Outlook for 2022
The corona pandemic has brought numerous changes to the world of work. Companies have changed their working models and changed the course of work processes. Even companies that have been critical of remote work and have preferably worked conservatively have changed their attitude towards the possibilities of increasing digitization in the face of contact restrictions and lockdowns. Even in traditionally working companies, it is now common practice to enable employees to work from home. According to the Infection Protection Act, employers are even obliged to offer a home office. Some companies have already practiced hybrid working or pure home office before the pandemic. Many years of experience with this working model enabled these companies to ensure appropriate security of their network. However, this is by no means the gold standard for a large number of companies – many lack not only experience, but also the necessary knowledge. In addition, even those companies whose networks are well protected against external attacks are often no longer able to keep up with the increasing threat of increasingly sophisticated attacks by criminal hackers. The coming year holds some challenges for companies to ensure IT security and protect sensitive data.
in 2022, unnoticed ransomware attacks will increase
In 2022, ransomware groups will try to operate unnoticed by the media and governments. They want to make money as easily as possible. So they are less likely to attack large organizations that would subsequently make national headlines. Next year, as expected, more medium-sized companies in a variety of industries will be infected with ransomware.
Critical infrastructures (KRITIS) are becoming the focus of criminal actors. According to a report by the BSI, attacks on operators of critical infrastructures are just as rewarding for the hackers as those on other companies. Traditional industries are therefore no longer the primary targets of attack. Industries such as manufacturing and agriculture are most likely to be at risk, especially since they have traditionally not kept pace with compliance with safety regulations.
In 2022, there will also be more ransomware attacks on private networks and devices than on corporate systems. Threat actors exploit unpatched systems and vulnerabilities. Remote employees are then just one click away from becoming victims of a ransomware attack – and unintentionally handing over their company to malicious actors. As a direct response, national governments will go on a “cyber offensive” to bring down ransomware gangs over the next year.
“Great Resignation” – in 2022, companies will lose many employees and be even more affected by cyber attacks
Many companies have lost many of their best employees in 2021. In the coming year, a direct link between staff turnover and cyber incidents will become apparent. New employees are less familiar with the security protocols, and existing employees are becoming more and more tired of adhering to the employee guidelines exactly. In 2022, the costs for replacing an employee must therefore go beyond the recruitment and training costs. In addition, the potential costs for the company in the event of cyber incidents must be taken into account. After hiring new employees, companies have to attach twice as much importance to training and familiarization.
in 2022, companies will use automation to close skills gaps
The era of teleworking has exacerbated the problem of human error in protecting sensitive data. When building a robust cybersecurity system, automation is already a key component. It enables more precise detection of threats and helps to minimize risks by limiting human involvement in the security process. This allows companies to ensure that they are always one step ahead of cyber attacks and are protected when they occur. In 2022, the continuing shortage of skilled workers in the IT sector will probably prompt companies to automate their security strategies and framework conditions to a greater extent. Large companies are striving for complete automation of their cybersecurity systems.
2022 will be the year of mandatory multi-factor authentication
Companies have long struggled with the implementation of multi-factor authentication (MFA) in order to create a balance between data protection and user-friendliness and comfort for employees. However, in 2022, major industry players such as Google and Salesforce decide to make MFA a prerequisite for accessing certain services. As attacks on businesses increase, they need to rethink their security practices, especially with the increase in remote and hybrid work.
in 2022, patents will become a challenge at the quantum level
It is expected that in 2022 the National Institute of Standards and Technology (NIST) will announce its winner among the post-quantum encryption algorithms. True, this will not have an immediate effect – typical consumers will not notice any changes in functionality if it is implemented seamlessly. Nevertheless, developments and changes in the infrastructure will be visible in the future. The “quantum race” is in full swing and will only get faster.
In the case of the post-quantum algorithm, it has so far been ignored that there may be an interweaving of patents. As with the introduction of the COVID-19 vaccine, a company must pay the patent holder before the introduction. This will be a hurdle for the worldwide introduction and will make many companies vulnerable in the post-quantum world. Next year, more companies will pay attention to when and where the first quantum computer will appear. Quantum computing will become mainstream as the general public begins to see the benefits and uncertainties of quantum computing.
Conclusion: Times are changing – companies have to keep up
For a consistent IT security in companies, some challenges have to be mastered. In particular, the sharp increase in digital working methods in the wake of the pandemic requires increased efforts to ensure safety. The future world of work will bring with it new technologies, larger networks and more digital ways of working. Criminal actors thus find a large number of new attack vectors and develop more and more creative attack tactics. Companies must adapt their security strategy to the way they work and adapt to an increase in the number of new types of cyber attacks. So you are safe from attacks on your IT security in 2022 as well.