2022 has proven to be a very bad year for cybersecurity, with countless of threats and growing pains. Ransomware attacks are up, and hackers show little sign of retiring this form of cybercrime. Meanwhile, cloud security is proving to be more complicated than many IT leaders expected.
Here are three of the defining cybersecurity trends of 2022.
Ransomware Defense Remains Challenging
During the first half of 2022, 1,246 organizations were listed as victims on ransomware data leak sites – a 20% increase over the same time in 2021, according to security firm Optiv. That number points to a disappointing but probably inevitable reality: Ransomware continues to infiltrate even organizations that take reasonable precautions, with no signs of slowing down. There are plenty of reasons why: innovative hackers, ransomware as a service, and the relatively slow pace some organizations move to shore up their ransomware defenses.
In fact, ransomware is costing companies more than ever, said Scott Crawford, research director for information security at S&P Global Market Intelligence. And it’s not just about paying the ransoms (which 72% of organizations resorted to paying, Statistica found). It’s about the cost of remediation and cyberinsurance. Both cyberinsurance claims and premiums have increased significantly over the past few years. According to the National Association of Insurance Commissioners, total premiums paid rose 75% between 2020 and 2022.
As a result, cyberinsurance carriers have increased the requirements for coverage to mitigate their own risks. “[Insurance companies] can’t sustain these kinds of losses, so they have to escalate their requirements,” Crawford said.
At the same time, organizations are slowly but surely learning what is required for ransomware defense.
“Two years ago, our clients reacted to ransomware much differently than they do today,” said Dave Cronin, vice president and head of Capgemini America’s cybersecurity practice.
“They were often afraid to report [ransomware attacks], and some opted to do a complete rebuild, which exposed the fact that they didn’t have a disaster recovery plan.”
Many of organizations today are working toward zero trust, which will help them better weather ransomware attacks, Cronin added.
Cloud Security Gains More Attention
Companies continue to move workloads, data, and services to the cloud in droves. However, they are also dealing with some unpleasant realities: The cloud isn’t inherently secure, and it’s a shared responsibility between organizations and cloud providers and vendors.
As organizations invest further in cloud-native applications, for example, cloud-native technology security has become a must-have. Crawford pointed specifically to tools for software composition analysis, API security, and container security as top-of-the-list items. The global markets for these tools are poised to expand, according to researchers:
- Technavio predicts the software composition analysis market will expand at a compound annual growth rate (CAGR) of 20% from 2021 to 2026;
- Future Market Insights expects the API security market to grow by a CAGR of 26% between 2022 and 2032; and
- Grand View Research forecasts that the container security will grow at a CAGR of nearly 30%.
Other important areas of cloud security growth include data security, network security, endpoint security, and application security.
So much more of the IT investment has shifted to cloud over the last several years, yet security technologies and processes continue to evolve. “The pandemic shifted quite a bit of investment to ‘access from anywhere,’ with ‘cloud-native’ techniques often being the most widely available way to deliver IT and digital functionality,” Crawford said. “In addition, modern applications offer high flexibility in implementation and use cases.”
Cronin also pointed to the increasing need for and use of identity and access management, which is more important than ever in the cloud.
“Whether it’s migrating to the cloud, trying to consolidate different authorization and authentication tools and methods, moving toward single sign-on, or pushing content out to a mobile device, organizations need better identity and access management,” Cronin said. “This year, I’ve seen more companies doing it and more employees beginning to understand and accept it.”
Investments in Security Analytics
Increased adoption of security analytics – the use of data aggregation, collection, and analysis tools to find anomalies and detect potential threats – was another big 2022 cybersecurity trend.
A report by Meticulous Research found that the global security analytics market is growing at a CAGR of nearly 19% and will reach $43.9 billion by 2029. North America is expected to account for the largest share of the security analytics market.
S&P Global Market Intelligence found the same kind of growth trajectory for security analytics. A recent S&P report, for example, found that one-third of organizations plan to increase spending on security analytics significantly, across areas like data security, network security, endpoint security, application security, identity management, and security assessments.