Cybersecurity is never static, and that’s especially true today. After widespread and frequent disruptions in the past few years, the cyber defense landscape is shifting. Favored attack vectors are changing, new threats are emerging, and organizations are rethinking their cybersecurity focus.
Staying safe in the next few years requires an understanding of these developments. With that in mind, here are five data-backed predictions for how the state of cybersecurity will change.
1. The Cybersecurity Talent Shortage Will Worsen
Cybersecurity professionals today face a pressing talent shortage that will only worsen over the next few years. As cybercrime risks rise, so will demand for these workers, but this workforce segment isn’t growing fast enough to keep up. While one study revealed that 700,000 people joined the industry in 2021, that same study indicates that the world still needs 2.7 million more.
This skills gap could exacerbate the lack of cybersecurity knowledge that already plagues businesses. In a recent survey, 67.6% of cybersecurity professionals said they often have to educate their companies on proper security practices. With ignorance being such a prominent challenge, businesses may be slow to realize they need to attract more security workers.
Cybersecurity can also be challenging to break into thanks to its high technical requirements and continually evolving landscape. As a result, the profession will likely grow slower than it needs to.
2. Ransomware Attacks Keep Growing
Ransomware is another growing concern across businesses and industries. These attacks have become one of the most prominent threats of the last few years, and they will likely keep growing in the future. This trend results from two others: growing vulnerability among targets and increasing profitability.
The shift to remote work, which will likely become a permanent fixture, makes ransomware more threatening. Employees at home on their own devices are more vulnerable to phishing attempts, which is how many ransomware attacks are initiated. As working from home continues to be the norm for many, threat actors will have more opportunities to deliver ransomware.
Financial incentives for ransomware are also growing. The average costs nearly tripled between 2019 and 2020 as data has become more valuable and companies have become less willing to lose it. As companies continue to collect more sensitive data, criminals will keep raising the price of their ransoms.
3. Cybercrime Against Property Rises
One less common type of cybercrime that will grow in the future is attacks against property. Internet of Things (IoT) connectivity is growing, bringing more devices online and expanding attack surfaces. Since many of these attack vectors are new, they also slip under the radar, making them enticing targets.
Cybercrimes against property could be destructive. For example, many new cars come with mobile Wi-Fi hotspots, making them potentially susceptible to attackers. A targeted vehicle could be far more dangerous than a data breach, even threatening the lives of drivers and nearby pedestrians if malicious actors succeed in gaining control.
IoT devices are already notoriously lacking in built-in security features. Security will likely be slow to catch up as IoT connectivity expands, driving a rise in cybercrime against property.
4. International Cybercrime Targets China and Russia
As home to many of the world’s most influential companies, the United States has remained a favorite target for cybercriminals. However, over the next few years, China and Russia will become more frequently targeted, as well. This trend could threaten international companies with the creation of cybercrime hubs in these countries.
Between 2006 and 2018, 108 cyber incidents with $1 million or more in losses stemmed from China—more than any other country. Russia came in second with 98 major cyber incidents. These nations are already hubs for cybercrime, a reality which could work against those countries as they strive to become larger players in the data and tech space.
China already suffers the highest malware infection rate globally, with Russia not far behind. These trends will grow as international cybercrime ramps up and threatens businesses with data centers or operations in these nations.
5. Supply Chain Cybersecurity Becomes a Focus
Another trend that has already emerged is a growing focus on supply chain cybersecurity. Global supply chains faced new strain when the COVID-19 pandemic disrupted operations, placing an even greater emphasis on online shopping. This made supply chains and retailers even more susceptible to cyberattacks, which was further enabled by growing adoption of IoT devices.
As a result, supply chain cyberattacks rose 42% in the first quarter of 2021 alone. High-profile events such as the SolarWinds attack have highlighted the importance of supply chain security along with some current shortcomings. As these trends continue, businesses will place new emphases on this area going forward.
Supply chains have much room for improvement, with 61% of surveyed organizations having limited visibility into their supply chain’s security. Given the risks and state of the industry, these concerns will likely remain a focus for years to come.
Cybersecurity Is Always Evolving
Cybersecurity will be a leading issue as long as the world relies on digital technologies. Its importance is unwavering, but trends are continually shifting, and security professionals must stay on top of these changes.
These five trends are not the only changes that could come to cybersecurity but are the most likely and significant. Organizations hoping to stay safe in the next few years should keep them in mind.
About the Author: Dylan Berger has several years of experience writing about cybercrime, cybersecurity, and similar topics. He’s passionate about fraud prevention and cybersecurity’s relationship with the supply chain. He’s a prolific blogger and regularly contributes to other tech, cybersecurity, and supply chain blogs across the web.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.