Cyber Predictions For 2022: What's Coming Next Year

It's December, so you know what that means; it's prediction season! It's the particular time of year when everyone gives their opinion on what will happen next year in cyber. We, of course, are no exception. We predict the next year will hold more phishing, more impactful ransomware, more organizations using cloud services, and more breaches.

Phishing will continue to be the most significant attack vector.

Nearly 75% of all organizations reported experiencing a type of phishing attack in 2020, according to Proofpoint's 2021 State of Phishing report. The total number of reported phishing attempts has only continued to grow over the past few years. According to an IC3 report, in 2020, phishing was the most reported threat in all its various methods. In 2022, phishing will only get more sophisticated and targeted. Bad actors will easily disguise bad messages by adding more social engineering tactics and using deep fake technology. The best way to combat these tactics is cyber awareness. Training an organization's workforce to identify and report phishing attempts correctly will be the best protection from getting breached. 

Ransomware will increase and escalate.

Ransomware hit new highs during 2021. According to a SonicWall report, a new high of over 75 million attacks was recorded by June. Also, higher-profile attacks such as Colonial Pipeline and JBS disrupted the global economy. Critical infrastructure, supply chains, and healthcare will continue to be a favorite target for ransomware. Ransomware-as-a-Service groups like the former DarkSide or REvil groups make ransomware easy to obtain and execute. Bad actors have easier access to ransomware, there will continue to be a significant increase in incidents, data exfiltrated, and demand amounts. 

Organizations will migrate to the cloud.

Since the pandemic shifted the traditional working landscape toward remote work from home, many companies are now looking for cloud-based security and information storage solutions. According to Fortinet 2021 Cloud Security Report, 56% of organizations will be running 50% or more of their workloads in the cloud over the next year and a half. This goes with an increased concern about misconfigurations and the exfiltration of sensitive data.   

Healthcare will continue to get breached.

Healthcare was a favorite target for attackers in 2021 and will continue to be in 2022. In 2021 over 40 million patient records were known to be compromised, with many more suspected to be unreported. The Journal of Computer Science reported that 66% of healthcare security breaches were due to negligence rather than malicious intent, i.e., an external hacker or ransomware. The healthcare industry is notoriously slow to accept and change with new technologies like blockchain or cloud security. These outdated systems and structures are more vulnerable and will continue to be targeted for cyber attacks such as ransomware or leaks. 

As with any cybersecurity predictions, the only certainty is cyberattacks will happen. Tired and true methods such as phishing and ransomware coupled with easy-to-use malware will only increase the prevalence and complexity of cyberattacks. The best protection is still being cyber aware. The more an organization educates and trains its workforce, the better protected it will be.