IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

The Top 22 Security Predictions for 2022

What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022.

2022 loading bar
Shutterstock/amgun
Where do we go from here?

As we head into 2022, the nation and the world ponder that question on topics ranging from the spread of the omicron coronavirus variant to new job prospects to the rise of inflation and interest rates to when international travel will return to pre-pandemic levels.

And in the midst of our accelerating digital transformation that has redesigned government and business processes over the past two years with remote work and more, the vast number of online trends, cyber forecasts, and security predictions are growing in breadth and depth more than ever before.

As I predicted back in early 2016 (see the end of this article on how to benefit from security predictions): “The more the security and technology industries grow, the more predictions we will have. From the Internet of Things, to new technologies to robots to self-driving cars, do you really think we will be talking about security and privacy less in 2020? I don’t.”

Indeed, this continues to be true as we enter 2022. There is tremendous professional value in reviewing these security prediction reports, and the companies that best articulate our future digital problems are also the best equipped to offer valuable solutions. With cybersecurity concerns again topping the list of CIO concerns for 2022, there has never been a more important set of cyber insights to digest in order to equip technology pros to fight the cyber battles ahead in the new year.

Still, many companies are renaming these reports without the traditional “predictions” or “forecasts.” White papers and annual reports are often using phrases like “trends,” “findings,” “recommended solutions,” “actions required,” “themes” or other words that still point to their desire to describe what has happened, what is coming next and what needs to be done now to prepare for 2022 and beyond.

Last December in “The Top 21 Security Predictions For 2021,” I noted the following summary of expected trends for 2021:
  • There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.
  • The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
  • More growth in the security industry. Our numbers of new products and new mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
  • Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
  • Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
  • Tons of high-profile IoT hacks, some of which will make headline news.
  • Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.
  • Lots of 5G vulnerabilities will become headline news as the technology grows.
  • Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.

So how did we do? In most respects, this list of cyber industry predictions proved to be very accurate. If any faults were to be found, the predictions understated the attacks on critical infrastructure — and the government response afterwards. Both of those items show up in this year’s predictions.

Last week, I released my roundup of the top 2021 cybersecurity stories, with ransomware crippling critical infrastructure at the top of the list.

This year we again see many familiar themes, with cyber threats around working from home, supply chain, new ransomware, mobile threats, and new twists on cloud threats spread throughout the report. We again see forecasts of more government compliance rules, 5G challenges, APTs, deepfakes getting really dangerous, privacy concerns, and another year of healthy growth in technology and cyber companies.

New focuses this year cover:
  • Cyber threats in space.
  • A heavy emphasis on operational technology (OT) cybersecurity — vulnerabilities, threats and impacts.
  • A strong emphasis on cryptocurrencies and crypto wallet security attacks. As Bitcoin and other cryptocurrencies rose in 2021, now the bad actors want your bitcoins even more.
  • More application security vulnerabilities — especially when code is widely used, such as the Log4j vulnerabilities.
  • Issues created by a lack of talent and vacancies in public- and private-sector organizations — as the talent war gets worse.
  • Renewed emphasis (but in new ways) on AI, autonomous vehicles, drones and other new technologies being hacked.
  • Note that security industry vendor acquisitions have changed many of the familiar names, such as the activities with FireEye, McAfee Enterprise and Mandiant.  

Disagreements:
  • The majority of reports think ransomware will get worse, but some disagree and say the bad actors will lie low in 2022 to spend the money they gained in 2021 and avoid nation-state and law enforcement detection.
  • Where ransomware is predicted to get worse, several reports suggest some will skip the encryption and just demand payment or the release of their stolen data.
  • A few reports say 2022 will be a turning point — where the good guys turn the corner with government help to dramatically improve cybersecurity. They claim executive boards now “get it.” These reports are still in the minority though, and most say more damaging data breaches are coming in 2022 than ever before.  

Important reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions, and the top reports group their cybersecurity predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these company portals, read their full prediction reports and see the details on each item. My goal is to point you in the right direction for more details and solution specifics. 

The Top 22 Security Prediction Reports Ranked by Security Industry Organization

1) Trend Micro: Toward A New Momentum - Trend Micro Security Predictions for 2022. Trend Micro did it again. They produced a comprehensive security prediction report for 2022 with multiple formats, a 28-page PDF, and an interactive portal that breaks down their insights into six categories: cloud threats, ransomware threats, vulnerability exploits, commodity attacks, IoT threats and supply chain attacks.

Here is an excerpt:

“In 2022, decision-makers will have to contend with threats old and new bearing down on the increasingly interconnected and perimeterless environments that will define the post-pandemic workplace. Our experts’ security predictions provide valuable insights aimed at helping organizations mount a multilayered cybersecurity strategy that will be resilient against disruption and compromise. This strategy should involve:
  • Going back to security basics.
  • Applying zero trust.
  • Hardening server security and employing access control.
  • Prioritizing visibility.
  • Shifting to stronger security with the right solutions and level of expertise.”

Two sample Trend Micro predictions on ransomware:
“First, ransomware attacks will become more targeted and highly prominent, making it harder for enterprises to defend their networks and systems against these attacks. Because modern ransomware is relatively new, it is very possible that enterprises have yet to make the same ransomware mitigation and defense investments for servers as they have made for endpoints. In addition, the continuing lack of skilled cybersecurity specialists is an aggravating factor with regard to securing organizations against ransomware threats. The TTPs used by ransomware operators will likely stay the same, but they will be used to go after more complex targets, ones that will possibly be bigger than the major targets of previous years.

“The second development that we foresee is that ransomware operators will also use more modern and sophisticated methods of extortion that will resemble nation-state advanced persistent threat (APT) attacks. Once attackers are able to infiltrate their victims’ environments, they can opt to just exfiltrate sensitive data and go straight to extorting their victims, skipping the encryption or access blocking step altogether. In terms of the primary means of successful extortion, the focus will veer away from denial of access to critical data in favor of leaking and mining stolen data for weaponization. Attack vectors used by ransomware operators to target enterprises, such as virtual private networks (VPNs), spear-phishing emails, and exposed remote desktop protocol (RDP) ports, will remain at play. However, in 2022, the cloud will be targeted more often. As more enterprises migrate to the cloud, they bring with them their sensitive data and resources, prompting cybercriminals to follow suit.”

2) Watchguard Technologies: Not to be denied well-deserved attention, Watchguard’s 2022 Predictions again offer an outstanding security prediction report with professional videos that add to their presentation.
Here are their six big predictions with links to the details.

3) Kaspersky Labs: As in other years, Kaspersky Labs offers a wealth of research and a large number of predictions in various areas of cybersecurity. Unlike other years, I did not spend hours searching the Internet to find their various reports. Still, they get good marks for these security predictions for 2022 that were easily found in about 30 minutes:

“The potential of commercial surveillance software to provide access to large amounts of personal data and wider targets makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors, until governments begin to regulate its use.

“Other targeted threat predictions for 2022 include:
  • Mobile devices exposed to wide, sophisticated attacks. Mobile devices have long been a target for attackers, with smartphones travelling along with their owners everywhere, and each potential target acting as a store for a huge amount of valuable information. In 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
  • States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyberattacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber offenses, distinguishing acceptable types of attack vectors.”

4) Check Point Software: Deepfakes, Cryptocurrency and Mobile Wallets: Cybercriminals Find New Opportunities in 2022

“Fake news 2.0 and the return of misinformation campaigns: The claim of ‘fake news’ surrounding contentious issues has become a new attack vector over previous years without people really understanding its full impact. Throughout 2021, misinformation was spread about the COVID-19 pandemic and vaccination information. The black market for fake vaccine certificates expanded globally, now selling fakes from 29 countries. Fake ‘vaccine passport’ certificates were on sale for $100-120 and the volume of advertisement groups and group sizes publishing sellers multiplied within the year. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute various phishing attacks and scams.
  • Supply chain cyber-attacks continue to grow, and governments will address the challenge
  • The cyber ‘cold war’ intensifies
  • Mobile malware attacks increase as more people use mobile wallets and payment platforms
  • Cryptocurrency becomes a focal point for cyberattacks globally
  • Attackers leverage vulnerabilities in microservices to launch large scale attacks
  • Attackers weaponize deepfake technology – “ For instance in one of the most significant deepfake phishing attacks, a bank manager in the United Arab Emirates fell victim to the threat actor’s scam. Hackers used AI voice cloning to trick the bank manager into transferring $35 million. Threat actors will use deepfake social engineering attacks to gain permissions and access sensitive data. ”

5) Mandiant: 14 Cyber Security Predictions for 2022 and Beyond — Mandiant split off from FireEye this year, but did not disappoint with their own excellent prediction report. My free advice for next year: Add back Kevin Mandia’s state of the Internet letter to the front of your activities.

I love this clip from Kevin (he was still CEO of FireEye when this was filmed) offering a powerful view of the future:
A few highlights:
  • No End in Sight: Increased Frequency and Expanding Tactics — The ransomware threat has grown significantly throughout the past decade and it will continue its upward trend. The business of ransomware is simply too lucrative, unless international governments and technology innovations can fundamentally alter the attacker cost-benefit calculation.
  • No Honor Among Thieves: More Disputes Between Threat Actors — Ransomware-as-a-service operations regularly involve multiple actors, each one performing a specific element of the attack for a fee or a cut of the proceeds. We anticipate that there will be increased conflict amongst these actors throughout 2022, and that this conflict may ultimately lead to bad outcomes for victims.
  • Cyber Physical Systems Increasingly Under Threat from “n00bs” — Throughout 2021, we observed low sophistication threat actors learn that they could create big impacts in the operational technology (OT) space — perhaps even bigger than they intended.

6) Forcepoint: Forcepoint has gone all out this year and offers an impressive five-part “Future Insights” series. These topics are covered in detail and offer insightful deep dives into a variety of cyber topics.

Part 1: Cyberattacks: Now Part of the Military Arsenal
Part 2: Are We Ready for Mass-Market Malicious Updates?
Part 3: Security Recalculated: Understanding Risk Means Understanding the Workforce
Part 4: The Rise of Tractor Hackers and Smart City Attackers
Part 5: The Curtain Rises on the Age of Prevention

This article offers a good summary of Forcepoint’s 2022 cybersecurity predictions:

“1. We should expect cyberattacks to become a staple of military arsenals in 2022 and beyond – next year, more nation states will use digital vulnerabilities in smart cities, state and local governments to undertake cyberattacks which are part of national offensive strategies.

“2. In 2022, we expect a significant rise in criminal copycats delivering malware via software updates – the Sunburst incident shocked the industry. Using highly sophisticated malware hidden inside legitimate software updates, the attackers not only exfiltrated targeted data but also spread the malware across a huge spread of victims. When malware is successful, copycat attacks will follow. What happens when malicious updates hit the mass market? How do we protect ourselves?

“3. In 2022, organisations will turn to analytics to recalculate their understanding of cybersecurity risks and to reshape their protection strategies – when we talk about business risk, it boils down to two fundamentals: do we understand one) what we are protecting, and two) the factors that impact our ability to protect. The last eighteen months has seen a gradual erosion of the "rules" we had in place to manage workforce behaviours, and without an accurate understanding of this behaviour, risks can easily be introduced. The “new rules” that govern technology and personnel requirements for the remote and hybrid workforce will drive how we protect our organisations from both internal and external threats.”

7) McAfee & FireEye: McAfee Enterprise and FireEye 2022 Threat Predictions came out with a joint prediction blog report after the announcement that the combination of McAfee Enterprise and FireEye was complete in October. Their ranking dropped due to a lack of depth that was easy to find in one place. However, this was a very creative prediction report with items like:
  • Lazarus Wants to Add You as a Friend — Nation-states will weaponize social media to target more enterprise professionals
  • Help Wanted: Bad Guys with Benefits — Nation-states will increase their offensive operations by leveraging cybercriminals
  • Game of Ransomware Thrones — Self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom

They also offer deeper dives via YouTube videos, but they are hard to find, and not what FireEye or McAfee have done in the past. For example:
8) Splunk Predictions 2022 – Splunk again offers a solid prediction report, but you’ll need to register to download the full report. There are also so many detailed prediction highlights available in many places online (without registering).

Two security predictions that they offer:

  • Ransomware will increase as cybercriminals professionalize and leverage the supply chain. Ransomware is the biggest security threat to most organizations today. As bad as the prominent ransomware and supply chain attacks of the past couple of years have been, they’ll be worse together. Planning for the inevitability of ransomware attacks is essential to reducing the time and cost of recovery.
  • Additional large breaches are likely to occur, and cyber hygiene will be an organization’s best defense. COVID-19 extended every enterprise through its employees’ home Wi-Fi setup; now basic security diligence is the new perimeter. Consistent security practices including multifactor authentication, full patching and asset identification can help prevent major breaches.

For Government: Innovators drive government services
  • Volatile trends and emerging technologies will determine mission success.
  • Security and cloud migration remain top priorities.
  • Biden’s executive order on cybersecurity and the modernization fund inspire action.
  • Threat intelligence will be a priority, though the private sector will move first.

9) Gartner offers their Top 8 Cybersecurity Predictions for 2021-2022, beginning with this introduction: “A focus on privacy laws, ransomware attacks, cyber-physical systems and board-level scrutiny are driving the priorities of security and risk leaders.” Unlike most others, Gartner offers unique predictions that have dates and percentages. However, the details behind these predictions will cost readers (not free).  

Here are four of the Gartner security predictions:
  • By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population.
  • By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
  • By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. 
  • By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political instabilities. 

10) Fortinet offers the FortiGuard Labs Predictions for 2022: Tomorrow’s Threats Will Target the Expanding Attack Surface.

Two of their security predictions include:
  • From Top to Bottom - We expect to see new exploits targeting satellite networks over the next year. There are a half dozen major satellite internet providers already in place. Satellite base stations serve as the entry point to the satellite network, essentially connecting everyone, everywhere—including cybercriminals to their targets—so this is where a lot of threats will be lurking. But there will also be millions of terminals from which to launch an attack. We have already begun to see new threats targeting satellite-based networks, such as ICARUS, which is a proof-of-concept DDoS attack that leverages direct global accessibility to satellites to launch attacks from numerous locations.
  • Core to the Edge - We also predict that attacks will continue to span the network, including an increase in attacks targeting Operational Technology (OT) systems. According to a recent CISA (U.S. Cybersecurity & Infrastructure Security Agency) report, ransomware attacks are increasingly targeting critical infrastructure and “have demonstrated the rising threat of ransomware to operational technology (OT) assets and control systems.” This is being spurred by the near-universal convergence of IT and OT networks which has enabled some attacks to target OT systems through the compromised home networks and devices of remote workers.
11)  Emsisoft Blog: This piece brings in a diverse set of cybersecurity predictions from a wide variety of global cyber experts. I found several of these to be very interesting, including two that think ransomware actors will lie low and that we will see a big reduction in global ransomware in 2022.

For example: Mikko Hyppönen, chief research officer at F-Secure, said, “The largest ransomware gangs will try to lie low during 2022. They’ve made so much money over the last few years that the risk is not worth it as international law enforcement finally reacts to the biggest cybercrime problem we have.”

Joe Tidy, cybersecurity reporter at BBC News, said, “I think we will see the end of large-scale ransomware attacks. They won’t die off entirely but they will become just another potential form of attack and no longer the biggest boogeyman in cyberspace. The reason I think this is that I have a glass half-full perspective and also the pressure building on the gangs is just too great. We’ve already seen the big bads of Darkside and REvil go and I think the landscape outside of Russia and within is becoming more tough for the groups. Will another form of cyber attack rise from somewhere else in the world? I hope not!”

12) BAE Systems offers their unique and researched 2022 Cyber Predictions with easy-to-download PDFs and details on each item listed. Well done BAE!
  • A return of bank heists — Read the full prediction
  • Ransomware operators moving away from Bitcoin 
  • A change of focus from businesses’ to employees’ personal devices
  • Initial access via IoT devices 
  • Business email compromise using deepfake voice  
  • Purple is the new red for threat intelligence 
  • Efforts to prevent small fails turning into mass failures 

13) AT&T offers their 2022 Cybersecurity predictions. Here are four trends they highlight:
  • While finance, health-care, energy and utilities companies, along with the private sector, will increase their cybersecurity spending, the manufacturing industry will have the most significant impact on disruption.
  • Ransomware becomes the most feared adversary.
  • The transition from hybrid to a software-defined world.
  • The importance of securing applications in a software-defined world will be critical for protection.

Industry expert Chuck Brooks also offered these security predictions for the new year on the AT&T website. Here are two:
  • More automation and visibility tools will be deployed for expanding protection of remote employee offices, and for alleviating workforce shortages. The automation tools are being bolstered in capabilities by artificial intelligence and machine learning algorithms.
  • Cybersecurity will see increased operational budgets because of more sophisticated threats and consequences of breaches (and especially ransomware) to the bottom line. Cybersecurity becomes more of a C-Suite issue with every passing year as breaches can be disruptive and devastating for business.
You can also see the YouTube video for the AT&T ThreatTraq 2021 recap and 2022 security predictions here.

14) Symantec/Broadcom offers their Broadcom Software 2022 Predictions with an interesting and different perspective:
  • Zero trust becomes table stakes
  • AI assumes an ever-larger role in software 
  • Edge computing finally goes mainstream
  • A game-changer for cybersecurity management
  • Cloud-Native Platforms (CNPs) emerge from the shadows
  • Composable applications become all the rage
  • Not just SASE but data-centric SASE

15) Forrester offers Predictions 2022: Continued Uncertainty Forces Attention On Securing Relationships, but you’ll need to pay $795 for the full report.

Still, these highlights are worth examining:
  • Sixty percent of security incidents will result from issues with third parties. In 2020, 27.8% of organizations reported 20 or more supply chain disruptions, and executives have uttered the phrase “supply chain” over 3,000 times on S&P 500 earnings calls, compared to 2,100 times all of last year. A quick look at Google Trends reveals that searches for “supply chain” have peaked just in the last couple of weeks. With cyberattacks targeting smaller vendors and suppliers, third-party incidents will increase and SolarWinds-style headlines will plague firms that don’t invest in the risk management trifecta: people, process, and technology.
  • Security brain drain sets in as one in 10 experienced security pros exit the industry. Two million women have left the US labor force during the pandemic according to data from the US Labor Department, roughly twice as many as men. That’s a sobering trend for an industry like cybersecurity which is already struggling with diversity, equity, and inclusion as well as burnout. Data in a 2021 study from VMware shows that 51% of cybersecurity professionals experienced extreme stress or burnout over the past twelve months. CISOs must tackle the problems of burnout and team culture while using succession planning to build a pipeline of future security leaders.
16) Forbes has many security prediction articles from a variety of different sources and perspectives. Taken as a whole, they provide an excellent landscape overview. Here are a few:
  • Bernard Marr: The Five Biggest Cyber Security Trends In 2022 (here are the items with details in the article): AI-powered cybersecurity; the growing threat of ransomware; the Internet of Vulnerable Things; cybersecurity risk and exposure as a key factor in partnership decisions; and regulation starting to catch up with risk
  • Edward Segal: 8 Crystal Ball Predictions About Cyberattacks In 2022.  Here are Edward’s items: a major vaccine maker is attacked; Olympic athletes are blackmailed; cyberthreats evolve and fears increase; malware is weaponized; business partners receive extortion demands; scams use impersonators; the remote work trend is exploited; and attacks are launched by nation-states.
  • Forbes Expert Panel: 16 Experts Predict The Tech Trends That Will Dominate Industry In 2022. (Here are three of those): deepfakes, cyber scoring, and ethical AI.
17) BeyondTrust released their Cybersecurity Trend Predictions for 2022 & Beyond back in October, and the list offers some familiar themes for areas of attack and/or concern (with details at the website). Here are their first eight items:

  • Space travel
  • Talent resources
  • 5G in everything
  • Ransomware reinvented
  • Supply chain kinks
  • Cyber insurance termination
  • Freedom of social networks
  • Softly, softly: Next year will see the average time from intrusion to detection grow, giving attackers more time to perform reconnaissance and wreak havoc on systems

Finally, Beyond Trust offers this item for the next few years, which I think is unique and excellent: Digital Death and Resurrection. There is no argument — we live in a digital world. More and more resources reside on the Internet, including our photos, memories, and special events.

Unfortunately, humans are mortal. When we die, many of these resources are orphaned and unmanaged. Friends and family members may not even know the passwords to retrieve this priceless information.

In the next five years, expect to see new businesses emerge that can access and preserve a person’s digital presence after death. The services will include basic archive and retrieval, and the ability to download content in a consumable format (printed photos, slide shows, music videos, etc.) as a memorial to the deceased loved one.

18) ThycoticCentrify: My respected colleague and friend Joe Carson, chief security scientist at ThycoticCentrify, again has an excellent list of predictions for 2022 worth paying attention to. His No. 1 and No. 3 should raise some eyebrows. 
  • The Brink of a Cyberwar — Countries Collaborate to Strike Back
  • Identity is the New Perimeter and Access is the New Security
  • Hacking E-Sports — Hacking Becomes a Mainstream Sport
  • Zero Trust Becomes the Baseline — Future-Proofing Security Risks
  • Cryptocurrency to Get Regulated — The Crypto Heartbeat

19) VMware offers a report on Securing the Future: 7 Cybersecurity Predictions for 2022. Since this came in later than many other reports, it starts off with Log4j as an inspiration for zero-trust implementation. As usual, see their report for details.
  • The Log4j Zero Day will motivate organizations to rapidly adopt a zero-trust approach.
  • Supply chain attacks have just gotten started.
  • Insider threats pose a new challenge for organizations as the job market continues to shift.
  • In 2022, accelerated delivery of the benefits of 5G infrastructure will highlight IoT security needs.
  • Linux-based operating systems will become a key target for cyber criminals.
  • Adversaries will move laterally and exfiltrate data from unsecure multi-cloud environments.
  • Copycat cyber attacks on critical industries will disrupt human lives.
20) Infosecurity Magazine offers their Top 10 Infosecurity Predictions for 2022. This is a nice list with some common perspectives. Here are their first seven, in a list which is a good summary of predictions from across the cyber industry:

1. Evolution of Cyber Insurance
2. More Cryptocurrency Heists
3. Deepfake Technology Used to Commit Fraud
4. Growing Role of AI to Combat Cybercrime
5. Continued Growth of Data Protection Legislation
6. Increased Adoption of Zero Trust
7. Governments Taking a More Proactive Role in Cybersecurity

21) The Enterprisers Project offers these four issues to watch in 2022 that are worth reading the details on:
  • Double back to the basics (again)
  • You can’t prioritize everything
  • Supply chain issues, meet IT security
  • It’s all about the data

22) Barracuda Networks offers nine predictions for 2022. Here is a small sample:
  • Ransomware will remain the No. 1 security threat.
  • The need for forensics skills will grow.
  • A new cybersecurity role will emerge (spoiler alert: cybersecurity champion).
  • The role played by MSPs will change.

FIVE BONUS PREDICTION REPORTS


 23) Outpost24 offers a series of experts who offer these unique predictions:

24) Security Magazine describes what to expect in the coming year, reporting: “2022 will be the year of cybersecurity” (which I find either very optimistic or too obvious). 

25) Information Security Solutions Review offers 32 experts’ 2022 cyber predictions. (Longer pieces, but many valuable insights.)

26) Egress has four cybersecurity predictions for 2022.

27) Auth0 offers their Top 6 Cybersecurity Predictions for 2022. Here are three of them:
  • The Visibility Challenge
  • Secure by Default Becomes the Norm
  • Diversity of Thought and Skill Becomes Regarded as an Asset

HONORABLE MENTIONS: REPORTS STILL WORTH READING


Note that the cutoff for this list was Dec. 31, 2021.

- CyberSaint Security — CyberSaint’s Security and Risk Predictions for 2022

- CyberArk Cybersecurity Trends for 2022: The Roots of Attacker Innovation

- Dataversity — Cybersecurity Predictions: What to Expect in 2022

- Palo Alto (APAC) — Palo Alto Network’s top cybersecurity predictions for 2022

- Database Trends and Applications — 13 Cybersecurity Predictions for 2022

- PerimeterX (via TechRepublic) 5 predictions to help you focus your web app security resources in 2022

- Mobolize — Predictions 2022: Better Mobile Device Performance for Zero Trust and Cloud Access Security Ensures Great SASE

- HP From Growing Supply Chain Attacks To Ransomware Gangs Putting Lives at Risk: Top Cybersecurity Predictions for 2022

- Deep Instinct Top Cyber Influencers Offer Future Cyber Predictions for 2025 & Beyond

- Netskope — Security Service Edge (SSE) Considerations for the Future of Work

- Governing* (Mark Weatherford) — A Year to Focus on 3 Crucial Cybersecurity Issues

- LogPoint — LogPoint 2022 Predictions: The year of holistic threat detection and incident response

- Endpoint Security Solutions Review 11 Experts Share Advice on Device Security in 2022

- Synopsys — 2022 software security predictions that should be on your radar

- Computer Weekly Top IT predictions in APAC in 2022 (with security included throughout)

- Digicert — 2022 Security Predictions

- DataCenter Knowledge — Looking Forward to 2022: What To Expect in Cybersecurity

- Radware — 2022 Cyber Predictions: Supply Chain Crisis and Remote Workforce Lead to New Security Challenges

- Tenable — (Business Australia predictions) Cyber security trends businesses can anticipate in 2022

- Ermetic — Cloud Security Predictions for 2022 (with good pro tips)  

- DevOps Digest — 2022 DevOps Predictions (many on security)

- Experian Brace yourself for these five top data breach trends in 2022, Experian warns

- AttackIQ — 2022 Cyber Predictions: Former White House Chief Strategy Officer Weighs In on MITRE ATT&CK and More

- FedTech Magazine — 4 Federal Government IT Trends to Watch in 2022

- Optiv 10 Big Cybersecurity Bets For 2022 From Optiv CEO Kevin Lynch

- Cyber Crime MagazineGlobal Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025 and Cybersecurity Jobs Report: 3.5 Million Openings In 2025

- Beta News — Market opportunities, security challenges and the edge -- 5G predictions for 2022

- SC Magazine (pulled from a variety of cyber industry companies)2022 threat predictions: Ransomware, ransomware, ransomware

- PC MagazineSecurity Predictions Point to 2022 as the Year of the Breach

- Nasuni (in Information Age) Five predictions that will shape the cyber security landscape in 2022

- Security Info Watch10 physical security predictions for the new year

- BlackfogBracing for the Inevitable: 5 Security Predictions for 2022

- NoNameSecurityAPI Security Predictions 2022: The Good, the Bad, and the Scary

- GitGuardianSupply chains, ransomware, zero trust and other security predictions for 2022

- Welivesecurity.com22 cybersecurity statistics to know for 2022

- Yahoo FinanceCybersecurity: What to expect in 2022 after chaotic 2021

- InfoworksTRENDS IN DIGITAL TRANSFORMATION: OUR PREDICTIONS FOR 2022

AWARDS


Most Comprehensive Vendor Report Overall: Trend Micro – Toward A New Momentum - Trend Micro Security Predictions for 2022

Most Creative (tie): McAfee Enterprise and FireEye 2022 Threat Predictions (love the prediction names!) and WatchGuard — great all-around videos again.

Least Reported But Most Likely Prediction: Beyond Trust for their prediction on Digital Death and Resurrection.

Scariest: Kaspersky LabsBoth Cybercriminals And State-Sponsored Actors Will Target Cryptocurrencies

Most Common: “Ransomware attacks will become more targeted and highly prominent.”

Technical (Geeky) Prediction to Watch: WatchGuard Spear SMSishing Hammers Messenger Platforms

FINAL THOUGHTS


Every year I read through hundreds of security predictions reports with thousands of predictions. No doubt, many are repeats and some predictions have already happened. Regardless, I always learn so much and gain new perspectives. My hope is that you will do the same — with much of the legwork already done.

What’s missing? Again, few, if any, “Cyber Pearl Harbor” or “Cyber 9/11” predictions. Also, the late-breaking news about Log4j received minimal coverage (on how that will impact 2022) because most reports came in too early.

There was also little mention about the Winter Olympics in China, the World Cup or other major sporting events.

Another big midterm election is coming in November, and few talked about bad actors meddling in that. However, most other areas were covered in detail as many focused on how cyberthreats will impact day-to-day life.

On the positive side, new federal cyber grants and more focus and coordination on cyber by global governments were covered by many — with a minority predicting a much better cyber story in 2022.

Happy New Year to all, and thanks for following “Lohrmann on Cybersecurity and Infrastructure.”

*Governing is part of e.Republic, Government Technology's parent company.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.