The stability of large companies with a robust technological base is mainly dependent on the proper protection of their data. That is why the management and control of information depend on the appropriate application of technologies based on cybersecurity that helps them to be protected against possible attacks and security breaches.
Companies around the world must be concerned about having their information safe and their equipment protected. Year after year, investment in cybersecurity is increasing due to the fear of threats that endanger their data protection.
The presence of new technologies that are about to be deployed, the significant events that will take place during the year, and the development of the market itself are the leading indicators of what is expected in cybersecurity:
Ransomware and data hijacking, the type of cyberattack most feared by significant companies
During 2020-2021, there were hundreds of computer attacks based on ransomware, the type of cyberattack that acts by blocking devices that will only become operational again after a ransom, usually of a financial nature.
The banking sector is probably the one that should take extreme precautions due to the sensitivity of its information. Both they and their customers’ data will be in the crosshairs of this type of cybersecurity attack in 2021 -2022.
Cyberattacks targeting the cloud
Controlling and blocking the cloud will be the other focus. Companies tend to move content from their servers to the cloud, a space that is considered highly protected but whose breach of barriers and discovery of vulnerabilities has become one of the most prized commodities. Many companies found a solution to this problem in Ukraine. There you may hire professional cybersecurity engineers that are always one step ahead of the cybercriminals.
Cyber-attacks against the cloud are a more complex process than against your servers or devices, but so are the actions to discover and block such efforts.
Phishing, the disguised cyberattack, will take on new forms
Phishing is the type of cyberattack carried out by a malicious agent trying to impersonate a company’s identity. Able to adopt formats such as e-mail, landing page, or fake ads, its senders impersonate the brand they are impersonating in an attempt to steal compromised customer data from the customers of the usurped identities.
Most Internet users have not become aware of or do not look carefully at who is sending them specific information, placing their trust in any communication that reaches them via the Internet.
Did you know that, according to WatchGuard, 25% of successful cybersecurity attacks will occur in situations where the worker is unprotected by the means implemented in their usual workspace?
To this risk, it will be necessary to add the corporate policy called BYOD (Bring your device), in which the employee uses his equipment to work. Exceedingly ordinary when that device is their smartphone used company phone.
Tools such as the Sophos suite, with firewall systems, antivirus, or secure connection, among others, can reduce the risk of attacks when the employee uses protected devices, both those who are teleworking and those who bring their equipment.
The figure of the CISO reaffirms its value as responsible for cybersecurity.
The CISO or Information Security Officer is an executive-type role responsible for aligning information security with business objectives. His responsibilities are related to the definition and implementation of cybersecurity policies regarding information and data privacy, supervising access controls and the proper compliance with these regulations, and answering as responsible for it. Also accountable for preventing and detecting possible risks and, in general, for any activity that keeps the company protected.
This profile is increasingly in demand. Its value is such that it is beginning to move to the first level, integrated into the management bodies. The complexity of cybersecurity systems has given this role a critical value.
Control of the cybersecurity market becomes more concentrated
When a market acquires potential, large companies try to control it and occupy a privileged position by obtaining those whose technology is starting to take off. You will have seen it dozens of times: Facebook acquires Oculus to control the VR market, or Microsoft buys LinkedIn to maintain the leading corporate social media channel.
As an emerging market, cybersecurity is a sector with enormous potential. The largest companies do not want to miss the opportunity to get their piece of the pie while still tender.
It is a market on which other companies will depend and will be forced to invest millions if they want to keep their digital assets safe, contracting the services that the big cybersecurity providers will offer them.
Over the last few years, we have seen two significant moves come to fruition:
- Indra buys SIA (Sistemas Informaticos Abiertos).
- Accenture buys Symantec’s cybersecurity area.
It is to be expected that the market will undergo new tremors and that this type of movement will be increasingly directed towards concentration in a few hands.
Supply/demand gap in the professional cybersecurity market
There are not enough developers, not enough cybersecurity professionals, and even fewer experts with sufficient cybersecurity skills to meet the market’s needs.
If IT suffers from a generalized gap between recruitment needs and the number of skilled workers available, the cybersecurity branch stands out above the rest.
According to a recent report by Capgemini, for which more than 1,200 people professionally related to cybersecurity were contacted, it indicates that this is the branch of IT in which there is the most significant gap between supply and demand. Precisely 25 points above cloud computing, analytics or web development, Data Science and Big Data.
More and more cybersecurity experts are needed, but not enough professionals are being trained or generated.
Other cybersecurity trends in 2021-2022:
Privileged Access Management, the cybersecurity staple that large and medium-sized companies need.
Privileged Access Management and the use of PAM (Privileged Access Management) tools become an essential operation, especially for those digital businesses with a large number of personnel who need to be given permissions to access and manage specific areas of the system.
Limiting access to certain areas will establish barriers that will prevent accidents that damage spaces outside the knowledge of this employee or supplier. It is also an exciting method to avoid information theft.
5G, new challenges for cybersecurity
Another trend in cybersecurity in 2021-2022 will be the final deployment of 5G. What advantages and risks will this new technology bring?
In short, more connection speed and more connected devices. Precisely, the ability to have more connected devices goes hand in hand with another noun that has been around for several years and can finally be standardized: the Internet of Things or IoT.
More connected devices will be equivalent to a greater need for data processing.
Cybersecurity professionals will have to increase their efforts. More connected devices will be more devices at risk.
Artificial Intelligence and cybersecurity: danger and remedy at the same time
There is no trend in cybersecurity in 2021 – 2022 without taking into account a concept as in vogue as Artificial Intelligence. Two branches of computer science sometimes go hand in hand.
So much so that Artificial Intelligence is expected to complement the activity of specialized computer security teams, who will now be able to use the benefits of AI to anticipate new forms of attacks that are still unknown.
The injection of AI-based technology will considerably speed up work processes such as vulnerability research, network patching, or eliminating false positives. Undoubtedly, a plus for cybersecurity.
On the other hand, Artificial Intelligence will function as an object used by attackers who want to detect methods for penetrating other people’s environments.
Cyberattacks targeting AI will take new forms. In 2021-2022, malicious actions that seek to “fool” Machine Learning mechanisms into believing they are working correctly will be implemented.
Threat Hunting, preventive cybersecurity
This cybersecurity technique, based on the active search for threats that have not yet triggered the alarms, is emerging as a future methodology.
As opposed to the necessary barriers to threats or the cure and implementation when the attack has already been deployed, this system of constant scanning is required to discover the presence of malicious agents when they are in the deployment phase but have not yet been executed.
Deepfakes are becoming more and more realistic
Deepfake is the application and use of various image and sound capture techniques and Artificial Intelligence to generate fakes to deceive the target audience into believing that the subject in front of them is real.
In line with the Phishing above, a technique could serve to deceive victims who think and trust the virtual subject. A subject that, in reality, is a digital generation capable of impersonation.
Deepfakes will continue to move towards refinement during 2021 – 2022, generating more accurate impersonations. An improvement in deepfake will, most likely, be equivalent to greater risk in the face of possible deception and scams.
Two-step authentication and biometrics take hold for good.
Two-step or multifactor authentication controls access to a user account through two or more verification systems.
You will have used it on many occasions when you have entered your email and password and then had to confirm access using a code received via SMS, physical password, or even by post.
Supported by biometrics, the authentication system will continue to boom, so more and more companies will resort to this type of verification, trying to protect the data of their users or workers.
Trends indicate that, during 2021-2022, cybersecurity will remain critical. Defense and protection measures that protect against possible malicious actions that would shake the stability of these businesses will continue to evolve at the same pace as the complexity of cyber-attacks.
So in 2021-2022, we don’t expect significant revolutions in cyberattack and cybersecurity formats, but rather an evolution of what we’ve seen so far.