5 key data threats organizations will face in 2022
As security professionals race to curb the constant proliferation of cybercrime, organizations need to be aware of these top new and evolving threats.
The past two years have seen cybercriminals using an increasing variety of attack vectors to take advantage of the impact of the coronavirus pandemic. Many of these threats will persist throughout 2022 and beyond, and it is only to be expected that attacks will continue to break records and advance in terms of both scale and sophistication.
Fortunately, enterprises now have more opportunities to protect themselves than ever before, but doing so requires a radical change in thinking among today’s security leaders. The notion of the perimeter is long dead, as companies rely ever more on cloud computing and distributed work models. Today, security is all about taking a proactive and highly adaptable strategy that prioritizes the protection of data itself, regardless of where it resides and which third-party services it relies on for storage, processing, and transmission.
With that in mind, here are some of the biggest data threats organizations will face throughout 2022:
Mobile malware attacks
In 2021, almost half of all organizations experienced one or more employees downloading a malicious mobile app. With remote work now firmly established as the new normal and many employees using their own devices for work, the mobile attack surface has expanded greatly. With the growing adoption of mobile payment platforms and other mission-critical systems, it is now vital that enterprises approach security at the data level, rather than just the device.
Remote workforce attacks
The prevalence of attacks against remote workforces grew dramatically during the pandemic, and with many offices having implemented permanent remote work models, such attacks will only continue to grow. That being said, the benefits of remote work and bring-your-own-device (BYOD) are extensive. However, to enjoy these benefits without adding risk, organizations must rethink their approach to security and compliance by implementing the zero trust model.
With the digital realm now being the fifth theater of war, state-sponsored attackers are already targeting industries like defense, finance, and critical infrastructure. However, businesses that are not directly involved in those sectors must also be wary of these highly sophisticated threat actors, since they may still be the weakest links in much larger supply chains. In 2022, these attacks will likely become the defining characteristic of what many experts are calling a cyber ‘cold war’.
Supply chain attacks
More sophisticated attackers, especially state-sponsored threat actors, rarely target the most valuable assets directly. As has always been the case, attackers tend to look for the weakest link, which almost invariably lies somewhere along the supply chain. With supply chains now reaching the point of becoming ungovernable, it is more important than ever to deploy a zero trust security model to comprehensively manage and reduce third-party risk.
Deepfake technology might be in its infancy, but it has already been used to carry out highly convincing social engineering attacks. The techniques for manipulating audio or video content have now reached the point where it is possible to create targeted content to disseminate fake news, sway public opinion, and carry out advanced phishing attacks. For instance, in 2021, attackers used AI voice cloning to convince an unsuspecting bank manager into transferring $35 million.