In recent years, the technological dependence of companies and society has only increased. Companies have increasingly invested in digitizing their processes and providing the best experience for customers, partners, suppliers, and employees. 

The digital transformation process and new technologies such as Cloud, Big Data, Internet of Things, and 5G have brought an increase in cyber threats with them. And the migration to remote work models driven by the Covid-19 pandemic has made people and businesses even more vulnerable to malicious attacks. This makes the cybersecurity issue remain on the rise and the protection of this entire infrastructure is increasingly essential in organizations’ strategies.

Thus, as the end of the year approaches, security leaders are looking for the main information security market trends and the challenges that await them for 2022 to be prepared for this threat scenario. According to a Flexera study, cybersecurity will be the top IT initiative for half of the organizations surveyed. 

Therefore, in times when data is considered the new oil, it is essential that organizations know the market trends and then outline their cybersecurity strategies to protect this very valuable asset and ensure the continuity of their business.

Next, we present 9 information security topics that will be highlighted in 2022, which should be considered by organizational leaders in their cybersecurity strategies.

.

1. Greater Coverage of Data Protection Laws

With the exponential growth of data volume, news on data leaks will become more and more frequent. Consequently, the demand for data security and privacy is sure to grow. To respond to this trend,  governments tend to increase regulatory pressures through the publication of personal data protection laws. So much so that Gartner estimates the personal information of 75% of the world’s population will be covered by specific data protection laws by 2023. In 2021, China, Saudi Arabia, and Brazil were some of the countries that put specific data protection laws in force. Europe already regulated the transfer of personal data from European Union countries to non-member countries. On the other hand, the United States remains on the list of countries without a specific federal law to guarantee the protection of personal data, depending only on states like California, Colorado, and Virginia to legislate on the subject. 

2. Remote Work Protection

Work environments have undergone the greatest transformation in recent decades. Dining rooms were adapted so that we could share workstations and accommodate a remote workforce. According to research by Tenable and Forrester, 74% of security leaders recognize that the remote work measures implemented as a result of the pandemic have left their infrastructure vulnerable to malicious attacks. And even with the end of the pandemic and the return to face-to-face work, the expectation is that there will be a hybrid work adoption. Also, according to the survey, 70% of organizations plan to have their employees work from home at least one day a week. 

3. Cyber Awareness

It is jargon in the cybersecurity market that “it is impossible to invest in state-of-the-art security solutions without addressing the weakest link in this chain: people”. Furthermore, as security vendors develop new technologies to protect infrastructure, attackers devise methods to bypass them and carry out their malicious actions. According to Verizon’s Data Breach Investigations Report 2021, 85% of data leaks surveyed involved the human factor, with social engineering accounting for more than a third of those leaks. Phishing was present in 36% of data leaks surveyed by Verizon.

4. Talents Wanted

In recent years, we have seen an increase in the number of projects related to digital transformation and connected devices, as well as a migration to cloud-based environments. Additionally, the risk landscape includes cyberwars and attacks such as ransomware, which increasingly affect business continuity. However, security budgets have not kept up with this escalation. To adequately respond to these risks and ensure infrastructure protection, there is an increased demand for cybersecurity professionals. According to an Information Systems Security Association (ISSA) study, 57% of professionals surveyed said that the lack of cybersecurity talents had impacted their organizations in some way, while 10% recognized this impact as significant.

5. It is All About Connection

The development of 5G and the Internet of Things has led to a growth in the number of connected devices. These devices have enabled connectivity and have become increasingly essential in the daily lives of people and businesses. According to a Cisco report, the number of connected devices is expected to surpass 29 billion by 2023, resulting in a larger attack surface to be exploited by malicious attackers through vulnerabilities and malicious software. According to Gartner, by 2025, cyberattackers will turn Operational Technology (OT) environments into weapons to cause even human deaths. In this way, attacks on the so-called critical infrastructure, such as the generation and distribution of energy, water, and gas, can have serious impacts not only on organizations but also on governments and society.

6. Mobile Attacks

The spread of smartphones has made our personal and professional life easier, stimulating the development of a series of applications for communication, shopping, finance, and travel. In addition, the shift to remote work has led to increased use of mobile devices by employees, bringing benefits such as faster speed and productivity improvements. In 2020, the percentage of internet traffic through these devices surpassed that of desktop computers and laptops for the first time. Cybercriminals have taken advantage of these facts to increasingly use mobile devices as an attack vector. 

7. (Even) More Ransomware

Each year, we have seen new records in ransomware-related numbers. And in 2021, that was no different. SonicWall recorded a 148% increase in attacks involving ransomware in 2021, reaching the number of 495 million attacks with this type of malicious software, which is expected to exceed 700 million by the end of the year. It is worth remembering that the techniques used in these pieces of software have also become more sophisticated, showing an evolution in cybercriminals’ planning and execution of this type of attack. Moreover, the Ransomware-as-a-Service models have allowed scaling the development of this type of malicious software, allowing criminals without programming knowledge to develop their own ransomware. In September 2021 alone, SonicWall’s malicious software detection tools discovered more than 370,000 new malware variants, with governments and critical infrastructure being a top target.

8. Social Freedom

In recent years, we have seen social media influencing important events in some way, such as Brexit and the Brazilian and American elections via the Cambridge Analytica scandal. And with new occurrences involving Facebook and its employees, we will continue to see increasing pressure on social media to perform proper controls on their users’ posts. These posts include the dissemination of fake news and crimes such as selling illegal items, financial scams, and child pornography. This will undoubtedly influence governments to regulate and establish better-defined controls on how content is published, including the verification of facts posted on social media and facilitating access by authorities to the respective sources. 

9. Artificial Intelligence and Machine Learning for Cybersecurity

The elimination of the security perimeter and the migration to distributed work models, driven by the Covid-19 pandemic, made devices even more vulnerable to cyber threats. And with the increase in these threats, boosted by the lack of specialized security staff, it is essential to use tools based on Artificial Intelligence and Machine Learning to detect cybersecurity risks. Through the use of these technologies, one can analyze and recognize patterns for the prevention and adequate response to these threats. In this way, the cybersecurity process becomes much more proactive and effective.

You can see that 2022 will not be easy in terms of cybersecurity. With the trend of increasing attacks and scarce resources, security teams will have a tough mission to detect and adequately respond to the growing demands in the industry. Now, the question is not whether, but when organizations will suffer a cyberattack. Thus, adequately responding to cyber threats not only must be considered by the security teams but also be part of the business strategies.