By DeVry University
December 2, 2022
11 min read
Companies around the world are faced with a burgeoning number of cyber security threats, data breaches and attacks that can be expected to grow in volume and complexity over time. Therefore, cyber security responses and preventions must evolve in capability and function to match these growing threats.
In recent years, cyber security has become a strong focus for organizations of all sizes in the wake of highly publicized data breaches and cyberattacks. This is leading companies to adopt a stronger focus on prevention, versus merely detection or response, to stay ahead of cybercriminals.
In this article, we'll be highlighting 15 cyber security trends and their importance. Whether you’re hoping to enhance your understanding to support your current role in the field or you’re thinking about pursuing a career in computer and internet security, these trends can help provide key insights into the changing landscape of cyber security.
- Remote Workers
- IoT Vulnerability
- Machine Learning
- Increased Focus on Mobile Cyber Security
- Multi-Factor Authentication
- Artificial Intelligence (AI) Integration
- Malware Prevention
- Distributed Denial-of-Service (DDoS) Attacks
- Ransomware Protection
- Cloud Storage Security
- Firewall as a Service (FWaaS)
- Extended Detection and Response (XDR)
- Third-Party Supply Chain Risk Management (SCRM)
- Secure Access Service Edge (SASE)
It can take millions for a company to recover from a severe cyberattack, and many businesses can't afford to take a relaxed approach to their data and network protection anymore. Being a victim of a cyberattack can be costly.
According to IBM’s annual Cost of a Data Breach Report, breaches are costing more, and having more impact than ever. The current average cost of a data breach for all industries is $4.3 million, an increase of 13% over the past two years. For the past 12 years, the healthcare industry has had the highest average cost, at slightly more than $10 million per breach.
Mainly driven by the emerging e-commerce platforms and the widespread use of technologies such as IoT, artificial intelligence, cloud security and others, the global cyber security market is projected to grow from $155.83 billion in 2022 to $376.32 billion in 2029 according to Fortune Business Insights.
Cybersecurity Ventures expects global cybercrime costs to reach $10.5 trillion USD annually by 2025. This figure takes into account:
- Damage and destruction of data
- Stolen money
- Lost productivity
- Theft of intellectual property
- Theft of personal and financial data
- Post-attack disruption of normal business
- Forensic investigation
- Restoration and deletion of hacked data and systems
- Reputational harm
Sizeable fines assessed by regulators such as the Federal Trade Commission and the Consumer Financial Protection Bureau in the United States, and their European and Asian counterparts clearly suggest that regulatory agencies are getting serious about punishing organizations that fail to protect consumer data. According to CSO, since 2019, Amazon, Equifax, Home Depot, Capital One and others have paid nearly $4.4 billion combined in penalties, levied by regulators in the United States and abroad.
Learn more by exploring these 15 trends in cybersecurity.
1. Remote Workers
More people working from home means new cyber security risks. The reason for this is simple – people. Human error is often the enabler of severe cyber security breaches. An employee working at home may be more likely to have a less-secure Internet connection, leave their computer unattended or be fooled by an innocent-looking email from someone posing as a trusted colleague. This is precisely why target ransomware and phishing attacks make up a large portion of the hacker’s arsenal. As these wolf-in-sheep’s-clothing cyberattacks increase in sophistication, look for companies to step up their efforts to train their remote workforce in good cyber hygiene practices in 2023.
2. IoT Vulnerability
Computing devices embedded in IoT products allow for sending and receiving data over the Internet, posing significant security threats to users, and exposing them to cyberattacks. Smart appliances, such as voice assistants, like Google Home, fitness watches and even smart refrigerators are all IoT (Internet of Things) devices. According to forecasts by Insider Intelligence, there will be 3.74 billion IoT mobile connections worldwide by 2025 and more than 64 billion IoT devices installed by 2026. As the recent growth of the IoT has created new opportunities for business and enabled quality of life improvements for consumers, the doors of opportunity for cybercriminals have also been flung wide open.
3. Machine Learning
The expanding role of machine learning (ML) in cyber security has become more proactive. With ML, cyber security is becoming simpler, more effective and less costly. ML develops patterns from a rich dataset and manipulates them with algorithms to anticipate and respond to cyberattacks in real time.
To produce effective algorithms, this technology relies heavily on rich and sophisticated data, which must come from everywhere and represent as many potential scenarios as possible. By implementing ML, cyber security systems can analyze threat patterns and learn the behaviors of cybercriminals. This helps to prevent similar attacks in the future and reduces the time cyber security professionals need to perform routine tasks.
4. Increased Focus on Mobile Cyber Security
According to Statista, there are 6.5 billion smart phones currently in use in 2022. As consumers increase their usage of mobile devices for personal and business communication, shopping, banking and booking travel, these devices become an increasingly appealing avenue of opportunity for cybercriminals.
The apps we download on mobile devices can also put us at risk, and malicious developers have tricky ways to circumvent the safeguards of mobile app stores.
According to Cybernews, Apple prevented more than 1.6 million apps and updates from defrauding users in 2021, which in turn protected $1.5 billion in likely-fraudulent transactions through its App Review process and Developer Code of Conduct. Look for more diligence from the tech giants as we head into 2023.
5. Multi-Factor Authentication
We all know that an unprotected password can allow cybercriminals to gain access to your bank account, credit cards or personal websites. This enables them to gain access to your money and your personal information and compromise your overall digital security.
MFA adds another layer of security to your personal accounts by adding another step – or two – to your logins. Remarkably easy for most people to set up, MFA blends at least two separate factors of authentication. The first is your username and password. The second could be a device, like your cell phone, where you would receive a verification code text, or it may be some kind of biometric verification like a fingerprint.
According to the identity and access management company Okta, more than 55% of enterprises use MFA to protect security and that number rises each year. In 2023 look for more consumers to adopt multi-factor authentication (MFA) as part of their cyber security behaviors to make it twice as hard for hackers to gain access to their accounts.
6. Artificial Intelligence (AI) Integration
Traditional cybersecurity techniques like antivirus software, firewalls and anti-malware engines are no longer sufficient enough to protect against threats produced by machine learning-powered attacks. Artificial intelligence integration in cyber security is rapidly driving growth in this industry, from $8.8 billion in 2019 to a projected growth of $38.2 billion by 2026.
AI-powered cybersecurity is adept at handling large volumes of information over long periods of time. AI can quickly and efficiently analyze data from structured and unstructured resources and assist in rapid decisions about critical and remediate threats, reducing the time between detection and response.
As providers of threat intelligence reports, AI and machine learning can understand trends, patterns and flows and work to predict them, all while providing data visualization and cyber security forecasting for its users. AI is proving to be an important tool for organizations' cyber security, now and in the future.
Cyberespionage, also known as cyber spying or computer espionage, is a form of information gathering that involves using computers and the internet to gather intelligence from a target. Cyberespionage is used to steal personal or classified information to profit from it, especially from competitors to gain an edge in their market or nation-states that are interested in obtaining military or economic secrets.
There has been an alarming increase in cyber espionage attacks in the past few years, and cyber espionage has become a dangerous threat for larger organizations.
8. Malware Prevention
Malware is a type of sophisticated, malicious software designed by professional cybercriminals to infect networks, computer systems or devices in order to steal data, harm them or render them inoperative. Malware prevention involves various approaches to combat the ever-changing tactics that cybercriminals use. Here are some evolving malware protection methods that companies may consider implementing:
- Secure Storage: This refers to storing sensitive information in a digital storage vault that is only accessible by individuals with the appropriate permissions.
- Data Protection: Data protection refers to safeguarding data through encryption or other means, such as temporary access restrictions or hardware locks, so that it remains inaccessible if stolen or lost.
- Business Continuity Plans: Business continuity plans are made in advance for situations like natural disasters and power outages, which may cause an entire business to shut down temporarily. These plans offer alternative solutions to keep the business running indefinitely despite attacks or calamities.
9. Distributed Denial-of-Service (DDoS) Attacks
Distributed Denial-of-Service (DDoS) attacks are malicious attempts to disrupt the regular traffic of a targeted server, service or network by overwhelming the platform causing it to exhaust its resources and eventually crash. DDoS attackers often take advantage of malware that can turn personal computers into remotely controlled bots that work together as a "botnet."
DDoS attacks take advantage of a vulnerability in an organization's IT infrastructure by sending many network packets to a system and overloading its bandwidth, flooding the target with an overwhelming quantity of superfluous communication requests, thus preventing access to or use of a particular network resource. Various types of DDoS attacks include:
- Application Layer Attacks
- Volume Based Attacks
- Protocol Attacks
- Reflection/Amplification Attacks
- Routing Attacks
The primary trend in DDoS attacks is that they are becoming more sophisticated; hackers are finding new ways to execute DDoS attacks with techniques like multi-layered reflected amplification (MLRA) or Domain Name Server (DNS) amplification.
10. Ransomware Protection
Ransomware is malware that restricts access to the computer system, encrypts its data and demands a ransom to remove the restriction. Ransomware protection is a must-have for businesses because it's nearly impossible to predict when or how you'll be targeted. However, ransomware protection software can help detect if your business has the potential to be attacked by ransomware, as well as detect and remove ransomware before any harm is done. The following are some additional ways companies can safeguard themselves from ransomware:
- Developing a prevention plan with detailed steps for handling ransomware incidents.
- Assessing the risk of an incident occurring and executing appropriate response plans accordingly.
- Training employees on safe practices to avoid getting infected with malware.
11. Cloud Storage Security
Cloud storage is a way for organizations to keep their data secure and accessible by letting a third-party public or private company handle their data storage. However, when relying so heavily on technology, it's important to make sure you've done everything in your power to protect that data from cyberattacks and other vulnerabilities.
According to Adam Gordon, a veteran CISO and CTO in the IT and cybersecurity industry, the top threats cloud storage services face include the misconfiguration of cloud storage that leads to:
- Lack of monitoring, visibility and control due to scale
- Incomplete, cumbersome and unaccountable data deletion processes
- Vulnerability of cloud applications to attacks due to lack of security baked into the apps
12. Firewall as a Service (FWaaS)
Firewalls are important for any network, but they can be a financially demanding investment for both large corporations as well as small business owners. FWaaS is a more cost-effective alternative to hardware firewalls, which have become less necessary with the advent of modern antivirus and anti-malware programs.
Firewall as a Service (FWaaS) protects against threats by blocking them before they reach their target. This is done without compromising the computer's performance, which saves both time and money. It has many advantages, such as being cheaper, more flexible to business needs and not requiring any equipment.
13. Extended Detection and Response (XDR)
Extended Detection and Response (XDR) is a vendor-specific software as a service (SaaS) threat detection and incident response tool that natively integrates multiple security products. This new cyber security strategy is often used with prevention, detection, response and recovery measures to counter new cyber threats. XDR models include a decrease in response times to quickly identify threats, an automated system for forensic analysis and timely duplication of data storage online for faster access if needed.
By bundling cyber security tools using a SaaS, XDR collects and correlates data about advanced threats and then analyzes, prioritizes, hunts down and remediates threats to prevent security breaches. XDR provides unified visibility across multiple attack vectors as it selectively targets and prevents breaches before they occur, decreasing the reaction time to threats.
14. Third-Party Supply Chain Risk Management (SCRM)
Supply Chain Risk Management (SCRM) are strategies used to manage both everyday and unique risks in supply chains based on continual risk assessment. These days, vendor risk management is often tied to data privacy as compliance regulations increase in response to higher volume and risks of data breaches at local, regional, federal and international levels.
Increasing the knowledge of accountability and visibility of compliance in the entire supply chain is the goal of SCRM. Management of Personally Identifiable Information (PII) and Protected Health Information (PHI) by third parties is becoming a top priority for organizations, including inner compliance and "downstream" vendor compliance. Data privacy and SCRM is a timely trend in the cybersecurity private and public markets.
15. Secure Access Service Edge (SASE)
Secure access service edge or SASE (pronounced “sass-EE”) is a term coined by marketing analyst firm Gartner that represents, according to Cisco, any "network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions." SASE is a cloud-delivered service with the convergence of wide-area networking (WANs) and network security services.
SASE combines integrations like CASB, FWaaS and Zero Trust into a single, cloud-delivered service model for businesses to benefit from with a three-pronged goal: connecting, controlling and converging cybersecurity functions into one service platform.
Stay on Top of Cyber Security Trends
Cyber security professionals handle many important tasks, including developing strategies to safeguard networks and systems, building functional security solutions and even ethical hacking to rigorously investigate systems. If you are thinking about pursuing a cyber security career path, consider starting your education here at DeVry.
Our online Cyber Security Certificate can teach you fundamental cybersecurity skills in as little as 1 year and 4 months, or even more quickly with qualifying transfer credits.* You can also learn how to protect data and set up secure networks with our Bachelor’s Degree Specialization in Cyber Security or our Bachelor’s Degree Specialization in Cyber Security Programming.
Get Empowering Stories and Insights to Reach Your Education, Career and Life Goals.
*Not including breaks. Assumes year-round, full-time enrollment.