*By Ricardo Rodrigues
Every year, the hackers grow in number, accuracy and sophistication🇧🇷 Cybercriminals evolve by creating new types of attacks, targeting different areas of the IT infrastructure. It's mid-2022 and experts are recording a huge range of cybersecurity issues.
“Organizations around the world face increasingly sophisticated data breaches“, said Peter Firstbrook, vice president of research at Gartner. “The pandemic has accelerated hybrid work and the migration to the cloud, which presents a challenge for Chief Information Security Officers (CISOs), who must ensure a distributed defense on all fronts, in a context of lack of skilled labor, complemented.
Below are six points to watch out for this year, according to security experts:
1.Internet of things, the forgotten concern
IoT (Internet of Things) continues to be a challenge in terms of security, as there are many devices that few take into account when enforcing data security. It is estimated that by 2025 there will be 27 billion IoT devices, according to the IoT Analytics🇧🇷 Each of them is an opportunity for a cybercriminal.
2. There is more and more data hijacking
data hijacking are nothing new, but what is new is that they are becoming more massive, misleading and dangerous🇧🇷 According to Experian, all forms of artificial intelligence will lead to more sophisticated and difficult-to-fight data hijackings.
The consequences are worrying. Cybernews.com, in its report of 2022 security threats, argues that paying to recover data it's not always a good idea🇧🇷 “There has been a lot of debate about the effectiveness of paying a 'ransom' among experts. While many insurers choose to pay, experts suggest that such a decision not only fuels cybercrime, but also does not guarantee the return of data”, warned the website.
The first step is to avoid hijacking and have ways to protect data so that even though this information is encrypted, there are backups that are not corrupted. “It's like a thief walking through a neighborhood: there's less chance of him breaking into a house with bars on the windows,” said Jack O'Meara of Guidehouse.
3.The automation of attacks and fraud for everyone
With so many attacks happening simultaneously, it seems hackers don't sleep. More and more attacks are automated and some are available for download: criminals monetize their scams by turning them into a cloud service that cybercriminals simply subscribe to.
These sophisticated attacks can include artificial intelligence features such as voice bots that pretend to be companies and combine social engineering with robotics🇧🇷 With automated attacks and hacking services available, criminals hardly need skills to wreak havoc.
THE expert also warns that “a large part of fraudulent transactions will be fueled by consumers, what are induced to voluntarily send data from their own devices, believing that they will be used for legitimate transactions”.
4.The exposed surface grows
As the network expands and the number of applications and devices increases, so does the surface exposed to attacks. 🇧🇷Business weaknesses are expanding🇧🇷 The risks associated with the use of cyber and IoT systems, open source software, cloud applications, complex digital supply chains, social networks, among others, have pushed organizations’ exposed surfaces outside of a set of controllable assets.” argued Gartner.
5.More and more people get involved in security issues
Business units have more control over their IT decisions, often buying solutions or resolving issues internally. So not only is the attack surface growing, but there are very specific areas that IT doesn't necessarily see.
This has led to radical decentralization and security-oriented decision-making, Gartner argues. 🇧🇷Enterprise cybersecurity needs and expectations are maturing and executives demand more agile security🇧🇷 From there, “the scope, scale and complexity of digital business make it necessary to distribute decisions, responsibilities and accountability for cybersecurity among the units of the organization and away from a centralized function”, he highlights.
This caused the CISO's role to shift to a higher level and more strategic position. 🇧🇷He went from being an expert on the technical subject to becoming an executive risk manager”, said Peter Firstbrook. “By 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of digital organizations🇧🇷 CISOs must reconceptualize its matrix of responsibilities to empower boards, CEOs and other business leaders to make their own risk decisions 🇧🇷
6.Hybrid work: opportunity for hackers
The pandemic has created a sea change from remote and hybrid work, creating unique challenges for security professionals. Many of the devices are not managed by the security team and, of course, connect from outside the network. This not only expands the attack surface, but many of these devices and the networks they use to connect to have little or no protection.
"You cybercriminals can start to attack residences and personal networks of top executives or even government officials, as these networks are easier to compromise than traditional business environments," argued Security Magazine in its blog.
Phishing is more frequent and dangerous in hybrid work scenarios. “The line between the personal and the professional is fine, as the employees can use home devices for work or corporate devices for personal tasks🇧🇷 This will continue, and there will likely be an increase in phishing attacks targeting corporate and personal email accounts, multiplying the chances that attackers will successfully attack.
*Ricardo Rodrigues is Progress Senior Sales Engineer for the Caribbean and Latin America.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies