Companyseceon
Uploaded on Feb 10, 2023
Category
Business
Cybersecurity affected everyone’s life and lifestyle – it adjusted the price of gas for your car, if you could get a steak at a restaurant, if or when you could see your doctor, and whether or not your favorite gaming site compromised your personal financial data. Call Us: +1 (978)-923-0040 Visit: https://www.seceon.com/
Category
Business
Cybersecurity 2022_ The Year in Review by Seceon Thought Leadership - Seceon
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership -
Seceon
+1 (978)-923-0040 [email protected]
Cybersecurity 2022: The
Year in Review by Seceon
Thought Leadership
by Seceon Thought Leadership | Feb 2, 2023 | aiMSSP, aiSIEM, aiXDR, Awards, Cyber
Security Company, Cybersecurity Solution, Ransomware Detection | 0 comments
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership
- Seceon
2022 was the year that cybersecurity affected everyone’s life
and lifestyle – it adjusted the price of gas for your car, if you
could get a steak at a restaurant, if or when you could see
your doctor, and whether or not your favorite gaming site
compromised your personal financial data. Increased pressure
was applied to those who are cyber professionals and
practitioners borne out of a stricter regulatory climate and
we will undoubtedly see government and standards bodies
continue to clamp down on organizations who flout or
minimalize their emphasis on cybersecurity.
We all know the 2022 data breach headlines (e.g Copper
Mountain Mining, Mizuno, Intrado, Rackspace, T-Mobile, and a
vast global list of public and private sector organizations). But
what businesses need to ask is HOW do these attacks happen
and what can we do to avoid this? This is where our job as
business risk managers needs to clearly convey all the actions
taken by cyber criminals to compromise digital assets and
what we need to do to protect our organizations and be
resilient (protect, detect and recover) from attack.
Let’s start out by using ransomware as the “Badness-o-meter”
of Cybersecurity, that is using the pervasiveness and impact of
this economic crime as the measure of improving or declining
effectiveness in our industry. We often don’t know what, or if, a
ransom was paid. There are many instances, as in Colonial
Pipeline in 2021, where we know that the $4.4 million ransom
was paid. Paying a ransom shows an extreme failure in your
resilience, preparedness, and readiness. Let’s not forget top
threat actors are very well funded and in many cases,
attackers are doing significant research to understand what an
organization is able to pay, in order to increase the likelihood of
the payment amount demanded by the extortioner.
We do know this. That the number of organizations globally
that were victimized by ransomware rose slightly to 66% in
2022 (an increase of 3% over 2021). 68% of those victims
paid the ransom in 2022, a decrease of 19% from 2021. This
is an important improvement but almost seven of every ten
is still very high.
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership -
Seceon
16% of organizations have been hit 3+ times with ransomware
indicating a lack of cybersecurity fundamentals and hygiene in
those organizations along with neglecting to take the
remedial steps needed to not be a repeat victim. 56% of those
attacked lost revenue, 50% lost customers and 43% had
significant reputation and credibility loss.
What we clearly see in 2022 are larger individual attacks than
ever before. 11% of ransomware attacks had their extortion
dollar figures exceed $1 million in 2022 with an overall
average ransom of $220,298 for the full year. However, the
ransom payment amount is miniscule compared to the recovery
and impact cost of $4.54 million in 2022, down just a bit from
$4.62 million in 2021.
Global Ransomware damage costs (again, not the ransom
amount itself) are expected to move to $265 billion by 2031
putting ransomware in the top 50 of Gross National Product
sizes in the world.
Lastly, according to the World Economic Forum ( WEF), “by
2025, it’s estimated that 463 exabytes of data will be
created each day globally
– that’s the equivalent of 212,765,957 DVDs per day!” But as
more data is produced and the value of data (often categorized
as “cost per record”) skyrockets, we can only expect that more
bad actors will attempt to successfully exploit the emerging
threat vector brought on by surging data volumes. As
billionaire Warren Buffett once noted, data is clearly the new
oil.
Though some of these statistics are moving in an improved
direction, the increasing sophistication of cybercriminals
adding Artificial Intelligence (AI) to their endless array of zero-
day exploits and social engineering attacks is absolutely
terrifying. Research firm Cybersecurity Ventures now predicts
that there will be a new ransomware attack every 2 seconds
(down from 11 seconds at the beginning of 2022) as
ransomware perpetrators continue to refine their malware
payloads and related extortion activities.
Furthermore, operational attack surfaces and privacy/PII
targeted attacks are increasing mainly as millions more IoT,
IoMT, IIoT devices come online, with some estimates at more
than 50 billion devices globlly by 2030, as well as countless
organizations operating in hybrid
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership -
Seceon
fashion (cloud and on-prem) with a largely remote workforce in
the aftermath of the 2020-2021 pandemic.
Now lets look deeper at what we at Seceon predicted for 2022,
then let’s look at what we predict is going to happen in 2023.
Thanks for joining us on this journey!
2022 Seceon Prediction One: We wi l l see
High Employee turnover in cybersecurity
wi th recruitment and staffi ng
continuing to be a major issue on a
global scale
In 2022, the global cybersecurity industry saw a dramatic rise
in employee turnover. This was due to an increasingly
competitive job market, with a large number of qualified
candidates competing for the same jobs. Companies had to
adjust their hiring strategies to stay ahead of the competition
and recruit the best talent. ISC2 currently estimates the
workforce gap at 3.1 million professionals worldwide. There
appears to be a shift in entry paths for those
newer to cybersecurity. 26% of pros with less than 3 years
experience started in a field other than IT or cyber, whereas
just 1 in 5, 20% with 8 or more years of cyber experience
started in a field other than IT or cyber.
Moreover, we have a divide in the cyber workforce with most
graduates from colleges and universities moving toward
technical areas in cybersecurity, with very few in the domain of
Governance, Risk and Compliance (GRC), at a time when the
biggest need is in GRC. This is a significant risk. Talent is
scarce. If you can’t obtain the skillsets you need to effectively
manage cyber risk, then your cyber risk will go unmitigated,
which will lead to exposures, high cost of insurance (or loss of
insurance), and leave you open to attacks, ransoms and data
breaches. According to ISC2, 57% of organizations have unfilled
roles they cannot find a suitable pool of candidates.
Additionally, the emergence of cloud-based technology
and automation meant that many of the traditional roles in
cybersecurity needed to evolve with only some of the
existing workforce making the journey with others leaving
their positions in search of new opportunities. Despite these
shifts, the demand for cybersecurity
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership -
Seceon
professionals continued to grow, and the industry remained one
of the most sought-after sectors in the tech industry with zero
percent unemployment for job seekers.
2022 Seceon Prediction Two: Expect
additional Compliance Requirements
Companies around the world saw an increased emphasis on
compliance across industries. This included more stringent
requirements for data security, privacy, and compliance with a
range of laws, regulations, and standards. Organizations of all
sizes, from small businesses to large corporations, had to
adhere to increasingly complex regulations and policies
regarding the protection of personal data and the handling of
sensitive information. Companies also had to take extra
measures to ensure their systems were protected from
cyberattacks and other malicious activities. In turn,
cybersecurity professionals had to stay up-to-date with the
latest security standards and technologies, as well as ensure
their systems were compliant with new and existing
regulations. Businesses had to invest in new technologies and
strategies to meet the new requirements, such as cloud
computing, threat intelligence, and artificial intelligence.
Overall, the focus on compliance in 2022 resulted in a
heightened awareness on cybersecurity threats and a stronger
sense of responsibility among all stakeholders. Boards of
Directors are now asking questions about cyber threats,
capabilities, and what they can do to help guide their
constituent companies, especially in this area we call risk
management and establishing the fact that compliance is non-
negotiable. Executive Order 14028, the recent revisions in the
FTC Safeguards Rule, the adoption of several state privacy
initiatives (California CPRA, Colorado, Connecticut, Utah
Virginia), and recent directives from CISA are all indicative of
increased scrutiny and legislative action to require adherence
to sound cybersecurity and privacy practice.
2022 Seceon Prediction Three : The quality of AI
algpoarciet hanmds , scaelambiolirtey coef nptlraatlifzoerdm. sT hbiesh einnadb tlheods e
ablegtboteerciort mhdemetse catn adn tdh oerre gasacpncouinzrdaat ctiyo n sosef tctouhreit yre tshurletas tpsr. oAduutcoemda wtei ldl
bseeccuormitey ftooroelsfr,ont of SOC demands.
AI-powered cybersecurity technology continued to advance
at a rapid
Cybersecurity 2022: The Year in Review by Seceon Thought Leadership -
Seceon
such as machine learning and predictive analytics, were used to
better identify and block malicious activities. At the same time,
cloud-based security solutions were further developed and
adopted, allowing organizations to better protect their data
and systems. Cloud-based solutions made it easier to detect
and contain threats, as well as to quickly respond to incidents.
The adoption of zero-trust security models also saw a surge
in popularity in 2022. This model is based on always verifying
user identity and access rights, rather than trusting users who
are already in the system. This helped organizations keep their
data and systems secure even when they were accessed from
outside their networks. Finally, the use of encryption and
tokenization also became more widespread in 2022. These
security measures help protect data from being accessed or
stolen, even if the data is intercepted. Further, math applied to
use cases, should result in a more efficient and effective SOC
with less alerts and noise being generated. AI also offers the
advantage of supplying a system of measure by using
security analytics to measure risk in a probabilistic manner,
overcoming the challenge of not being able to quantify the
likelihood and impact that a threat can be imposed on an
environment.
Tomorrow, we will introduce our 2023 Cybersecurity Predictions
in Part II of our blog. We look forward to your feedback and
qAuedsdtiorenss.s - 238 Littleton Road Suite #206
RWeceesntft ord, MA 01886
Post
Phone no - +1 (978)-923-0040
Email Id - [email protected]
Website - https://www.seceon.com/
Comments