Our cybersecurity predictions for 2022 first appeared in Perimeter 81’s Second Annual State of Cybersecurity Report, The Decentralized Workplace & The Cyber Complexity Trap. Our initial predictions have been supplemented with additional supporting data and other “fun facts.”
I thought that the worst of Covid was behind us when I started planning this blog, but the Omicron variant now seems to be spreading. Whether we’re post-Covid, in between variants—or whatever—it’s abundantly clear that our modern global world allows pathogens of all types to spread rapidly. A key lesson everyone should have learned by now is that businesses must be hybrid. Not for employee work-life balance (which is nice for employees), and not for increased employee productivity (which is nice for employers), but for business continuance (which is nice for everyone). And, of course, for a hybrid workplace to function, you need an IT infrastructure that lets employees safely connect to your networking resources wherever the resources—or employees—are located.
As the Covid Delta and Omicron variants made their way across the world in 2021, agile businesses, especially those with a Cybersecurity Experience Platform like Perimeter 81, were able to continue working. Signpost, a Perimeter 81 customer, even used the second shutdown to become fully officeless rather than move their headquarters from New York to Denver and saved millions of dollars in rent. If you stay agile in 2022, your employees, customers, and investors will all thank you.
When millions of people were sheltering in place or working from home during the first wave of Covid, the improvement in air quality was pretty much beyond dispute (although there was some fake news about dolphins in the canals of Venice). In addition to better-smelling and better-tasting air, Harvard University has discovered a clear link between exposure to particulate matter in the air and coronavirus death rates.
Governments at the national and local levels are all looking to implement policies to reduce pollution and meet the UN’s 2030 Sustainable Development Goals. Many countries are looking to ban the sale of conventional gasoline and diesel vehicles by 2030. Congestion pricing will be coming to New York, Tel Aviv, and many other cities in the near future. While this may be a headache for some or an undesirable additional expense for others, congestion pricing will give millions of workers additional reasons to work from home.
2021 was a big year for ransomware and cyberattacks, possibly even the “Golden Age of Ransomware and Cybercrime,” and it included successful attacks against the Colonial Pipeline, Volkswagen, Kaseya, T-Mobile, LinkedIn, and more. Perimeter 81’s market research shows that a remarkable 65% of companies experienced a severe cybersecurity incident in 2020-21, including 33% from ransomware.
The multi-billion-dollar profits associated with cybercrime will ensure that it continues. The only thing that will be able to make a dent in cybercrime will be coordinated action by governments and the private sector. Real success will only come from a sustained combination of cyber, legal, and police actions that will result in the arrest and imprisonment of hackers and the seizure of their assets. We have already seen that this can work: multiple governments working together were able to disrupt the operation of the REvil ransomware gang that was responsible for the Colonial Pipeline cyberattack.
To mitigate the business costs of a cyberattack, 67% of companies reported that they have already purchased cyber insurance while another 30% are considering it. To date, paying the ransom—especially through insurance—has often been the quickest and cheapest solution. In May 2019, the City of Baltimore didn’t pay a ransom of 13 Bitcoin ransom (worth about $100,000 back then) and non-payment cost the city nearly $18 million in cleanup costs and lost revenues—or almost 180 times more.
But as the ransoms have grown, cyber insurance premiums have increased by 50-100% and insurance companies are looking to limit their coverage or cap ransom payments. Another novel approach is for insurance companies to exclude “cyberwar” from their cyber insurance policies. What is “cyberwar”? The exact definition of the term and its impact on cyber insurance will be likely be decided by the outcome of Mondelez’s $100 million suit against the Zurich Insurance Company for non-payment regarding the damages they sustained in the NotPetya cyberattack.
Ransom payments in general could theoretically end altogether. AXA, one of Europe’s biggest insurers, announced that it would no longer cover ransom payments in its cyber insurance policies at the request of the French justice and cybersecurity officials.
While it’s still early to pass judgment, the Biden Administration’s Executive Order on Cybersecurity is a welcome first step to making the Internet safer. With this Executive Order, the federal government has recognized that we are all part of one giant network and is offering a plan for sustained, coordinated efforts in confronting cybercrime.
In 2022, the Cybersecurity Safety Review Board will hopefully open for business. Their near-real-time analysis of attacks will improve response times, reduce the impact of cyberattacks, and help promote best practices, including Zero Trust.
Their help will be critical for assisting US banking regulators in analyzing the “computer security incidents” that must be reported by all US banks within 36 hours of discovery. A “computer security incident” includes anything that harms the confidentiality, integrity, or availability of computer resources or data. The new rule will also extend to banks’ third-party vendors, who are required to notify banks of any cyber incidents that place them at risk.
With a little luck and a lot of hard work, 2022 just might be the beginning of the end for the “Golden Age of Ransomware” and the start of a safer Internet.