Keeping up with the latest cybersecurity trends in a regular year is a full-time job. But in 2021, it was exhausting.
While workplaces and entire societies were scrambling to adapt to the Coronavirus pandemic, hackers and cybercriminals were having a field day. The biggest cyberattack in history took place, and it feels like almost no one noticed. Meanwhile, we’re racing to a future increasingly dominated by AI, machine learning, and the Internet of Things – all ripe for exploitation and interference.
But it’s a new year. 2021 is behind us (finally!) With that in mind, I decided to look at the biggest cybersecurity trends in 2022 and help you understand what’s coming in the future.
TLDR: Cybersecurity in 2022 – 8 Statistics You Need to Know
- 3.5 m unfilled cybersecurity jobs in 2022
- Cybercrime will cost the global economy $1 trillion in 2022
- 41% of cyber attacks target small businesses
- 95% of cybersecurity breaches are caused by human error
- A cyber attack will take place every 11 seconds in 2022
- The global cybersecurity software market with grow to $230 billion in 2022
- 86% of cyber attacks are financially motivated, 10% are motivated by espionage
- 20% of companies surveyed experienced a data breach caused by a remote work
1. The SolarWinds Hack and The Cybersecurity Cold War
The SolarWinds hack was the most significant cybersecurity story of 2020. And yet, it received almost no media coverage.
The hack – considered by many an act of war – represents a massive escalation in tensions between the US and Russia, not to mention a new chapter in state-sponsored cyber-espionage and, potentially, cyber-warfare.
For now, it appears the SolarWinds hack was primarily an intelligence-gathering operation. However, amongst the 18,000+ businesses and organizations affected, the hackers successfully infiltrated the US government’s highest levels: the department of Justice, the Pentagon, and maybe even the agency in charge of nuclear weapons.
While the operation was discovered in December 2020, it appears to have started the way back in September 2019 and went undetected for eight months.
As if that wasn’t bad enough, it now appears that Chinese-back hackers also targeted SolarWinds in a separate, successful attack.
What does this all mean for cybersecurity in 2022? While the companies and government agencies grapple with containing the fallout from the attack, Russia hawks are pushing the Biden administration to retaliate with bigger, more devastating attacks. Furthermore, many people believe a more aggressive, offensive stance against all its ‘enemies’ is the only way for the US to deter further cyberattacks.
We are entering a new age of state-sponsored cyber warfare, a new Cold War for the 21st Century, that will reverberate through our lives in ways we can’t predict – and may never fully understand.
While there’s little we can do to prevent this, we can all prepare for the fallout by educating ourselves on the biggest cyber threats and investing in better security.
2. Remote Work and Distributed Teams
Almost two years since the pandemic sent so many of us home, it doesn’t look like we’ll be returning to the office any time soon.
In fact, many of us don’t want to. Countless polls and studies show that most office workers want to continue working from home, at least part-time.
While it’s encouraging to see so many employers embrace distributed workforces, this shift presents a huge issue for companies, government agencies, and even small businesses whose employees are increasingly remote.
By some estimates, 95% of cybersecurity breaches are caused by human error – and that was before remote work became mainstream in many countries. Already, one study has suggested that remote workers responsible for 20% of cybersecurity issues in 2020.
Top 7 Remote Work Security Threats
The transition to distributed and remote teams increases the cybersecurity risks posed to companies significantly.
- 3rd Party Tools and Apps: An external tool you’ve adopted to facilitate remote work is hacked, exposing your company and workforce.
- Phishing: Cybercriminals send emails posing as 3rd party software providers, tricking employees into providing access to secure networks.
- Unsecured Networks: Employees connecting via their home wifi or public connections (cafes, coworking spaces, etc.), which are easily hacked.
- Unsecured personal devices: Employees working from personal devices, which have been hacked or infected with malicious software. There’s also an additional risk of personal devices being stolen.
- Data Loss and Breaches: Remote employees fail to adequately separate work and personal data, accidentally share company data, or inadvertently delete/lose data.
- Password Sharing: Employees creating accounts on remote work software reuse old and weak passwords that have already been exposed and made available online.
- Malicious Insiders: Disgruntled or malicious employees may exploit the transition to remote work and weakened security infrastructure to attack a company, steal private data, or pursue other nefarious schemes for personal gain.
Remote teams and the WFH trend will continue to represent significant cybersecurity threats in 2022 and beyond. As small businesses face increasing threats from hackers and cybercriminals (see below), employers with remote teams need to invest in cybersecurity training and education, dedicated cybersecurity expertise.
These initiatives can be costly and time-consuming. But they’re a lot less expensive or devastating than a successful attack.
3. The Shortfall in CyberSecurity Talent will Increase Pressure on Strained Industry
In 2019, hundreds of leading cybersecurity groups agreed on a startling prediction:
By 2022, the global shortfall in cybersecurity talent would grow so vast, there would be over 3.5 million unfilled jobs in the cybersecurity industry.
Well, it’s 2022, and by every measure, that prediction has come true.
While cybercrime is surging, the demand for cybersecurity talent and expertise to fight back is not being met. In the US alone, the industry needs to fill 314,000 roles – representing a 44% increase in the cybersecurity workforce.
And that’s just to meet the current demand.
Unless governments and businesses can find a way to improve the number of people entering the cybersecurity workforce drastically, the shortfall will only increase, as hackers and criminals run rampant and become increasingly bold.
It shouldn’t be that difficult. The cybersecurity industry boasts a 0.0% unemployment rate. Which, when you think about it, is kind of crazy.
With the Coronavirus pandemic creating so much unemployment, uncertainty, and job insecurity globally, the cybersecurity industry is a shining beacon of opportunity and guaranteed work long into the future.
4. Hackers Are Already Targeting NextGen Software
One of the most exciting trends in 2022 is the massive strides being made in next-generation technologies, from 5G and the Internet of Things, to machine learning and AI.
The pace of innovation and change is exhausting, and making predictions about what the future holds feels like the wildest sci-fi coming true. The world is changing rapidly, and these innovations will have a massive (mostly positive) impact on all our lives.
Naturally, however, bad actors are already looking for ways to exploit the latest cutting-edge tech for personal or political gain. The plague of misinformation and the growing issue of deep fakes are two troubling examples, but they’re potentially just the beginning.
While it’s easy to get caught up in the latest wearable tech gadget and machine learning milestone, we should all take pause and consider the security implications of adopting them into our lives.
Take time to conduct some due diligence and ask yourself if the security risks are worth any perceived benefit or convenience. Don’t feel like you need to rush and at the vanguard of every innovation. Wait a while until the experts have vetted them and worked out all the dangers.
5. Smaller Businesses Targeted More Than Ever
While massive, scary hacks like the SolarWinds attack understandably attract the most attention in the media, the truth is giant multinational companies are no longer the #1 target for cyberattacks.
Malicious actors and cybercriminals know it’s much easier to infiltrate a small company with a dozen employees than big fish like Microsoft and Marriott. You’re better off leaving them to hackers with government backing.
As a result, small to medium-sized businesses (SMBs) are becoming increasingly popular targets for cyberattacks. The FBI reported a 400%+ increase in attacks against American SMBs in 2020. SMBs are now targeted in over 70% of all cyber attacks. That number is up from 18% in 2011.
I see this play out every day in my work.
In 2020, I reported on more than 50 data leaks that exposed over 100 million people to fraud and hacking. The vast majority of these leaks came from small companies you’ve never heard of. And they happened as a result of negligence, inexperience, and indifference.
Dark web hacking forums are full of posts gleefully sharing successful hacks against SMBs – and tips on how to target them.
In the wake of Covid-19, as our lives shift increasingly online, this issue is only going to get worse. Small businesses around the world are scrambling to build websites, apps, and online services to meet the demand and survive the rapid transformation.
The vast majority are not investing in cybersecurity.
Hackers know this and are actively pursuing opportunities to target more and more small businesses in 2022. The result isn’t just an issue for SMB business owners. The economic cost of cyberattacks is estimated to hit $6 trillion in 2021.
The Bottom Line
Keeping up-to-date on the latest trends in cybersecurity is more important than ever. Hackers and cybercriminals don’t rest – and every new technological innovation presents them with a new opportunity to exploit.
Make sure you know what dangers are lurking on the web so you can keep your business, family, and finances safe from hacking, theft – or something much worse. Learn to identify potential cybersecurity vulnerabilities and take steps to mitigate them before it’s too late.
And always remember: awareness and prevention are the best defences against the biggest cybersecurity threats.