cybersecurity professionals are needed now more than ever. Yet, according to data gathered under a Commerce Department grant, there are nearly 465,000 unfilled jobs in the cyber field in the U.S. alone.
So, what are the upcoming trends we expect to see in 2022 and what are the disciplines where professionals are needed the most?
Ransomware will continue to rise
I’m sure it will be no surprise to anyone to hear that ransomware was on the rise throughout all of 2021. On average, ransomware attacks were by far the most costly data breaches. According to a report by Verizon, the median loss was $11,150 in 95% of ransomware cases. However, losses ranged anywhere from a low of $70 to a high of $1.2 million.
Organizations found themselves facing evolved ransomware tactics at an incredible rate. The number of ransomware attacks is expected to continue to rise in 2022. One cybersecurity firm, Cybersecurity Ventures, estimates that ransomware costs could reach $265 billion by the year 2031.
The remote workforce will become more secure
So many companies were forced to completely overhaul how they ran their business overnight in the wake of the global pandemic. Organizations that had never allowed employees to work from home were thrust into the world of the remote workforce with zero experience on how to do so securely.
Remote work is terrific. It allows for the freedom and flexibility that so many workers craved. It showed companies that they could still operate at a high-efficiency level without the high cost of office leases. It’s safe to say that many organizations will not return to the traditional office-only work environment anytime soon. Many companies have already stated that they will allow employees to work remotely indefinitely.
However, remote work doesn’t come without risks, especially when implemented quickly without regard for the necessary security infrastructure.
Attackers have a much easier time gaining access to an employee’s home network than a corporate network that often includes firewalls, intrusion prevention systems, SIEMs, and more.
Many employers did not consider these risks when allowing employees to work from home simply because they didn’t have the time to do so. 2022 will be the year to review the current process and implement more secure policies and tools for the remote workforce. Employee security awareness training, VPN implementation, and multifactor authentication can all assist in transitioning the remote workforce to one that doesn’t create an easy entry point for attackers.
Passwords are on the way out
Passwords are slowly, but surely, making their way out. While it’s unlikely we’ll see complete discontinuation of passwords in 2022, we may see a shift from depending on them as a primary security source. And honestly – it’s about time.
Passwords are inherently insecure due to human nature. It’s a lose-lose battle for IT staff to get all employees to use a strong password. Employees want to choose passwords that they find easy to remember. For this reason, they use their pet’s name, their birthday, or the good old “123456”. Yep, that’s right. 123456 is still the most common password in the world, according to NordPass’s Top 200 Password List of 2021.
When employees and users are forced to use stronger passwords, such as those 20 character passwords generated online using a random password generator, they are just too hard for the average person to remember. This leads to individuals writing the passwords down on a sticky note on their desk or in a plaintext word file on their computer. Neither of which is a secure option.
Some alternatives to passwords alone include biometrics, multi-factor authentication, hardware tokens, and more. Expect to see more of those items integrated into security infrastructure in 2022.
What happens next?
The cybersecurity world is constantly changing, and whether you are trying to break into the field for the first time or simply looking for a way to advance your career, you can follow a few simple steps:
1. Stay up to date on cyber news
The best way to understand what you are up against as a cyber professional is to stay updated on the cyber news. Major news sites like the Daily Swig or Cyware Social report on large-scale breaches or zero-days, but following respected security researcher blogs can provide insight into trending threats that haven’t yet made the headlines.
2. Never stop learning
Cybersecurity is constantly evolving, and new threats are regularly appearing. Unfortunately, it’s impossible to know everything about cybersecurity, so it is essential to continue your education whether you are just starting out or have been in the field for decades.
3. Pursue certifications
While a piece of paper won’t provide you any real-world protection against malicious actors, it can help show employers that you are invested in learning. Preparing for certifications can also help guide you where your knowledge gaps exist. Reviewing the list of CompTIA certifications available is a great place to start.
4. Stay vigilant
Vigilance is vital when dealing with threat actors. Criminals don’t take off weekends and holidays. In fact, we often see a rise in attacks during those times, so it’s crucial to always stay on your toes.