Back to all predictions

Cyber Security 2022 Prediction by
Steve Stobo

Director at Cyber Consultancy Services (CCS) Limited

Predicted about #Cyber Attacks    #Cyber Hygiene    #Cyber Security Awareness    #Cyber Security Services    #Data Privacy    #Ransomware Attacks   

Steve Stobo

2022 Predictions

Prediction #1

comma

Standards such as ISO27001 (information and data security) will become more important to smaller businesses, as their larger customers start to demand proof that they can look after any data or information shared with them. If you can't prove how secure you are (and have it independently verified) then you’re not secure!

Share via: fb icon twitter icon insta icon

Prediction #2

comma

Attacks on third-party suppliers will continue to increase (as they did in 2021) as hackers look for softer targets with smaller IT budgets and weaker security to get to larger businesses’ data. Many businesses still rely on questionnaires to ask a supplier how secure they are, the information they get back is aspirational at best and downright false at worst leading to a false sense of security.

Share via: fb icon twitter icon insta icon

Prediction #3

comma

Many businesses will still continue to waste money on point solutions to individual security weaknesses like a band-aid. They need to ensure that they have accurate, contextualized, and measurable improvements for cybersecurity and a roadmap for future areas of review and action to ensure their budgets are not wasted. Maybe the board will see that cybersecurity is an investment in their business, their customers, and their employees, rather than being a cost that must be endured every year.

Share via: fb icon twitter icon insta icon

Prediction #4

comma

My main prediction is that attacks will continue to happen, businesses will be breached, they will be held to ransom (and some will pay) and unfortunately, some will fail because of it. Lessons will be learned (but necessarily addressed) and the battle between the hackers and security specialists will continue.

Share via: fb icon twitter icon insta icon

2021 Predictions

Prediction #1

comma

Companies will realize they need the right business processes in place to protect against cyber-crime and not just the right technology. You can have the best security solutions in the world, but without getting the business in order first, educating the users (and the board) about cyber risks, then the money they spend could be wasted!

Share via: fb icon twitter icon insta icon

Prediction #2

comma

Attacks against 3rd party suppliers will increase as hackers look for smaller, softer targets that are either connected to or share Personal Identifiable Information (PII) with larger corporates, but do not necessarily have the highest levels of security protection. Without knowing the security and compliance risks that your 3rd party suppliers have you will be blind to the risks that they pose to you.

Share via: fb icon twitter icon insta icon

Prediction #3

comma

Companies have invested massively in Cyber security over the years, but the boards will push back and ask for proof as to the value that these solutions have delivered, “how much have they reduced our risk?”, and “how much money have they potentially saved us if we were breached?” Budgets will decrease in line with headcounts and companies will look at consolidating security platforms to save money, time, and resources that are traditionally required to run point solutions. Larger companies will look towards better value from smaller partners and more niche players that can combine multi service lines and solutions to address their business drivers and deliver business outcomes without the overheads and costs of the traditional large system integrators

Share via: fb icon twitter icon insta icon

Prediction #4

comma

Cyber-attacks on businesses will be more sophisticated using a combination approach of social media (LinkedIn), email, and cloud services combined, say an attack starts in LinkedIn with an innocent message to connect, then messages exchanged, then finally information is sent in an attachment (all via LinkedIn), which carries a link to a cloud platform such as AWS. Google, Azure, etc., which in turn is where the malicious payload is.

Share via: fb icon twitter icon insta icon

Prediction #5

comma

More companies will suffer CEO fraud, Account takeover, malware, ransomware, phishing etc and AI and machine learning will be a marketeers’ dream come true and offer the golden ticket for security companies to promote even more heavily in 2021.

Share via: fb icon twitter icon insta icon

Other Predictions About #CyberSecurity

Saravanan Ganesan

Security Analyst at CSW

comma

As deepfake technology becomes increasingly sophisticated, it is likely to be used on a much wider scale by cybercriminals and fraudsters. The potential to dupe victims by accurately impersonating individuals through video or audio is extremely worrying. Using artificial intelligence (AI), cybercriminals or fraudsters use the deepfake technology to either impersonate a person's face, voice, or both to carry out scams, fraud, and social engineering attacks.

Read More

Karthikeyan Ravishankar

Security Analyst at CSW

comma

Organizations transitioning to Windows 11/Server 2022 are goldmines for zero-day attacks. Especially, Windows 11's Android subsystem can act as the initial attack vector for threat actors. This, combined with the work-from-home situation, is a recipe for disaster.

Read More

Sanjay Rameshkumar

Security Analyst at CSW

comma

State-sponsored threat actors and crypto-savvy threat actors would be a new danger. The governmental and private sector organizations must adopt higher security standards to avoid this new dynamic.

Read More

Ghouse Syed

Security Analyst at CSW

comma

Cyber threats related to Metaverse can increase as it gives cybercriminals a new environment to use their old scams.

Read More

Vaishnavi Saravanan

Security Analyst at CSW

comma

It is an era where organizations are shifting from on-premises software to the cloud. Cloud services have been emerging with greater demand; it is recommended to enhance the security of cloud endpoints with advanced authentication and security information and event management (SIEM) deployments.

Read More

Prakash Ram Gopalakrishnan

Security Analyst at CSW

comma

With more people preferring to continue working from home, an attack on any device connected to the home network can infect all devices on the network, thereby posing a threat to the organization's privacy and security.

Read More

Janani Senthilkumar

Security Analyst at CSW

comma

Continuous monitoring of updates and patches for third-party software integrations in the network is recommended. Security-related measures and comprehensive periodical analyses of an organization's network will be inevitable going forward, irrespective of how secure the organization's network infrastructure is built, as new threats and ransomware are evolving.

Read More

Chuck Brooks

Cyber Security Expert and Forbes Contributor

comma

Catalyzed by the Zero Trust strategy government mandate, Public Private Partnerships (PPP) will greatly expand throughout the cybersecurity ecosystem in 2022. Open collaboration, threat sharing, and cooperative research and development will help spur innovation and facilitate new cybersecurity solutions. PPP will be perceived good news for both industry and government by 2023.

Read More

Aviral Verma

Security Analyst at CSW

comma

Supply chain attacks will be the primary weapon of choice in the ransomware threat arsenal. The year 2021 witnessed several types of malware distributed in supply chain attacks reconfigured as ransomware loaders. SolarWinds could merely have been the infancy of this form of assault.

Read More

Emilio Iasiello

Cyber Intelligence Consultant

comma

The more established ransomware operators and gangs will continue to shift tactics again to evade detection. Ransomware gangs will likely continue to shy away from critical infrastructure targets to avoid making themselves a target of nation-state military and intelligence units.

Read More

Srinivas Mukkamala

Senior Vice President, Security Products at Ivanti

comma

In 2022, we will consistently see ransomware moving up the technology stack. In particular, APIs are the future of hyper data transfer between systems, and ransomware is after data. It is not long before ransomware groups target APIs via misconfigurations in code.

Read More

Shivanath Somanathan

Product and Cybersecurity Expert, Board and VC Advisor

comma

The future will see the inclusion of trusted cybersecurity advisors in organizations’ boards of directors, either as independent technical experts or through sub-committee provisions to improve oversight of the cybersecurity posture of digital ecosystems, which businesses will thrive on.

Read More

Daniel Raj

Security Analyst at CSW

comma

Patching vulnerabilities on demand will gain traction as a trend and an important skill for organizations with digital/physical attack surfaces, as vulnerabilities are being weaponized and cybersecurity leaders spotlight and take vigilance to protect from evolving cyber threats and attackers.

Read More

Shamane Tan

Chief Growth Officer, Privasec

comma

With our world shifting into the virtual landscape, this can only mean that more information will be made even more available to the public, and it will be unsurprising for cybercrime to evolve and manifest in different creative forms.

Read More

Matt Stamper

CISO, Executive Advisor - EVOTEK

comma

2021 will be the year of SOAR and investments in enhanced detection technologies including deception. I am cautiously optimistic that the improvements in security automation, the outstanding work in discovering zero-day vulnerabilities, and other software flaws will improve such that we'll see real reductions in dwell time. I also predict that cybersecurity as a topic for the board of directors will continue to be front-and-center - notably for public companies who are required by the SEC to provide accurate and complete disclosures related to their cyber risks. This focus will drive enhancements as to how organizations address patching and vulnerability management for their technology stacks. Sadly, we will also see the loss of life where OT or healthcare-related technologies are compromised, exposing new levels of liability for organizations in critical sectors.

Read More

Satish

Team Lead, CSW

comma

Corporate networks or devices which can be connected by employees from outside, for example, the company's intranet or security infrastructure from coffee shops, restaurants, railway stations, hotels, and other public wifi access will be more open and prone to cyber-attacks.

Read More

Arjun Basnet

Security Analyst - CSW

comma

Spear phishing, password spraying, and exploiting internet-facing assets, are the most popular infection vector when it comes to nation-states actors' activity and will continue to dominate in 2021.

Read More

Vengatesh

Technical Project Manager - CSW

comma

Deep fakes will be the next threat on which cybersecurity has to act on.

Read More

Steve Hunter

Senior Director, Systems Engineering - Asia Pacific & Japan - ForeScout Technologies Inc.

comma

Organizations will need to determine how they will adapt to this new world, now that it has become clear that working remotely is not only possible for many but, in some cases, preferred. This means that Zero Trust capabilities will be more important than ever as corporate laptops connect to home, coffee shop and hotel networks around the world, mingling corporate devices with riskier ones that are no longer controlled by enterprise cybersecurity teams.

Read More

Satish Bhagavatula

CTO | Engineering, Technology & DevOps Leader

comma

CISOs, IT and Product leadership of SaaS providers will explore Governance & Operational transformation while shifting-[Security]-left through automation, adopting SecDevOps methodologies, and imbibing a balanced Risk-Based Vulnerability Management philosophy to prepare themselves against increased product security incidents which are impacting millions of customers, not to mention corporate & government embarrassments and losses.

Read More

Vandana Verma

Global Board of Directors at OWASP & InfosecGirls

comma

Prediction for next year is the companies are adopting and understanding the importance of security in the cloud, at the same time DevSecOps with chaos engineering is becoming an important thing with a pinch of automation and AI.

Read More

Macy Dennis

CSO - Evotek

comma

I think the threat landscape will be similar to 2020 with a likelihood of an uptick in supply chain attacks, as well as in 3rd and 4th party risks. Additionally, I expect the trend in nation-state activity to increase dramatically in 2021.

Read More

Marcin Szczepanik

CISO, Essar Oil (UK)

comma

More Companies will be impacted by cyber threats, and many of them will start investing in Cyber Security. It will take another year though to improve their posture.

Read More

Donald Firesmith

System/Software Engineer and Author

comma

As recognition of the importance of resilience engineering increases, cybersecurity's contribution to resilience will become increasingly recognized. However, while cybersecurity is an essential part of resilience, it will become increasingly recognized that the adversities that can disrupt critical capabilities extend well beyond cybersecurity threats and attacks. Resilience also involves adversities associated with capacity, interoperability, longevity, robustness, safety, and survivability.

Read More

Nitin S

DevSecOps Enthusiast | CyberSecurity | CloudSecurity

comma

Indian startups will start to look into the security maturity and data privacy concerns to avoid future data breaches.

Read More

Adv Rajas Pingle

International Cyber Law Expert | Cyber Crime Lawyer | Advocate | Professor | Privacy & Data Protection

comma

Year 2020 has seen a considerable increase in data breaches and further upsurge is expected with the rise of unemployment across the globe due to the pandemic. In this context, the Indian Personal Data Protection Act which is to be enacted by 2021, will increase personal data consciousness among the masses, compel the corporates to take adequate measures to safeguard user data and increase cybersecurity to avoid hefty penalties. The silver lining in this is that the PDPA might act as a stimulus in reducing overall cyber security incidents in India.

Read More

Jelle Wieringa

Security Advocate, Public Speaker, Advisor, KnowBe4u

comma

Consumers will see an increase in Whatsapp and SMS fraud. Not only will the number of scams increase, but cybercriminals will become bolder by asking for higher amounts of money and using more forceful and devious techniques to manipulate people into paying.

Read More

Hitoshi Kokumai

Founder & Managing Director Mnemonic Identity Solutions

comma

“I would predict that 2021 will be the year that the global population will start to discover the real value of 'hard-to-forget', 'hard-to-break' and 'panic-proof' secret credentials for secure and sustainable digital identity."

Read More

Sachit Singh

Director, Cyber Security

comma

We have seen that there is an increased adoption of SaaS and the pandemic has further propelled this adoption. Data protection, strong authentication and visibility into the SaaS configuration will be critical to the firms.Insider abuse to misconfiguration in SaaS can be equally disastrous. The enterprises will start building the controls from protection to visibility to remediation to have a more holistic approach when it comes to SaaS.

Read More

Wai Kit Cheah

Director, Security Practice at Lumen Technologies

comma

When companies struggle with managing their expenses, IT departments will often be neglected and likely targeted for cost reduction. Many executives could fail to realize that cybersecurity is not just about reinforcing the perimeter. There are zero-day exploits and critical vulnerabilities that could put our common enterprise applications, systems, and networks at risk.

Read More

Catherine Allen

Founder and Chairman, The Santa Fe Group

comma

In 2021 we will continue to see concerns about supply chain management and the management of risk when outsourcing. Location risk, geopolitical risks and reputational risk issues will be at the forefront along with cybersecurity risks, where adversaries will focus on the weakest link…the third and fourth party suppliers.

Read More

Prof John Walker

OSINT, Investigations and Cybersecurity Specialist

comma

Successful Cyber Attacks will continue with more high-profile companies falling to compromise. Sadly, 2021 will not be the year we see real steps taken toward Cyber Resilience - but it will be the year in which we encounter a more serious mindset toward addressing the aspect of Cyber Security. We may have to wait for 2022 and beyond to see those thoughts formulate into tangible action.

Read More

George Do

Chief Information Security Officer at Gojek

comma

I foresee in 2022 that China will increase the severity and frequency of cyber attacks against the US. I expect the delisting of Chinese companies in 2022 on NYSE/NASDAQ that will add to the global drama. The international relations between the superpowers has already deteriorated to a new low and will continue to fracture.

Read More

Diana Kelley

CTO & Founding Partner SecurityCurve

comma

Passwords are a challenge, no one likes having to remember a lot of different ones and stolen passwords lead to account compromise. This is why I expect 2021 to see consumers adopting password wallets/managers that generate unique passwords for each account and then store them safely. Enterprises will continue to move towards “passwordless” strategies and both consumers and enterprises will implement MFA (multi-factor authentication) such as one-time use codes via text and biometrics to improve password-only security.

Read More

Tapendra Dev

Founder & CEO Secure Blink

comma

CISO & CSO are transitioning towards a durable cybersecurity solution in compliance with the zero-trust strategy, and SASE occupies right into that space substantially.

Read More

Jacqueline Jayne

Security Awareness Advocate, KnowBe4

comma

“There is a continuing and growing conversation about cybersecurity culture. Last year's prediction on this focus area was premature. We haven’t seen the uptake for company-wide KPIs related to cybersecurity expectations for training, behavior and reporting. However, after the release of The Australian Cybersecurity Strategy 2020, I am more confident that the conversation is becoming louder and the need for security awareness training is front of mind.”

Read More

Do you have a cybersecurity prediction for 2022?

csw

Secure your environment from cyber-attacks!

Know How

incognito