"Kaseya, SolarWinds, the Colonial Pipeline: The attacks in 2021 have shown once again how important it is to establish cybersecurity as part of the corporate culture and implement it across the entire supply chain," explains Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO) at TÜV SÜD. "In addition, ransomware is now accessible to everyone as cybercrime-as-a-service, including technical support. Cybercriminals have used 2021 to reposition themselves, professionalize and expand their field of activity. It is therefore now important for SMEs, industry and authorities to react." In line with these developments, the security experts at TÜV SÜD see the following trends for 2022

Cybercrime-as-a-Service (CaaS)

Malware (ransomware) is now marketed by cyber criminals in a similar way to regular software and has thus created a business model. Malware can be purchased for license fees, even including technical support. This market will continue to grow. Companies need to respond proactively and invest more in training and awareness for their employees and in securing their technical infrastructure.

Cybersecurity awareness: consumers are sensitized

Attacks on large companies and infrastructure have shown that the industry's cybersecurity measures, for example for IIoT, are well behind the attackers' methods. It is in the interest of the industry itself to raise its own awareness of risks and threats and to jointly develop requirements that help it become more resilient to attackers. End consumers are also paying increasing attention to cyber security when deciding to buy connected products, for example IoT devices such as smartwatches or other wearables.

Supply chain: uniform safety standards

Past incidents show that the supply chain in software development in particular needs even greater awareness of cyber threats. In addition, there must be common standards for secure software, such as those required by the Charter of Trust, a global cybersecurity alliance of which TÜV SÜD is an active member. Manufacturers should support their partners and suppliers in complying with new regulations in order to motivate them.

Global harmonization: Working together for more cyber security

"Standards are the backbone of cyber security." This motto must be practiced internationally and requires cross-border cooperation. Industry and legislators must respond: There must be joint work on harmonized minimum requirements that ensure that products and services are cyber-secure "ex works" across industries and technologies. Uniform and universally applicable standards for cybersecurity make it possible to strengthen the level of security.

Digital trust: protection for AI, automation and algorithms

AI and automation help companies, for example, to optimize processes and analyse their own data traffic in order to detect attacks, data leaks and theft at an early stage. However, these technologies are only as reliable as the algorithms behind them are secured. Companies and organizations need to be careful how they protect these technologies. After all, cyber criminals are also increasingly using AI for their own purposes. Basic standards for the cyber security of AI can support the protection of infrastructure and data integrity.