2022 Cybersecurity Predictions: From AI Innovations to Vendor Visibility

There was a lot of interesting cybersecurity data and trends to come out of 2021, and it doesn’t seem like the new year will be any different. To help tech companies prepare for 2022, we asked leaders from our Cybersecurity Advisory Council and Cybersecurity Community for their predictions on what to expect for the next 12 months.

Their thoughts ranged from AI innovations in cybersecurity to increased visibility into vendors’ applications—and a lot more. Here’s a look at what they had to say:

Increased Attacks, Design Flaws Bring More Resilient Solutions

“In 2022, I think we'll see an increase of negative impacts from intentional (attacks) and unintentional (design and build flaws) failures of AI and ML systems, which will lead to a stronger focus on building and deploying resilient, failure-resistant solutions. We’ve already seen at least high-profile example of that in the real estate industry and I think more will occur until businesses better understand how to correctly leverage AI and ML in secure environments.” – Diana Kelley, founder, SecurityCurve

Ransomware, Regulations, and Threat Actor 'Whac-a-Mole' Will Continue

“We have seen brief reductions in ransomware attacks in Q4 of 2021 as threat actors are taken down temporarily by international governments or they hide in the proverbial basement while they morph into something new. The U.S. government will continue efforts to get ahead of cybercriminals through offensive measures and international pressure. We will see proposals for significant regulations around cryptocurrency used to pay cyber criminals. There will be stricter enforcement by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) against those who pay individuals, organizations, and nations on the sanctions list. We will also see limited cyber insurance availability, exponential premium increases of 4x to 10x and intense vetting and attestation of controls coming to tech service providers.” – Kevin McDonald, COO and CISO, Alvaka Networks

Getting ‘Securely Fit’ Becomes a Priority

“2022 is the year that SMBs will start to see that securing your business is about collaboration, with your IT security provider, with your staff, and with facing the reality of IT in today’s environment. IT Security isn’t a weight-loss program, it is a fitness regimen. Doing business in 2022 is no longer a walk in the park, it is a challenge that only the ‘securely fit’ will rise to.” – Joshua Lieberman, president, Net Sciences

AI Innovations Bolster Defenses

“I think that AI will play a much bigger role in cybersecurity, and we will see many new products and services that will utilize AI to defend against ransomware and breaches. This is important because although there are some AI-based analytical tools are available today, the application and use cases are vast and different models are needed to have a comprehensive defense strategy. For example, there are new AI-based tools coming out for e-mail and Windows-based devices that can complement the existing available products to deliver much faster and deeper analytics without any agents.” – Kevin Nikkhoo, CEO, XeneX

As Vulnerabilities Escalate, Higher Demand for Managed Detection

“With a record 18,000+ common vulnerabilities and exposures (CVEs) logged in 2021, organizations had to deal with an average of 50 CVEs per day. With adversaries rapidly exploiting vulnerabilities and diversifying attacks, 2022 will pressure defenders to improve their detection and response capabilities, increasing demand for strong MDR (managed detection and response) solutions.” – Pierson Clair, managing director, Kroll

Critical Visibility into Vendors’ Applications

“I think that the rise in software component vulnerabilities will gain much deserved attention in 2022. I predict that businesses across the globe will start pushing back against application vendors’ lack of transparency as to which components they use to deliver their solutions. The lack of visibility given to closed appliances, virtual machines, and application platforms leaves businesses in the dark when zero-day vulnerabilities are discovered in the software components used to build these platforms. Businesses are no longer willing to take a wait and see approach from vendors.” – Ron Culler, senior director of technology and solutions, ADT Cybersecurity

Legacy IT Device Vulnerabilities Threaten Enterprise, Mid-Market Firms

“Scanning and remote exploitation of internet exposed legacy IT devices and software, via zero days and a lack of patching existing vulnerabilities will accelerate and move into the top risk categories for enterprise and mid-market firms. In addition, supply chain attacks on IT tool systems used to deliver IT services will become an existential treat to IT service providers and MSPs in 2022.” – Ian Thornton Trump, CISO, Cyjax

Ongoing Climate Events Will Help Accelerate Digital Transformation

“Global climate change will impact hosting providers and business operations, the result of severe storms, leading to infrastructure failure due to abnormally high and low temperatures. On-premise IT infrastructure is most at risk in nearly all geographies from the impacts of climate change. This will accelerate digital transformation to cloud and hosting providers. Resiliency and redundancy especially from climate change impacts will become as important as traditional cyber security defences.” – Ian Thornton Trump, CISO, Cyjax

Increased Regulations Will Spur Data Privacy Rules and Policies

“I believe 2022 will be the year of regulation, meaning that we will finally start to see some substantial progress toward meaningful data privacy regulation in the U.S. and beyond. This will establish an increased importance around protecting customer data and coax companies into finally embracing at least a basic security program.” – Taylor Hersom, founder and CEO, Eden Data

More Stress, Pressure for Everyone in the Cybersecurity Industry

“Our expectation of trends effecting small businesses in 2022 are:

• Increasing pressure from cybersecurity insurance providers to attest and prove that companies are following the policies they are setting and not just pushing paper;
• Some industries will become more prescriptive around what cybersecurity solutions must be in place;
• Continuation of the pattern of weekend and holiday-based attacks causing mental stress on the IT industry as a whole;
• MSSPs will need to show increasing value for their work beyond detection and remediation causing a squeeze in margins and an increase in low cost MSSP providers;
• Awareness of major breaches will be regular news items just like fires and murders. We’re pretty close to being there already.” – Raffi Jamgotchian, president and CTO, Triada Networks

Lack of IoT Documentation, Training Will Lead to More Cyber Incidents

“Along with a significant increase in the use of IoT and IIoT products, we’ll see a significant increase in the number of cybersecurity incidents and/or privacy breaches next year. Many of them the result of exploiting IoT product technical vulnerabilities (insufficient product capabilities) and non-technical vulnerabilities (lack of documentation and training for IoT engineers, and consumer misuse). These incidents will include ransomware, killware, botnets, and data exfiltration, surveillance, and others.” – Rebecca Herold, CEO, The Privacy Professor

Businesses Upgrade Remote Worker Security

“Next year, we’ll see a tremendous growth in our remote worker security market. Many of our clients have realized that ‘work from home’ is staying and they now are upgrading remote workers’ hardware as well as investing in security/monitoring solutions for these workers. Organizations now realize they can’t keep using older home equipment for business use.” – Michael Goldstein, president, LAN Infotech

Related Content: Data, Cybersecurity and Software Driving Tech Jobs Growth in 2022 | Trend Watch