Cybercrime-as-a-service, growing awareness and securing the entire supply chain are among the most important trends in cyber security in 2022. In addition, the increasing professionalization of cybercriminals in the field of ransomware requires appropriate preparation on the corporate side.
Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO) at TÜV SÜD
“Kaseya, SolarWinds, the Colonial Pipeline: The attacks in 2021 have once again shown how important it is to establish cybersecurity as part of the corporate culture and to implement it across the entire supply chain,” explains Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO) at TÜV SÜD . “In addition, ransomware is now accessible to everyone as a cybercrime-as-a-service, including technical support. Cybercriminals have used 2021 to reposition themselves, professionalize and expand their field of activity. Therefore, it is now important for SMEs, industry and authorities to react.“ According to the developments, the security experts from TÜV SÜD see the following trends for the year 2022:
Malware (ransomware) is now marketed by cybercriminals in a similar way to regular software and has thus created a business model. Malware can be purchased for royalties, even including technical support. This market will continue to grow. Companies must react proactively to this and invest more in the training and awareness of their employees as well as in securing the technical infrastructure.
Cybersecurity Awareness: Consumers are sensitized
Attacks on large companies and infrastructure have shown that industry measures in terms of cybersecurity, for example with IIoT, are significantly behind the methods of the attackers. It is in the interest of the industry itself to raise its own awareness of risks and threats and to jointly develop requirements that help to become more resilient to attackers. End consumers are also increasingly paying attention to cybersecurity when deciding to buy connected products, for example with IoT devices such as smartwatches or other wearables.
Supply chain: Uniform safety standards
Past incidents show that the software development supply chain in particular needs even more awareness of cyber threats. In addition, there must be common standards for secure software, as required, for example, by the Charter of Trust, a global cybersecurity alliance in which TÜV SÜD is an active member. Manufacturers should support their partners and suppliers in complying with new regulations in order to motivate them.
Global Harmonization: Working together for more cybersecurity
“Standards are the backbone of cybersecurity.“ This motto must be lived internationally and requires cross-border cooperation. Industry and legislators must react: It is necessary to work together on harmonized minimum requirements that ensure that products and services are cyber-secure “from the factory” across industries and technologies. Uniform and generally applicable standards for cybersecurity make it possible to strengthen the level of security.
Digital Trust: Protection for AI, automation and algorithms
For example, AI and automation help companies to optimize processes and analyze their own data traffic in order to detect attacks, data leaks and thefts at an early stage. However, these technologies are only as reliable as the algorithms behind them are secured. Companies and organizations need to be careful about how they protect these technologies. Cybercriminals are also increasingly using AI for their own purposes. Basic AI cybersecurity standards can support infrastructure protection and data integrity.