Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

Key Trends Shaping the Cybersecurity Industry in 2022

By Jadee Hanson, CIO and CISO of Code42

The 2021 cyber landscape was one of the most dynamic and rapidly changing that I have ever experienced as a security professional. Vulnerabilities and attack vectors that we didn't even know existed reared their heads for the first time this year, and it's become evident that these threats will persist in 2022. Data theft via insider exploitation, increasing ransomware events, and increased burnout of cybersecurity professionals represent a selection of primary areas cybersecurity professionals need to be cognizant of and proactively address as we ring in the New Year.

Threat actors will target internal employees to exfiltrate data

In 2021, we saw attackers take a new approach to data exfiltration - they targeted internal support teams, such as customer or IT support, to access and ultimately exfiltrate sensitive and proprietary data. We saw multiple instances of this, some successful and others not; however, we will likely see more of these kinds of incidents in 2022 as attackers continue to hone their techniques.

Also, with attackers directly targeting employees to plant ransomware or extract sensitive data, security awareness training will be more important than ever before. Organizations with effective security awareness training programs will ensure that every team is appropriately prepared for the threats coming from both within and outside the company. Employees are working across a plethora of networks, and each of their actions can pose a threat to the greater organization. If an employee is not appropriately trained to identify potential threats to company information, whether it be sending files to someone they believe works for the company or sharing documents via cloud applications, their organization is open to avoidable insider risks.

Organizations will need to take a more proactive approach to empower a risk-aware workforce and ultimately protect against insider risk events in the year ahead.

Data exfiltration as part of ransomware attacks will become more prominent

Ransomware played a major role in the 2021 cybersecurity landscape, and this trend will continue in the New Year. In 2022, I expect that the frequency of ransomware attacks will steadily rise and that data exfiltration as part of a ransomware attack will become a more prevalent issue moving forward. Attackers are becoming much more adept at how to inflict the most pain on organizations and the best ways to steal the most data from them. The reality is that as long as there is money to be made in ransomware, it won't go away; organizations are going to have to be ready for that.   

Cultural changes among the security practice

Now more than ever, employees are simply burnt out - with security professionals among the highest groups experiencing it. With burnout comes apathy and unintentional negligence, most consequentially skimping on security protocols. Over three-quarters of insider data breaches this year have been considered non-malicious, but with burnout reaching new heights, the industry needs to make a concerted effort to prevent this statistic from worsening.

Taking factors, such as workplace burnout and employee retention rates, into consideration in tandem with the general movement towards more empathetic workplace cultures, security leaders are encouraging more sensitivity among team members and across the practice. The notoriously stoic cybersecurity culture is changing, and, in 2022, we'll see more organizations adapting to this shift, changing traditional titles such as "Security Manager" to "Security Culture Manager" to align with the arguably overdue need to recognize that the culture a security team brings to the overall business is equally as important to the protections brought to the business.

The 2022 midterm elections will see increased security

With multiple contentious and high-profile midterm elections coming up in 2022, cybersecurity will be a top priority for local and state governments. While security protections were in place to protect the 2020 election, publicized conversations surrounding the uncertainty of its security will facilitate heightened awareness around every aspect of voting next year.

Minimal cryptocurrency regulations open doors for attackers

The popularity of cryptocurrency paired with the limited regulations around its buying and trading makes it a prime target for attackers. As we look ahead to 2022, I expect that threat actors will find ways to infiltrate the crypto market while it is still in a somewhat elusive stage; exploiting organizations as well as buyers and sellers for large returns.

There's no way to conclusively predict the trends that will shape the cybersecurity landscape in the year ahead. The cyber events of 2021 have highlighted the fact that security has become a critical function of business and everyday life. The heightened expectations-and immense pressure-on cybersecurity as a practice have launched it to the forefront of business operations and prompted an overall shift in security culture. It's evident that proactive cybersecurity strategies will be the only way to mitigate data loss and reputational damage in case of a cyber threat or insider risk event in 2022. Between midterm election security and cryptocurrency trading regulations, changes in industry culture are rapidly pushing cybersecurity towards the future and it's the job of security leaders to keep pace.

##

ABOUT THE AUTHOR

Jadee, CISSP, CISA, is the CISO & Chief Information Officer at Code42. Jadee's passion for security was born out of a computer science internship and developed into a profession with her first role at Deloitte. After five years and a lot of travel, Jadee's consulting experience led her to Target Corporation. She advanced through the ranks of Target's security team over the course of eight years, during which time she built many of the security programs and functions that exist today. In addition to her day job, Jadee is also the founder and CEO of the non-profit organization Building Without Borders.