Cybercriminals are attacking corporate networks at least 50% more [1] frequently than they did in 2020. By the end of 2021, there were over 900 attacks per organization every week – an all-time high that you can bet will continue [2] throughout 2022.
Digital transformation goals were already driving cloud adoption well before the pandemic. Since then, enterprises like yours have the added responsibility of providing network access to their workforce from anywhere. That means employees are using the public internet and personal devices to access business cloud applications more than ever before.
At the same time, digital investments have become mission-critical for the modern enterprise. Not only are they necessary to support your distributed workforce, they're also a must-have competitive advantage.
But these initiatives have introduced new challenges that IT and security departments must overcome. Your cybersecurity perimeter has expanded exponentially and put a target on your company's back.
What does this mean for your enterprise? Time is running out for you to keep corporate data and critical business assets under lock and key - or, by extension, to keep an eye on the keys scattered across your network.
Simply put, it's time to prepare for the reality of modern cybersecurity. Let's take a look at the threat landscape and dangers that threaten enterprises in 2022.
The Dangerous World We Live In
If there’s anything that IT leaders can agree on, it’s that cyber threats are a growing concern. From the time you started to read this blog, at least six new attacks [3] have occurred. In fact, for only the second time in its 10-year history, the Allianz Risk Barometer [4] – a global survey of corporate risk – has ranked cyber incidents as the most important risk to businesses in 2022.
Why? Because regardless of industry - whether it be manufacturing, healthcare, retail, or finance - corporate data is a commodity of immense value. Data has become a lucrative target for hackers to hang over your company's head and squeeze as much money as they can in return.
According to IBM, the average cost of a data breach in 2021 was $4.24 million [5] – the highest sum in recorded history. For data breaches where remote work played a factor, the cost was $1 million more. Any way you look at it, this is an expense that no company can afford to pay, and certainly not on a recurring basis.
Data has become a lucrative target for hackers to hang over a company’s head and squeeze as much money as they can get in return.
Threats on a Breakneck Rise
When you consider the accelerating prevalence and complexity of attacks, it's no wonder that the cost of a single incident is growing to match. For enterprises, there's an entire rogue's gallery of threats that are a possible nightmare for IT security teams:
- Malware: According to McKinsey, the number of unique malware strains has increased exponentially since 2002, to over 130 million [6]. Newer, more complex types of malware are “fileless,” meaning they deploy malicious code embedded in native scripting language or written directly into memory, allowing them to move laterally in the environment.
- Ransomware: Globally, there were over 623 million ransomware attacks [7] in 2021, triple the amount recorded just two years prior. Ransomware victims paid more than $600 million to cybercriminals in 2021.
- Phishing attacks: Social engineering attacks prey upon human error and target unsuspecting users across your network. Per Cisco, 90% of data breaches [8] are the result of phishing attacks.
- Distributed Denial of Service (DDoS): Ransom-motivated DDoS attacks increased 29% year-on-year [9] and 175% between Q3 and Q4 2021. With an explosion of connected devices and IoT technologies on your corporate network, these endpoints are a dangerous threat vector. Such devices typically lack adequate security controls – a vulnerability frequently targeted by malicious hackers.
Indeed, cyberattacks are increasing in quantity, but they're also becoming much more daring overall. For example, take the case of SolarWinds. In 2020, an attack believed to be sponsored by Russian intelligence slipped malicious code - called an SQL injection - into SolarWinds' Orion software and used it to launch a massive attack on at least 18,000 customers, including the U.S. government and many Fortune 500 companies. The hackers were able to infiltrate and access the networks of countless Orion users.
But SolarWinds is far from the only victim of a high-profile cyberattack in recent years. From Colonial Pipeline to Kaseya to JBS, enterprises large and small have fallen prey to breaches in security, often to devastating results.
According to a SpyCloud report, 543 million breached assets [10], including 25.9 million credentials tied to Fortune 1000 employees, were available to cyber criminals online in 2020.
The Cloud-sized Security Gap
Companies have long invested in digital technologies to optimize their businesses, and that’s a trend that shows no signs of slowing down – for good reason.
Digital transformation fueled time-to-market acceleration and allowed organizations to compete in an increasingly crowded marketplace of firms. At the same time, strengthening your tech stack doesn't necessarily mean an equal investment in security - leaving critical vulnerabilities exposed in the process.
Of those investments, cloud migration has certainly led the charge. The race to the cloud began as a stroll, but the pace accelerated to a full-on sprint with the necessity of hybrid work during the pandemic. In fact, Gartner predicts global cloud spending [11] to surpass $480 billion in 2022 – a 21.7% increase.
Worse yet, remote users are expanding the attack surface and increasing risk.
With 83% of workers [12] in favor of hybrid work, global connectivity is now mission-critical. But as organizations shift to the cloud, complexity increases with every vendor added. Worse yet, remote users are expanding the attack surface and increasing risk. Simply put, security teams are struggling to maintain pace with the rate of change.
More Threats Around the Corner
All told, the state of cybersecurity appears to be bleak – especially when you look ahead to the future. According to IBM, there are plenty more threats in store [13] for enterprises in 2022:
- Cloud-bound malware will proliferate considerably.
- Ransomware gangs will increase DDoS attacks.
- State-sponsored financial attacks will rise.
- Cybercriminals will deploy more sophisticated tactics.
- There will be an outcry for zero-trust user and application security.
Indeed, enterprises are facing a grim reality. Without a comprehensive suite of next-generation networking and security technologies, businesses are leaving their most critical assets exposed. That’s why cutting-edge frameworks, like Secure Access Service Edge (SASE), are key to the future of enterprise cybersecurity.
Citations
[1] https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/
[2] https://www.industryweek.com/technology-and-iiot/cybersecurity/article/21184175/prepare-for-more-cyberattacks-in-2022
[3] https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
[4] https://www.agcs.allianz.com/news-and-insights/reports/allianz-risk-barometer.html#top10
[5] https://www.ibm.com/security/data-breach
[6] https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/cybersecurity-trends-looking-over-the-horizon
[7] https://www.sonicwall.com/2022-cyber-threat-report/
[8] https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list
[9] https://portswigger.net/daily-swig/report-ddos-attacks-increasing-year-on-year-as-cybercriminals-demand-extortionate-payouts#:~:text=Distributed%20denial%2Dof%2Dservice%20(,study%20on%20cyber%2Dattack%20trends
[10] https://spycloud.com/2021-report-breach-exposure-of-the-fortune-1000/
[11] https://www.gartner.com/en/newsroom/press-releases/2021-08-02-gartner-says-four-trends-are-shaping-the-future-of-public-cloud
[12] https://www.accenture.com/us-en/insights/consulting/future-work
[13] https://securityintelligence.com/articles/cybersecurity-trends-ibm-predictions-2022/
About GTT
GTT connects people across organizations, around the world, and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed, and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. We also offer a complementary portfolio of managed services, including managed SD-WAN from leading technology vendors.