A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments and individuals at constant risk.
The industry continues to suffer from a severe shortage of cybersecurity professionals and experts warn that the stakes are higher than ever, as the cybercrime epidemic even risks shaking public faith in such cherished ideals as democracy, capitalism and personal privacy. “Honestly, we’re all at risk,” Heather Ricciuto of IBM Security told cnbc.com, “whether you’re talking about a large enterprise or an individual.”
The nonprofit Information Security Forum, which describes itself as “the world’s leading authority on cyber, information security and risk management,” warns in its annual Threat Horizon study of increased potential for:
- Disruption — Over-reliance on fragile connectivity creates the potential for premeditated internet outages capable of bringing trade to its knees and heightened risk that ransomware will be used to hijack the Internet of Things.
- Distortion — The intentional spread of misinformation, including by bots and automated sources, causes trust in the integrity of information to be compromised.
- Deterioration — Rapid advances in intelligent technologies plus conflicting demands posed by evolving national security and individual privacy regulations negatively impact organizations’ ability to control their own information.
With damage related to cybercrime projected to hit $10 trillion annually by 2025, here is a closer look at the most significant cybersecurity threats for 2022.
Cybersecurity Threats and Trends for 2023
Vulnerability in the Cloud
There are many advantages to cloud storage — encrypted servers with limited access, consistent cybersecurity measures and built-in firewalls, among others. And while cloud storage is typically far more secure than saving files on a hard drive, it still comes with certain risks. The National Security Agency has cautioned against four types of cloud vulnerabilities — misconfiguration, poor access control, shared tenancy and supply chain vulnerabilities. Other cloud vulnerabilities may include insecure APIs and lack of multi-factor authentication.
Data breaches have, unfortunately, become all too common, and they don’t seem to be going away any time soon.
Some of the biggest data breaches of the 21st century include top companies like Yahoo, LinkedIn, Facebook and Marriott International. According to Comparitech, the U.S. has experienced the most data breaches with 212.4 million people affected in 2021 (compared with 174.4 million people in 2020). The closest country behind the U.S. was Iran with 156.1 million people affected by a data breach in 2021.
Risky Hybrid or Remote Work Environments
The COVID-19 pandemic greatly popularized the concepts of hybrid and remote work. According to Gallup, about half of full-time workers in the U.S. (60 million people) report that “that their current job can be done remotely working from home, at least part of the time.” Pre-pandemic, approximately 8% of workers were exclusively remote; that number rose to 39% in 2022. It’s now projected at 24% for 2023 and beyond.
While hybrid and remote work environments offer a variety of benefits to both employees and employers, they do come without added threats. Some of the most common remote work security risks include accessing sensitive data through unsafe Wi-Fi networks, using personal devices for work, using weak passwords and practicing unencrypted file sharing.
The average cell phone user in the U.S. spent 4 hours and 23 minutes on their device in 2021. Smartphones are everywhere; not only are they used for personal connection and communication, but they are often essential for business, which makes them even more vulnerable to cyber threats. Just like computers and laptops, smartphones are susceptible to many security threats, including phishing (especially via text messaging), poor password security, spyware and malicious apps.
Phishing Gets More Sophisticated
Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.
Now that employees at most organizations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are upping the ante — for example, using machine learning to much more quickly craft and distribute convincing fake messages in the hopes that recipients will unwittingly compromise their organization’s networks and systems. Such attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware Strategies Evolve
Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.
See What a Cyber Security Masters Program Looks Like for Working Professionals
The cryptocurrency movement also affects cybersecurity in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to “mine” for cryptocurrency. Because mining for cryptocurrency (like Bitcoin, for example) requires immense amounts of computer processing power, hackers can make money by secretly piggybacking on someone else’s systems. For businesses, cryptojacked systems can cause serious performance issues and costly downtime as IT works to track down and resolve the issue.
The same technology that has enabled us to modernize and computerize critical infrastructure also brings risk. The ongoing threat of hacks targeting electrical grids, transportation systems, water treatment facilities, etc., represent a major vulnerability going forward. According to a recent report in The New York Times, even America’s multibillion-dollar military systems are at risk of high-tech foul play.
Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cybercrime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2022, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.
Many such attacks target government-run systems and infrastructure, but private sector organizations are also at risk. According to a report from Thomson Reuters Labs:
“State-sponsored cyberattacks are an emerging and significant risk to private enterprise that will increasingly challenge those sectors of the business world that provide convenient targets for settling geopolitical grievances.”
The Internet of Things is becoming more ubiquitous by the day (according to Statista.com, the number of devices connected to the IoT is expected to reach 75 billion by 2025). It includes laptops and tablets, of course, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems.
Connected devices are handy for consumers and many companies now use them to save money by gathering immense amounts of insightful data and streamlining business processes. However, more connected devices means greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.
Vulnerabilities With Smart Medical Devices and Electronic Medical Records (EMRs)
The health care industry is still going through a major evolution as most patient medical records have now moved online, and medical professionals realize the benefits of advancements in smart medical devices.
However, as the health care industry adapts to the digital age, there are a number of concerns around privacy, safety and cybersecurity threats.
According to the Software Engineering Institute of Carnegie Mellon University, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”
With hospitals and medical facilities still adapting to the digitalization of patient medical records, hackers are exploiting the many vulnerabilities in their security defenses. And now that patient medical records are almost entirely online, they are a prime target for hackers due to the sensitive information they contain.
Third Party Vulnerabilities (Vendors, Contractors, Partners)
Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees.
As cyber criminals become increasingly sophisticated and cybersecurity threats continue to rise, organizations are becoming more and more aware of the potential threat posed by third parties. However, the risk is still high; U.S. Customs and Border Protection joined the list of high-profile victims in 2021.
A report on “Security Risks of Third-Party Vendor Relationships” published by RiskManagementMonitor.com includes an infographic estimating that 60% of data breaches involve a third party and that only 52% of companies have security standards in place regarding third-party vendors and contractors.
Privacy Concerns With Connected Cars and Semi-Autonomous Vehicles
While the driverless car is close, but not yet here, the connected car is. A connected car utilizes onboard sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fueling the Future.”
For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers. In addition to safety concerns, connected cars pose serious privacy concerns.
As manufacturers rush to market with high-tech automobiles, 2020 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
Hackers are continually becoming more and more sophisticated not only in their use of technology, but also psychology. Tripwire describes social engineers as “hackers who exploit the one weakness that is found in each and every organization: human psychology. Using a variety of media, including phone calls and social media, these attackers trick people into offering them access to sensitive information.” The article includes a video demonstrating an example of social engineering.
A Severe Shortage of Cybersecurity Professionals
The cybercrime epidemic has escalated rapidly in recent years, while companies and governments have struggled to hire enough qualified professionals to safeguard against the growing threat. This trend is expected to continue into 2022 and beyond, with some estimates indicating that there are some 1 million unfilled positions worldwide (potentially rising to 3.5 million by 2021).
The severe shortage of skilled cybersecurity professionals continues to be cause for alarm since a strong, smart digital workforce is essential to combat the more frequent, more sophisticated cybersecurity threats emanating from around the globe.
What Companies Are Doing to Combat Cybersecurity Threats
One of the most effective methods for preventing and mitigating cybersecurity threats and attacks is through proper cybersecurity education. Many companies and organizations are using webinars and training tools to keep employees informed of best practices and proper protocols.
Companies may also adopt new technologies and run security audits, in addition to hiring experienced cybersecurity professionals and/or consultants to help strengthen their cyber defenses.
That’s why the University of San Diego created two master’s degree programs focused specifically on the most critical issues facing cybersecurity professionals today — the innovative, online Master of Science in Cyber Security Operations and Leadership and Master of Science in Cyber Security Engineering, which is offered both on campus and online.