In 2022, life returned to something close to normal. Social distancing came to an end and we were able to make travel plans without having to think about lateral flow tests. The year had a few shocks, like the death of Her Majesty The Queen and some alarming heat waves. But the cybersecurity landscape remained familiar.
Cybercrime maintained its unwelcome presence. Twitter, Neopets and Uber all reported huge data breaches. In fact, the number of data breaches in 2022 surpassed 1,000, leading to almost 500 million breached records. GDPR enforcement goes on, resulting in large penalties for Google, Meta and Clearview AI as the importance of data security is underpinned.
In an eventful year, let’s take a look at some of the biggest events and the lessons learned from them in 2022.
A Year Of Breaches, Big and Small
2022 saw more data breaches than any year before it. Surfshark statistics show that Q3 of 2022 saw a 70% rise in breaches compared to Q2. These were not all attacks on small companies either – tech giants like Microsoft, CashApp and Crypto.com are just a few of the big names that succumbed to costly breaches in 2022.
The lessons are expensive no matter the size of the company. However, it all amounts to a single reality faced by all of us: no one is immune to breaches and cybersecurity adversaries are here to stay. The cybersecurity industry, and all who rely on it, must be ready to respond to this threat and work to reduce the number of breaches around the world.
Shifts In Awareness and Prioritisation
One thing that has come out of this rise in breaches is an increased urgency to address the problem. Awareness is spreading and improvement is becoming a major priority for businesses and governments everywhere.
The Biden Administration launched the cybersecurity executive order and, subsequently, more action is being taken to deliver improved collective protection from breaches. This is reflected in the growth of the industry at large. Research And Markets research estimate its current value at $173.5 billion, a number that is expected to grow to $266.2 billion by 2027. This encompasses investment in expanding the cybersecurity job force, advancing security practices and developing new cybersecurity technology.
Another example is an increase in investment by businesses in employee security training. This market is expected to hit around $10 billion a year by 2027. Training like this ensures employees have a solid understanding of the best practices for data security and what to do if a breach takes place.
Attack Surface Expansion
The pandemic reinvented the working world with a huge shift to working from home and working from anywhere. This trend has continued through 2022 as employees appreciate the flexibility of these arrangements. A significant percentage of the workforce is expected to still be working from home in 2025, but there is a downside to this. The attack surface data for adversaries has expanded, meaning they have more ways to break into confidential databases.
Another contributing factor to this is the enhanced reliance on using multiple cloud platforms. These two elements combine to make businesses more vulnerable to threats if they fail to take proactive precautions. The industry is responding to try and minimise the attack surface in light of these things. Tactics include:
- Mandatory security training for the entire workforce.
- Limiting the access employees have to vendors based on roles.
- Adopting Zero Trust and The Principle of Least Privilege wherever possible.
The RIse of Advanced Attacks Like Ransomware
Ransomware is a very successful attack method for cybercriminals. But it is not the only advanced attack type that has increased in 2022. There has actually been a substantial rise in the monetisation of Ransomware-as-a-Service (RaaS) providers, which is highly illegal. These providers deploy advanced cyberattacks in exchange for large payouts. This means cybersecurity professionals must be prepared for more refined and resource-backed malware.
This is shining a light on the need for businesses to work hard to keep up with the evolving threats. Investment in security teams is important, along with building up their arsenal and advancing their processes wherever possible. If you lack the resources for these investments, you may want to work with a security consultancy. This could help plug the holes and provide robust support for your organisation.
Security Vendor Consolidation
The final major trend from 2022 has been the consolidation of security vendors. Certain cybersecurity providers make claims to have one-size-fits-all solutions to the most complex and challenging problems. This can make it hard to ascertain which vendors can be trusted and which products are actually important.
Security organisations are increasingly analysing the ROI of their tech stacks. Those that are deemed unnecessary are being cut. There are two main reasons for this:
- Security: A larger tech stack provides more opportunities for adversaries to exploit to access your networks. Keeping unique vendors to a minimum reduces the attack surface.
- Budgets: The current state of the economy is forcing security teams to be smarter about their budgets. Making cuts to technology helps with this.
Making less do more is not an ideal reality for many. But it is our reality, so there is a growing need to track and analyse ROI from the products you use.
The Biggest Cybersecurity Breaches 2022
- January: NFT trader Todd Kramer is scammed out of 16 NFTs with a combined value of approximately £1.5 million.
- February: The Russian invasion of Ukraine involved a flurry of cyber attacks from both sides. These included malware on opposing military and political attacks on stock exchanges.
- March: Cyber attacks began spilling over into other nations and the UK Foreign Office was hacked by a ‘suspected nation state’.
- April: The Stormous ransomware gang announced it had hacked Coca Cola and stolen 161GB of data.
- May: Russian-sponsored cyber attacks continue with reported targets including the Eurovision Song Contest using DDoS attacks.
- June: Large data breaches this month included Yodel and Meals on Wheels. Both organisations were hit with ransomware attacks.
- July: This was the month virtual pet website Neopets reported a large data breach (the biggest of 2022). It reported that hackers has access to their systems for 18 months, accessing person information of over 69 million members.
- August: South Staffordshire Water was hacked at the height of a sweltering heatwave.
- September: Fintech firm Revolut fell victim to a ‘highly targeted’ social engineering attack due to a senior employee being tricked by a spear phishing scam. Around 50,150 customers were affected.
- October: Cyber criminals exploited Twitter’s overhaul of its verification process with a phishing scam urging users to follow a link to give away personal info.
- November: A deepfake video of cryptocurrency CEO Sam Bankman-Fried emerged to trick people into handing over money in the guise of recouping their losses after FTX went bankrupt.
- December: Intersport succumbed to a ransomware attack that froze cash registers across its French stores.
With cybercrime increasing on an annual basis, it is naive for any business or organisation, big or small to think they’re immune. Not only is the volume of cyberattacks increasing at an alarming rate, their sophistication is also becoming greater.
It’s vital that everyone, including individuals, view cybercrime as a real threat. Protecting your personal data could avoid the loss of sensitive information, finances and dignity. Protecting your business data, including personal details of your customers could see you avoid huge fine that may have the potential to but your business out of business!
Bread a culture of cybersecurity in your business, put robust tools in place to protect yourself and your business and educate your employees. Be doing so, you could avoid falling victim to the wave of cybercrime out there.
If you would like to learn more about this subject, and how you can protect yourself from cyber criminals, please read our article Cybersecurity and Cybercrime Explained.
Why choose Eventura as your cybersecurity partner?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.