Freely subscribe to our NEWSLETTER

1. We should expect cyberattacks to become a staple of military arsenals in 2022 and beyond – next year, more nation states will use digital vulnerabilities in smart cities, state and local governments to undertake cyberattacks which are part of national offensive strategies.

2. In 2022, we expect a significant rise in criminal copycats delivering malware via software updates – the Sunburst incident shocked the industry. Using highly sophisticated malware hidden inside legitimate software updates, the attackers not only exfiltrated targeted data but also spread the malware across a huge spread of victims. When malware is successful, copycat attacks will follow. What happens when malicious updates hit the mass market? How do we protect ourselves?

3. In 2022, organisations will turn to analytics to recalculate their understanding of cybersecurity risks and to reshape their protection strategies – when we talk about business risk, it boils down to two fundamentals: do we understand one) what we are protecting, and two) the factors that impact our ability to protect. The last eighteen months has seen a gradual erosion of the ‘rules’ we had in place to manage workforce behaviours, and without an accurate understanding of this behaviour, risks can easily be introduced. The “new rules” that govern technology and personnel requirements for the remote and hybrid workforce will drive how we protect our organisations from both internal and external threats.

4. As we incorporate technology into more critical infrastructure, including agriculture, we’ll see the emergence of new technologies as high-value targets for cybercriminals – as the agricultural industry embraces digital transformation, new attack surfaces are formed. With remote controlled tractors and automatic watering devices or livestock feeders, the potential for disruption is sobering. Combine this with growth in smart cities built on IoT, and steps must be taken now to protect our streets and crops. It begs the question: are essential services like electricity, food and water becoming too smart for their own good?

5. Existential threats like ransomware demand a fresh approach. In 2022, 100% prevention will become the standard as organisations fully embrace Zero Trust principles – ransomware is the sleeper agent of cybersecurity, and despite the billions invested in combating this malware, detection is not the answer. Zero Trust goes some way to managing the threat, but it must evolve towards the 100% protection of critical data, and that means 100% prevention. We need unconventional approaches to defend our economies, critical infrastructure and way of life.