2022’s Cyber Trends: What Inversion6’s Experts Have to Say
In case you were out of the loop this year – here's what Inversion6’s team saw in the cybersecurity space:
Christopher Prewitt – CTOAttackers were focused on credential-based strikes.
The mix of Business Email Compromise (BEC), Account Takeover and Supply Chain have been all the rage. The goal of these attacks was to minimize the time waiting for a fresh zero-day vulnerability to arise.
These tactics have been used to exploit cybersecurity vulnerabilities and led to ransomware impacts for companies of all sizes across all industries.
Chris Clymer – CISO – CTOApplication updates and regulations were taken to new heights.
PCI updated to 4.0. ISO 27001 released a long, long overdue update. CMMC hasn’t fully launched and is already on a second version. On top of all, HITRUST made significant changes.
Additional states passed privacy laws and cybersecurity regulations focused on the insurance industry.
The U.S. Securities and Exchange Commission (SEC) rumbled and took a stronger hand in cyber regulation. Meanwhile other federal level agencies focused on various verticals like: DOT and DOE.
For the agencies that aren’t directly regulated, security is growing as a contractual requirement. This is because their insurance carriers require it; or their customers are regulated.
Craig Burland – CISO – CTOThreat actors were vengeful during businesses' digital transformation.
We saw great progress this year with businesses moving infrastructure to the cloud, building smart products, monetizing equipment data and embracing “as a Service”.
This revealed significant risks in these paradigm shifts as organizations learned the difficulties of the shared responsibility model. These companies also discovered vulnerabilities in critical infrastructure and user-beware aspects of SaaS.
In 2022, bad actors started their own digitization journeys by using Malware or Phishing as a Service. On the positive side, these realizations triggered renewed focus on concepts like “secure from the start” and “cyber as a customer”. These are essential to keep businesses secure in the digital age.
Jason Middaugh – CISOCyber insurances policies were extremely modified.
No more single inquiry cyber insurance renewals with the question being; Do you run anti-virus? Check yes or no.
Thanks to the cybercriminal overlords and the exponential increase in ransomware, cyber insurance renewals are now drastically more complex. Renewals are also vastly harder to obtain and obscenely more expensive.
There are new coverage processes that include mandatory external vulnerability scans, validations from third parties and more. The good news is those old security projects you mentioned to your management finally got the green light. And now they’re in the execution stages.
Jack Nichelson – CISOSocial engineering cyberattacks were still the most effective.
Did you know 91% of all cyberattacks begin with a phishing email?
Social engineering is so effective because there isn’t a technology-driven solution for cybersecurity’s biggest roadblock – human action. Both Uber and Rockstar Games cybersecurity programs were breached this year due to a threat actor successfully tricking an employee.
Roughly 97% of those with internet access cannot identify a phishing email. Hence why many readily click on phishing emails and fall victim to cyberattacks.
There is a huge need for awareness and education to identify and prevent costly network hacks.