As we count down towards 2022 here are our top 5 predictions for the coming year, and what it could mean for cyber security, awareness and prevention.

1. Increasing attacks on software supply chain

The grim reality for us all is that supply chain attacks are likely to continue to present new lucrative opportunities with criminals looking to exploit the weakest links. And be aware that no one is immune: SMEs as well as major players could fall victim.

The healthcare, energy and resource sectors have already proved attractive to hackers due to supply chain integrity issues, and we expect this trend to continue in 2022. Firms should also be aware of the ongoing threat posed by open-source software. Attackers will insert new threats into open-source libraries that are then unwittingly fed into software supply chains.

2. Ransomware gangs putting lives at risk and engaging in ‘pile-ons’

Ransomware will continue to be a major risk into 2022. And just because you have been a victim once doesn’t rule you out of further attacks. Once an organisation has been shown to have vulnerabilities others may pile-on to try and taken advantage. It’s not unusual to see threat actors target a company multiple times.

There is also a worrying trend of cooperation between threat actors. There is a thriving black market with a criminals’ supply chain that enables even D-list threat actors to obtain the tools and services needed to launch a successful attack.

3. Hybrid Working risks

The rise of hybrid working and continued evolution by threat actors means 2022 has plenty of scope for illegal cyber breaches. There needs to be a culture shift in how we secure the future of working.

Organisations should embrace a new approach to security that helps to mitigate risk and enable resilience. By applying the principles of zero trust – less privilege access, mandatory access control and stronger identity management – organisations can drastically reduce the attack surface. Too many organisations think being behind a firewall is enough to keep an endpoint safe – not so. In the era of hybrid work, identity management will never be more important.

4. Phishing threat continues

Phishing will remain a threat. Employees have been using personal devices for work or vice versa, for tasks such checking emails or research. It’s likely there will be an increase in phishing attacks targeting both corporate and personal email accounts. This essentially doubles the attackers’ chances of success.

5. High-profile sporting events to exploit

High profile sporting events such as the Winter Olympics in Beijing and FIFA World Cup in Qatar give threat actors plenty of scope for exploitation. Such large events attract opportunistic attackers, be it a direct attack on organisers, sponsors, participants and fans, or as phishing for malware and ransomware campaigns targeted at users.

Whatever 2022 brings make sure that you and your business have cyber strategies in place to protect and prepare you from potential crime. For support and guidance on how to best manage cyber security, at a budget that works for you, contact a member of the NEBRC team at: enquiries@nebrcentre.co.uk