Cybersecurity has become a priority for organizations over the last decade. However, cyber structures of global corporations are frequently compromised – something we hear about nearly every week on the news – as organizations adapt to rapid changes in technology.
As technology advances and cybercriminal tactics evolve, it’s never been more important for organizations to keep ahead of new trends. Here, we look at the top cybersecurity trends for 2022, as well as how they affect trends for Microsoft 365 and Azure Active Directory, and offer some practical advice on how to bolster your cyber infrastructure.
Boost cybersecurity with Microsoft 365
With over 200 million monthly active users, Microsoft 365 is a key cybersecurity focus for most enterprise security teams, and a target for many cyber bad actors. After recently delivering over 100 Microsoft security assessments and hardening engagements for our clients, MessageOps has observed the following security trends and received the following feedback from financial, healthcare, retail, and government organizations with 250 to 15,000 seats.
- Default security settings for Microsoft 365 boost productivity and collaboration, but don’t establish a strong security posture. All enterprise and security-minded organizations must address this risk with updated settings and targeted security controls.
- Clients are using a documented security framework to establish a strong security posture for Microsoft 365. In working with clients during security assessments and hardening engagements, we typically recommend configuration updates or investigation of 50—75 security controls related to Microsoft 365 and Azure Active Directory.
- The abrupt shift to remote work during the Covid-19 pandemic accelerated the need for clients to collect information and act on security risks outside their trusted network. As a result, Microsoft added new features for identity access control, predictive threat analytics, and the ability to react to cyber threats using AI-powered protection mechanisms. The most sophisticated of these AI-powered and automated features are included in the advanced capabilities of the Microsoft 365 E5 subscription.
- Microsoft’s R&D investment of over $1B per year in security tools and features has paid off by producing new security controls, alerting/reporting capabilities, and AI-powered cyber features that are proactively closing cybersecurity gaps.
- Typical security assessment and hardening engagements focus on Microsoft 365 services such as Identity Access Management, email, device endpoints, and collaboration with SharePoint, Teams and OneDrive for Business. Our security consultants have the ability to focus specifically on Microsoft 365, or broaden engagements to include Microsoft Azure, third party security tools, and security policy reviews.
The need for cybersecurity technology in 2022
In 2022, the need for cybersecurity is greater, as the lines between business operations and the technologies which support them blur. Research by Gartner, back in 2018, predicted that the cybersecurity market would grow to reach $170 billion in 2022. In view of the COVID-19 pandemic, more organizations have moved their business processes online, with a greater uptake in cloud technologies, collaboration tools, automated process platforms, and data analytics.
And with more integration between platforms, and the flow of data between them, it’s imperative that organizations protect their company and customer information from cyberattacks.
Another reason for this urgency is that current approaches to cybersecurity are falling short. By September 2021, the number of cyberattacks had already exceeded the total number in 2020 by 17%. By the end of 2021, there were a record number of breaches, and this trend doesn’t look to be slowing down.
For organizations with sensitive customer data, a breach in security can undermine the trust of the customer. For smaller organizations, it can be life or death. A breach, and the measures taken to repair it, cost an organization $200,000 on average. For organizations without a huge amount of capital to begin with, this could mean closing shop for good.
Free White Paper! Solving the Challenges of Cloud Security with Microsoft 365
Top cybersecurity trends for 2022
Trends in cybersecurity adapt with new technology models. And since the pandemic, business technology has changed significantly. More employees work from home, which has necessitated new collaboration tools, cloud computing platforms, data repositories, and automated systems.
These software programs have been crucial in supporting remote workers, but they are also common targets for cyberattacks. Let’s take a look at how cybersecurity technology in 2022 will change, and what businesses must do to adapt.
Remote work attacks
Since the pandemic, cybercriminals have taken advantage of the remote work dynamic, and remote workers were among the first targets of hackers. Employees were suddenly working unconventional hours, which meant logging onto their organization’s networks during a lull in security monitoring. And hackers took advantage of these remote workers, finding a way into data systems when security was weak.
Therefore, cybersecurity training is incredibly important for businesses using a remote work model, but for most of the pandemic it has been overlooked. In 2022, business leaders are looking to up the importance of stringent security measures for home workers, devising policies around what types of devices can be used, what employees are responsible for, and when they should be accessing company networks.
More ransomware attacks
In 2020, the “frequency and complexity” of ransomware attacks increased by 150%, a trend set to continue into 2022. A high-profile case in 2021 was The Colonial Pipeline, which paid over $4 million to cybercriminals, with the help of the FBI. In this case, and many others, organizations choose to pay the ransom, which only incentivizes hackers further and allows organized criminals to reinvest funds. This dynamic strengthens the position of organized cybercriminal groups, such as DarkSide (thought to be behind The Colonial Pipeline attack).
In 2022, organizations are taking more proactive measures to prevent ransomware attacks, training employees about phishing emails, bringing software patches up to date, and putting a continuity plan in place, so responses to a ransomware attack can be enacted more efficiently.
IoT attacks
The Internet of Things (IoT) means more devices around the world (fridges, watches, thermostats, lights, cars) are connected to the internet. These connected “things” make life more convenient for the user, but also make organizations more vulnerable to cyber threats.
Cybercriminals can gain access to a company’s network through vulnerable devices, such as fridges or smart kettles, using them as a portal through which to mine company data. The IoT is a lucrative industry, and, in 2019, 61% of companies implemented IoT applications. However, while these devices provide an extra measure of comfort, organizations need to assess the status of a device’s security, only using IoT devices that are secured by design.
AI-powered cybersecurity
More organizations will invest in AI-powered cybersecurity technology in 2022. AI technology is good for identifying patterns of behavior that are out of the ordinary, meaning it can detect malware activity more accurately and quicker than a human. Research by Capgemini found that two thirds of businesses believe AI is essential to countering cyber threats, and three quarters of businesses are now testing the technology for this purpose.
But as cybercrime becomes more well-funded and sophisticated, it’s vital that organizations take equally sophisticated measures to protect their networks. AI-powered technology is a cybersecurity trend that looks set to take hold in 2022.
Improve your cybersecurity technology in 2022
Cybersecurity trends are worth keeping track of this year. As malware technologies become more sophisticated, organizations need better systems for protecting their networks. A great place to start is protecting your software ecosystems, such as the Microsoft 365 stack, which is more vulnerable to threats in 2022.
MessageOps helps businesses protect their Microsoft infrastructure, with advanced threat protection that prevents cyberattacks and ensures your business stays safe.
Strengthen your cybersecurity technology in 2022 with MessageOps. We have over ten years of expertise in Microsoft security, helping businesses worldwide stay secure.
Get our updates straight to your inbox!
Sign up for our email updates to make sure you don't miss any of our new content.