BeyondTrust has released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer, Brian Chappell, Chief Security Strategist EMEA/APAC, and James Maude, Lead Cyber Security Researcher, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.
Prediction #1: space travel- Taking advantage of the huge wave of space tourism, expect
phishing attacks and faux websites to crop up across social media and the Internet.
Prediction #2: cybersecurity talent resources- 2022 will prove to be the most challenging year
yet with regards to the ongoing cybersecurity talent crunch. Some drivers of this supply-demand
imbalance include the accelerated adoption of hybrid cloud and digital transformation initiatives, post-pandemic projects ramping up, and budgets becoming available for spend. Security posture
improvements will be at the top of the list of desired projects. The imbalance will cause salary spikes
across the board for every level of IT security professional.
Prediction #3: 5G in everything- Consumers and businesses can expect that newer devices will
be cellular-enabled, or cellular capable, to provide services outside of local area and Wi-Fi networks.
This will allow connectivity using a subscription model and remove the barriers and troubleshooting
required for connectivity on home or small business networks.
Prediction #4: ransomware reinvented- In 2021, the ransomware model evolved to include data
extortion based on exfiltrated information. The evolution will continue and new paradigms to extort
money will emerge in 2022. Organisations should expect ransomware to become personalised and
increasingly involve different types of assets, like IoT, as well as company insiders. Targeted
disclosure of exfiltrated information may be perpetrated to specific buyers. We may even start to see
more flexible terms of payment, as opposed to lump sum payouts. With installment plans,
ransomware operators will decrypt victim assets over time, based on agreed upon payout terms.
Prediction #5: supply chain kinks- Supply chain attacks will further mature in 2022, expand in
scope, and increase in sophistication. Expect far more third-party solutions and common development
practices to be targeted. Organisations need to include third party supply chain breaches in their
incident response plans and plan for a public and private response, just in case they become an
inadvertent victim for a licensed solution.
Prediction #6: cyber insurance termination- Expect a tsunami of cyber insurance cancellations
and a mad scramble to obtain new coverage, potentially at much higher rates. To obtain coverage
and ensure the best rates, organisations will need to demonstrate the proper cybersecurity hygiene
demanded by cyber insurance underwriters. Failure to have agreed upon cybersecurity controls in
place will also be a key argument for insurers to refuse paying out after an incident, or to terminate
Prediction #7: freedom of social networks- Social networks will be under increasing pressure to
control the content posted by their users. This is also likely to result in broader powers for the
authorities to trace and identify malicious sources. Expect to see tighter controls on the content that is
distributed via social platforms, reliable attestation for the source of the material, and potentially
access to the data for authorities.
Prediction #8: softly, softly- Next year will see the average time from intrusion to detection grow,
giving attackers more time to perform reconnaissance and wreak havoc on systems. Expect a lot of
careful hackers to find their way into systems and establish long-term residences there.
Prediction #9: broken record- The number of successful attacks will continue to grow, the
average cost to the victim organisation per successful attack will rise, and the pattern will repeat. With
so many new and shiny technologies to choose from, the IT security basics just aren’t exciting.
“The seeds of rushed implementation of remote working and digital transformation bore fruit in the form of once-in-a-decade breaches like SolarWinds, Colonial Pipeline and others that seemed to occur monthly, said Morey Haber, Chief Security Officer at BeyondTrust. “Looking ahead helps us anticipate where cyber threat actors will undoubtedly head as they look to take advantage of this paradigm shift. At BeyondTrust, we plan to provide the best security solutions to address current and future attack vectors, which our customers and partners expect.”
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 920