Blog Post
February 23, 2023 | Cybersecurity education
How did cybersecurity change in 2022?
There are no two ways about it: 2022 was a tough year in all things cybersecurity.
With most concerns about remote and hybrid work relatively unchanged from the previous year, 2022 initially seemed like it would follow established trends, with new developments emerging gradually as time went on.
Hindsight is always 20/20, though, and 2022 rapidly became another banner year for cybersecurity concerns.
Critical infrastructure remained a theme in 2022, as major attacks on vital services like healthcare rose sharply and high-profile incidents made headlines everywhere. Elsewhere, the demand for talented security professionals rose sharply, and issues from years past remained frustratingly persistent.
The Russia-Ukraine conflict’s cybersecurity implications
Unfortunately, 2022 began with major changes that had wide-reaching implications in the form of the Russia-Ukraine conflict.
After nearly two months of tension, Russian troops amassed on the Ukrainian border invaded, leading to a widespread and prolonged conflict.
The invasion was preceded by coordinated cyberattacks on 70 Ukrainian government websites, compromising 10 and defacing them with threatening messages; further activity targeting Ukrainian systems involved a wiperware campaign in February 2022.
Russian cyber activity remains largely focused on Ukraine; however, the ongoing conflict presents an increased cybersecurity risk and concern for many organizations worldwide.
Ransomware threats surge
In April of 2022, Costa Rica experienced two crippling cyberattacks courtesy of the Conti ransomware gang. These attacks targeted essential services in the country, impacting everything from medical appointment systems to scheduled tax payments, leading to the exposure of an alleged 850 gigabytes of governmental data on top of lost millions.
The Costa Rican government declared a state of emergency in response to these ransomware attacks, the first time a government has taken such an action in response to a cybersecurity incident.
Cybersecurity workforce gap widens
Globally, the cybersecurity workforce grew by 11.1% year over year, and yet demand for skilled security professionals continues to outpace the supply of talent.
The reasons for this are frustratingly mundane: it takes time and resources to build cybersecurity expertise, both of which are hard to come by for many organizations facing the rising tide of cyberattacks.
Attacks on healthcare rise
The Federal Bureau of Investigation reported that 25% of ransomware attacks in 2022 targeted the healthcare sector. Cybersecurity concerns have been nearly as urgent as the COVID-19 pandemic response for healthcare providers as attackers continued to take advantage of the distractions and uncertainty around continued COVID-19 management.
The majority of major healthcare breaches in 2022 were the result of compromised third-party vendors, however, leading to greater scrutiny over organizations’ digital supply chains. By no means exclusive to the sector, cybersecurity in the digital supply chain is a theme that began to draw greater attention throughout the year that was.
Toolset complexity and alert fatigue
One thing that didn’t change? Toolset complexity and alert fatigue.
More tools don’t necessarily result in a better security response. In fact, companies with a more complex tech stack often have a harder time detecting and responding to an attack.
“Companies with a more complex tech stack often have a harder time detecting and responding to an attack.”
That’s because complex toolsets create noise that becomes easier to tune out over time, leading to what’s known as alert fatigue.
Imagine dealing with hundreds of alerts from multiple security tools at any given time and sifting through reams of data to try and figure out what’s a genuine threat and what’s a false positive.
Emerging cybersecurity trends you need to know about—according to the experts.
A brief history of cybersecurity tools
To give you a sense of how much cybersecurity approaches have changed over the years, let’s take a quick look at some of the solutions that IT has turned to and the approximate year they were introduced.
1990: Antivirus (AV)
Traditional antivirus software is designed to prevent attackers from compromising endpoints and servers, looking for attributes of known malicious files. In the mid-2010s, “next-generation antivirus” became a popular term used to market additional AV functionality. Used in isolation or as the core tool in a set, these programs can lack the comprehensive functionality needed to address all the threats facing a business.
2005: Security Information and Event Management (SIEM) software
SIEM software aggregates data and logs from tools like firewalls, antivirus software, and other detection sources. SIEM software can be costly, not to mention complex to set up and manage, as it requires careful configuration and testing to establish rules for detection. False positives are common in these cases.
2013: Endpoint Detection and Response (EDR)
EDR deploys an agent on an endpoint to collect data types beyond logs, enabling continuous monitoring on the endpoint—but data still needs to be analyzed by a mature security team or dedicated managed security service provider (MSSP), and the sheer volume of it can easily lead to alert fatigue when automation or support is not available.
2016: Security Orchestration, Automation, and Response (SOAR) solutions
SOAR solutions aggregate information from other programs that are often not designed to work together in the first place. SOAR aims to simplify security tool management and solve the problem of tech stack complexity but can lack the cohesion and ease of use of a holistic solution.
2016 to now: Managed Detection and Response (MDR)
Managed Detection and Response takes the benefits of EDR’s continuous monitoring a step further, delivering its benefits as a managed service. This allows companies of any size to get security expertise on their side.
Simplifying the cybersecurity toolset
Adding new technology to manage security has quickly become an outdated approach. Each new tool is another budget line item, and growing toolsets demand even more time to oversee. Each tool may only provide a view into one aspect of your IT environment, resulting in a siloed approach to threat management.
What’s more, integrating new tools is another time-consuming task; finding interoperable tools that scale to your security needs is tough.
The shift to remote work has only made this more apparent, with additional challenges from the use of shadow IT solutions—tools and software that an IT team doesn’t have total control or knowledge of—that staff may put in place to support their new work setup.
Rethinking cybersecurity for 2023
What does all this mean for 2023?
Security and IT teams everywhere are feeling the burn from the year that was 2022. There are new threats, too many tools and alerts—far too much for IT to manage. Cyber threats are constantly evolving as attackers uncover new exploits which means that you need an effective solution that can always stay a step ahead.
Not all companies can afford a CISO, let alone an in-house team of cybersecurity professionals, which only compounds these issues; you need trained staff to manage security systems, after all.
This year, a new approach to cybersecurity is needed.
This new approach starts with a holistic solution that empowers your company with a continuous view into your network, endpoints, and the cloud, allowing you to identify, prioritize, triage, and respond to cyber threats. Coupled with ongoing training and education for staff, your company will build strong security habits to better defend against potential attacks.
What’s next for cybersecurity?
Cybersecurity is a constantly evolving field. As new threats emerge, new security solutions are needed to defend against them.
Find out what’s in store for cybersecurity—including emerging trends, insights, and predictions from the experts at Field Effect—in our new eBook, The State of Cybersecurity.