Looming cybersecurity trends for 2022 and beyond
As we transition into 2022, cybersecurity leaders have a lot to think about when it comes to ensuring the future protection of their organisations.
The steep rise of cyberattacks– particularly in the last year – has proven no industry is safe anymore. There is a rapid and upward trajectory showing no signs of slowing down. So whether cyber threats evolve or grow worse, they are bound to sculpt and shift to fit their victims. As attackers explore new technologies and develop more sophisticated methods, this should be an alarm bell for businesses to take the right execution steps to prepare them for the inevitable.
Based on NTT Ltd’s recent Global Threat Intelligence Centre report, there are several key trends predicted to drive the cybersecurity landscape in 2022 and better inform and prepare New Zealand organisations for the cybersecurity challenges of tomorrow.
Ransomware reigns and insurance responds
When it comes to the biggest threat for local businesses, ransomware remains top of the list owing to its lucrative business model. In 2021, we saw this trend grow with high-profile breaches such as Colonial Pipeline, SolarWinds and Kaseya, the latter of which directly impacted some of our New Zealand schools.
Malicious cyber actors are continuously looking to expand on their strategies to take advantage of old and new vulnerabilities – especially in light of supply chain insecurities and heavy crackdowns – and are proving adept at developing different ways to extort company finances.
In response, the insurance market is seeing a gradual shift towards tightening requirements on policyholders in order to mitigate the money lost on cyber-insurance policies. Low premiums will become less common as insurance companies increase premiums and deductions, in what is called a ‘hardening’ of the market.
The application process will also face more scrutiny – companies previously required to simply ‘tick off a checklist’ stating they have cybersecurity measures in place can now expect a more stringent process plus a full audit to prove cybersecurity capabilities before they can get insured.
The Year of ‘Zero Trust’
Once touted as a buzzword, 2022 will see Zero Trust coming to the forefront as a cybersecurity solution for many organisations. In contrast to traditional cybersecurity practices, where security protocols focused on keeping threats out, Zero Trust is a security framework based on the model of “trust no one.”
A Zero Trust network no longer assumes trust should be given once network access has been achieved, nor at a single entry point. Instead, to ensure security, any user, device or system must be verified at each network access point. This essentially changes the cybersecurity approach from “trust, but verify” to “never trust, always verify.”
This Zero Trust methodology is quickly becoming the industry standard, especially since a growing number of businesses are adopting an agile work environment, spanning the office, home and everything in between. Implementation of this approach might seem daunting, but it can mean the difference between a serious, resource-draining breach versus a negligible compromise detected in the system.
Practical steps for Kiwi businesses
Since there is no ‘one size fits all’ protection plan against ransomware attacks, New Zealand organisations need to adopt an overall defence-in-depth strategy. In other words, create layers of defence with several layers of security. From there, companies can pivot, track and allocate specific business protection steps and services. To help prepare for potential ransomware attacks, organisations should prioritise the following:
- Make regular backups – One of the most important parts of any ransomware security strategy is regular data backups, so up-to-date backups are the most effective way of recovering from a ransomware attack.
- Update and patch – Ensure that operating systems, security software, applications and network hardware are fully patched and updated. It sounds simple enough, but according to a recent survey, more than half of organisations say there’s no easy way to track whether vulnerabilities are being patched in a timely manner.
- Prevent malware from being delivered to and spreading to devices – Organisations can reduce the likelihood of malicious content reaching their devices through a combination of file type filtering, inspecting and blocking content, blocking malicious websites and code.
Blocking malware from running on devices – a ‘defence in depth’ approach – assumes that malware will reach devices. Organisations should therefore take steps to prevent malware from running in the first place. The measures required will vary for each device type, OS and version, but in general, look to use device-level security features.
- Prepare for an incident – Generate a strategy in advance for how your business is going to respond, so you can focus on containment and recovery in the event of an attack, rather than what steps you are going to take. Time really is of the essence during a breach.
Gone are the days when we could hope a strong password along with anti-virus software would be enough to fend off cyberattacks. Cyberattacks are multiplying fast. With the flow-on effects impacting New Zealand organisations now, we need to get savvy and shift our businesses towards a more resilient, forward-thinking security cybersecurity strategy.
NTT Ltd is a leading, global technology services company, here to enable the connected future. NTT finds ways for technology to make a positive impact for clients and in communities. They call it technology for good.
NTT New Zealand Ltd
NTT Ltd is a leading, global technology services company. We’re here to enable the connected future.
The cloud creates new paradigms for the technologies that support the business. These new paradigms also change how those technologies are adopted, managed, and governed. When entire datacenters can be virtually torn down and rebuilt with one line of code executed by an unattended process, we have to rethink traditional approaches. This is especially true for governance. Cloud governance is an iterative process. For organizations with existing policies that govern on-premises IT environments, cloud governance should complement those policies. The level of corporate policy integration between on-premises and the cloud varies depending on cloud governance maturity and a digital estate in the cloud. As the cloud estate changes over time, so do cloud governance processes and policies.