Throughout 2021, cybercriminals executed attacks for monetary gain – and it worked. Colonial pipeline paid $4.4 million following a ransomware attack, and that is just one example of countless ransomware attacks over the last year. If cybercriminals’ tactics are working, they will not change their ways. Organizations need to prepare for these attacks to continue by ensuring adequate proactive protections.
By Simon Eyre, Chief Information Security Officer, Drawbridge
Increasing data exfiltration and data leak threats
As traditional ransomware attacks are gaining attention from governments and cyber-awareness has improved, we will see more data exfiltration and data leak threats. These threats can cause significant damage to an organization’s reputation, privacy, and intellectual property. As a result, businesses will prioritize a comprehensive understanding of data flow processing and subsequently apply the correct risk assessment mitigations.
Heightened regulatory action
Throughout 2021, we have seen regulators become increasingly involved in cybersecurity issues, which will likely continue in 2022. This year was marked by more prescriptive requirements from the Securities and Exchange Commission (SEC) and Monetary Authority of Singapore (MAS) around cybersecurity and the likes of the Financial Conduct Authority (FCA) stepping up their expectations for Operational Resilience. It is clear regulators are working hard to ensure the increase in hybrid working has not affected cyber and operational requirements. And although increased regulation has begun, it is likely only the start.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.