The need for businesses to adopt a cyber security focus has progressively presented itself over the past decade. Cyber attacks have become increasingly complex and widespread, and are following this pattern through to 2022 with new attack styles, tools, and volume. We have reached a point where companies cannot turn a blind eye - for the safety of business data and financial standing.
Worldwide, the cyber security industry value is estimated to reach 345.4 billion USD (equating to around 253.2 billion GBP) by 2026. There is estimated to be a workforce skills gap leaving millions of unfilled jobs by 2022. This pending divide in the workforce required and skilled professionals showcases how important it is to start investing soon. Companies should be formulating cyber security strategies now to ensure they are actioned priorities in 2022.
How cyber attacks evolved in 2021
2021 saw an increase in cyber attacks - in frequency, sophistication, and how widespread attacks became. The sectors most affected by cybercrime were healthcare, information technology, financial services, and energy - with both small and large businesses targeted.
There was a vast increase in attackers finding and weaponising zero-day/N-day attacks. This refers to hackers utilising recently discovered security vulnerabilities to exploit systems; in the form of software, hardware, or firmware unknown to the party responsible for fixing flaws. 2021 broke the record for the most zero-day attacks, as more tools and targets became available to hackers. Companies experienced a surge in ransomware attacks over the year - with hackers compromising third-party organisations to gain initial access.
The boom in home-working and the need for technology throughout the pandemic greatly contributed to the evolution of cyber attacks. Attackers became more advanced, and target pools widened with the changes in work culture. The workforce gap and lack of cyber security training have created an environment experiencing rapid attacks, with a vast shortage of skilled professionals to combat this.
The year's notable headline attacks include Acer, who experienced a ransomware attack demanding 50 million USD, approximately 36.6 million GBP. Hackers shared images of stolen files comprising financial statements and bank documents as security breach proof, consequently forming the data leak. It has not yet been reported if Acer paid the ransom. Kia Motors were hit with a similar attack demanding 20 million USD (14.6 million GBP.) Kia stated that the subsequent IT outage affected mobile UVO link apps, payment systems, portal services, and internal Kia sites.
What will cyber attacks look like in the future?
Hackers are experiencing exponential returns from attacking companies across the globe, so attacks will continue to rise in frequency, complexity, and ruthlessness. Whilst companies get to grips with remote security best practices and educating teams in order to omit human error, vulnerabilities across systems, networks, and people will be exploited.
With the move to remote work, organisations are adapting their technology stacks from using off-the-shelf enterprise software to VPNs, and migrating workloads to cloud environments. Attackers will adapt techniques to attack cloud native technologies, to achieve initial footholds within enterprise networks. Since off-the-shelf enterprise software is used across multiple organisations, attackers see huge potential returns performing supply chain attacks against this software.
Making cyber security a priority for your business
Cyber attacks are an increasingly prominent issue, yet a huge proportion of companies are still not taking appropriate security measures. To stay ahead of this cyber crime evolution, a cyber security workforce should be incorporated into companies’ structures; regularly trained to evolve with the fluidity of the industry.
Whilst this can seem an expensive area of investment, the cost of not doing so can entirely hinder your company, with a much more significant impact than the cost of hiring a team to prevent such outcomes. We recently explored the reason businesses are investing in cyber security, noting that the cost of not investing can lead to issues with EU-GDPR, customer trust, data, and disaster recovery. These components will cost your company more money than the investment in teams, training, and security best practices.
TryHackMe was launched to allow users to train and upskill in cyber security - from the beginner with no prior experience to the seasoned hacker looking to stay on top of attack trends and evolutions. Businesses partner with us to create branded learning paths that align with skill requirements, giving teams relevant, engaging, personalised training. We host a management dashboard that allows progress monitoring across your platform users, to understand how effectively teams are learning. Essentially, we help upskill your team to mitigate the risk of cyber attacks, and can be a pillar to your cyber security strategy in 2022.