Organisations are recognising that cyber attacks are a huge challenge and starting to invest in and adopt new methodologies to tackle this; in fact, spending on cyber security is expected to be up 12% in 2021 alone. Enterprises’ biggest challenge in ransomware attacks is remote working – it can be incredibly challenging to protect critical assets and infrastructure in a remote setting, which has increased the level of sophistication of such attacks. Cyber criminals will continue evolving and change tack – instead of trying to extort ransom monies, they will increasingly be mounting larger scale industrialised attacks in 2022, aimed primarily at disrupting the normal operation of businesses and governments. Despite this shift, attackers are also motivated by the global notoriety and media headlines that result from their exploits.
In 2022, organisations will need to prepare from a foundation of analysis, discovery and recovery perspective if they are attacked, better to detect and respond quickly to attacks. Organisations are increasingly educating their workforces to understand new cyber threats and how to detect them on a personal level. Furthermore, organisations will no longer pay ransoms if they have a way to recover in a reasonable period of time. In 2022, if an organisation’s recovery is not geared up to happen in minutes, it is not doing the right thing. Recovery in minutes will become the standard for enterprises and those that do not will fall behind the curve and lose out to your competitors, especially in productivity terms.
In more detail, here are the top predictions that will help shape cyber security in 2022:
1. Ransomware will no longer be IT’s little secret
Companies are getting smart about detecting and recovering from any attack: recovery cycles of weeks or even months are non-starters, because of the scale of lost productivity. However, even though ransomware attacks are common, they are often a cause of embarrassment, even shame, and so are hidden from public view. In 2022, we’ll see companies working to remove the ‘stigma’ associated with such attacks, by safe proofing themselves and communicating to customers their policies and measures in place, as well as reinforcing best practices and employee education to protect themselves against this ongoing threat.
The rise of Ransomware-as-a-Service
2. Productivity losses from cyber attacks keep C-level execs awake at night
Organisations are not as intimidated by ransomware attacks as they were previously; now governments are stepping in, helping with the detection and identification of criminals and banning cryptocurrency platforms. Company executives have turned the corner in terms of their mental outlook – going from ‘deer in the headlights’ to adopting more active postures – drawing on expert help, more sophisticated tools, and investigating new capabilities.
3. It’s not the ransom payment – it’s the loss of productivity
Still, their biggest fear is being attacked or exposed – it is less about paying for recovery, and more about the wider disruption of company operations. We saw that some organisations did end up paying ransom to the attackers to get their data back — but that is a small amount compared to the disruption to operations for an organisation that has hundreds, thousands or tens of thousands of employees that are not able to work on maliciously encrypted or corrupted files.
Utilising a post-breach mindset for ransomware
4. Global tech industry set for new alignments
Next year will see more technology alignments, and more M&A activity driven by organisations’ needs to bring new capabilities they will need to survive and thrive in an ever-changing digital world. As we emerge from the pandemic, many big businesses have strong cash reserves; they could be looking for either alignment or acquisition or merger to continue to grow and enhance their portfolios.
5. Having a CRO will become a necessity
We will see the rise of the CRO (Chief Recovery Officer) as an essential role within organisations, driving much-needed resilience in uncertain times. With the volume of cyber attacks increasing and the scale of corporate file servers and data being compromised being much greater than is generally realised, the number of organisations needing to perform a full recovery will grow. An enterprise-wide recovery is a massive effort which can fall between gaps created by IT’s siloed approach. Someone will need to rise to bring different departments together and drive coordinated action across different areas of the business. The CRO will need to ensure that restoration doesn’t fall between the cracks and that the suggested best practices actually make recovery possible within minutes – otherwise they aren’t really best practices.