Ransomware is still the biggest security worry for business, but it's not the only headache

Ransomware is the number one cybersecurity concern that chief information security officers (CISO) are facing at the beginning of 2022, but it's just one of many issues that they're attempting to tackle. 

According to research by Microsoft, addressing the threat posed by ransomware is the number one cybersecurity challenge currently facing CISOs, closely followed by configuring cloud security and protecting hybrid, multi-platform enterprise environments. 

Ransomware was the most significant cybersecurity issue during 2021 and, according to the survey, CISOs don't think that's going to change any time soon, as cyber criminals continue attempts to encrypt networks and demand a ransom payment – which can be millions of dollars – for the decryption key. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

The threat is also increased by the rise of ransomware-as-a-service schemes that allow more cyber criminals to conduct ransomware campaigns, putting organisations at even greater risk of falling victim to an opportunistic attack. 

"No longer do individual cyber criminals have to develop their own tools. Today, they can simply buy proven cybercrime kits and services to incorporate into their campaigns. This gives the average cyber criminal access to better tools and automation to enable scale and drive down costs," said Vasu Jakkal, corporate vice president for security, identity and compliance, at Microsoft.  

"As a result, attacks of all types are on the rise, with the economics behind successful ransomware attacks fueling a rapid trajectory," she added.  

But while ransomware is viewed as the number one threat, CISOs have a variety of other concerns, including cloud security, which has been pushed to the forefront due to the rise of hybrid working.  

While cloud offers opportunities, it also comes with several security concerns that need to be addressed. For example, it's useful for staff to be able to access corporate cloud accounts remotely, but the way they can be accessed from anywhere provides cyber criminals with additional avenues to infiltrate networks, especially if they're able to steal the legitimate username and password of a real user. 

According to the Microsoft survey, other key cybersecurity challenges facing CISOs in 2022 include the challenge of recruiting security professionals, along with enabling user productivity without sacrificing security. 

Cloud security is the most desired investment for the year, along with the likes of vulnerability management and application security. 

"As security leaders look to mitigate threats now and in the near future, we're seeing an increased focus on improving the prevention capabilities of the highest growth threat vectors, such as cloud security, access management, cloud workloads, hybrid work, and ransomware," said Jakkal. 

Recommendations by Microsoft on how to improve cybersecurity throughout organisations include the implementation of multi-factor authentication (MFA), as well as shutting down legacy authentication methods that could be exploited by cyber criminals.  

MORE ON CYBERSECURITY

• Bosses think that security is taken care of: CISOs aren't so sure
• Ransomware attackers targeted this company. Then defenders discovered something curious
• The cybersecurity jobs crisis is getting worse, and companies are making basic mistakes with hiring
• This ransomware strain just started targeting lots more businesses
• Ransomware gangs are now rich enough to buy zero-day flaws, say researchers