In 2021 enterprises navigated increasing digitization and a more permanent shift toward hybrid and remote work models, creating security vulnerabilities and new attack vectors for cybercriminals to exploit. Learnings from 2021 will have a cascading impact on how businesses approach cybersecurity in 2022.
Lessons learned in 2021
- Remote work is here to stay
- Cyberattacks are not going away
- Cyberthreats present an existential risk
According to Gartner “remote work is now just work.” The 2021 Gartner CIO Survey found that 64% of employees are now able to work from home and 75% of knowledge workers expect future hybrid work environments. Gartner noted that “from a security perspective this requires a total reboot of policies and tools to better mitigate risks.”
Cyberattacks which escalated in frequency and severity during the height of the pandemic in 2020 continued to persist in 2021, evolving and increasing in sophistication. ISACA’s State of Cybersecurity 2021 Survey Report, Part 2 found that 35% of organizations are experiencing more cyberattacks in 2021.
Cyberattacks are also increasingly resulting in the loss of data and privacy. The number of U.S. businesses that fell victim to data breaches in 2021 increased by 17% rising to 1,291 breaches from 1,108 breaches in 2020 according to the Identity Theft Resource Center (ITRC). ITRC noted that this trendline continues to point to a record-breaking year for data compromises.
Ransomware attacks are trending upward too, wreaking havoc in enterprises. Security provider SonicWall reported in October a 148% surge in global ransomware attacks (495 million) year to date and predicted a record-breaking total of 714 million ransomware attacks by close of 2021. A July report by Atlas VPN estimated that ransomware has already cost victims $45 million in 2021.
No industry or sector is immune from cyberthreats and business leaders are starting to recognize the significant impact a cybersecurity incident has on an organization. According to Gartner, in the past five years, the percentage of boards that consider cybersecurity a business risk has risen from 58% to 88%.
The steep costs of cyberattacks can threaten the viability of enterprises, resulting in damage and destruction of data, operational disruption, revenue loss, reputational harm and theft of intellectual property. Cybercrime is predicted to inflict damages totaling $6 trillion globally in 2021.
Cascading impact of 2021 learnings in 2022
- Adapting and responding to new regulations and compliance requirements
- Elevating cybersecurity to a strategic issue
- Taking a proactive approach to cybersecurity
Governments are reacting to increased cybersecurity threats and incidents with more stringent data security regulations and compliance requirements. By 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020, according to Gartner.
Companies will have to adapt and respond to increasing data privacy and governance regulations by elevating their security posture. To avoid risk of non-compliance, enterprises should ensure that the tools they use to support digital operations are architected with highest levels of security and compliance. This includes mobile messaging and collaboration platforms. When platforms like these are not purpose built for the enterprise, they don’t protect organizations against internal and external threats to data and privacy, opening the door to regulatory action and fines.
In 2022, enterprises will rethink their approach to cybersecurity, building greater resiliency by integrating security into all aspects of business operations. Consulting firm McKinsey noted that “cybersecurity is not just about managing risk, it’s also a strategic issue that shapes product capability, organizational effectiveness, and customer relationships.”
The COVID-19 health crisis forced many organizations to accelerate digital transformation initiatives to ensure business continuity. Some of these on-the-fly changes compromised cybersecurity. Unsecure collaboration solutions, hastily implemented to keep teams connected, were a prime example of the operational security compromises made during the pandemic. With cyberthreats continuing to increase and evolve, enterprises are rethinking the use of these risky mobile messaging and collaboration platforms, moving to secure, end-to-end encrypted platforms that align with enterprise cybersecurity-driven strategies.
Bad actors are learning lessons from 2021 as well, retooling strategies to wreak havoc on enterprises. The best way for enterprises to stay a step ahead of cybercriminals is to equip their organizations and employees with secure by design digital tools. First line of secure communication tools for protecting sensitive business information like NetSfere’s communication platform as a service (CPaaS) solution can help enterprises take an actionable, proactive approach to keeping their data and networks safe and strengthening cybersecurity while providing their internal as well as external stakeholders tools for instant secure collaboration.