Cybercrime-as-a-service, growing awareness and securing the entire supply chain are among the most important trends in cybersecurity in 2022. In addition, the increasing professionalisation of cybercriminals in the area of ransomware demands appropriate preparation on the part of companies.
"Kaseya, SolarWinds, the Colonial Pipeline: 2021 attacks have once again demonstrated the importance of establishing cybersecurity as part of the corporate culture and implementing it across the entire supply chain," explains Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO) at TÜV SÜD. "Additionally, ransomware is now available to everyone as a cybercrime-as-a-service, including technical support. Cybercriminals have used 2021 to reposition themselves, professionalise and expand their field of activity. Therefore, it now becomes important for SMEs, industry and authorities to react." In line with developments, TÜV SÜD's security experts see the following trends for 2022:
Cybercrime-as-a-Service (CaaS)
Malware (ransomware) is now marketed by cybercriminals in a similar way to regular software and have thus created a business model. Malware can be bought for licence fees, even including technical support. This market will continue to grow. Companies must react proactively and invest more in the training and awareness of their employees as well as in the protection of their technical infrastructure.
Cybersecurity Awareness: Consumers are sensitised
Attacks on large companies and infrastructure have shown that the industry's cybersecurity measures, for example with IIoT, are significantly behind the attackers' methods. Here, it is in the interest of the industry itself to raise its own awareness of risks and threats and to jointly develop requirements that help become more resilient to attackers. End consumers are also increasingly paying attention to cybersecurity when deciding which connected products to buy, for example IoT devices such as smartwatches or other wearables.
Supply chain: Uniform security standards
Past incidents show that the supply chain in software development in particular still needs more awareness of cyber threats. There also needs to be common standards for secure software, such as those called for by the Charter of Trust, a global cybersecurity alliance of which TÜV SÜD is an active member. Manufacturers should support their partners and suppliers regarding compliance with new regulations in order to motivate them.
Global harmonisation: working together for more cybersecurity
"Standards are the backbone of cybersecurity." This motto must be lived internationally and requires cross-border cooperation. Industry and legislators must respond: Work must be done together on harmonised minimum requirements that ensure across industries and technologies that products and services are cyber-secure "ex works". Uniform and universally applicable standards for cybersecurity make it possible to strengthen the level of security.
Digital trust: protection for AI, automation and algorithms
AI and automation, for example, help companies to optimise processes and analyse their own data traffic in order to detect attacks, data leaks and thefts at an early stage. However, these technologies are only as reliable as the algorithms behind them are secured. Companies and organisations must be accordingly prudent in how they protect these technologies. Because cybercriminals are also increasingly using AI for their own purposes. Basic AI cybersecurity standards can support infrastructure protection and data integrity.
www.tuvsud.com