Security Experts:

Connect with us

Hi, what are you looking for?



Predictions: SecurityWeek’s 2022 Cybersecurity Outlook

Cybersecurity Predictions for 2022

Cybersecurity Predictions for 2022

Members of the SecurityWeek editorial team look into their crystal balls and make some bold predictions about the big cybersecurity stories that will dominate the headlines in 2022. Our predictions cover the range of issues plaguing cybersecurity, including ransomware extortion attacks, software supply chain weaknesses, ICS security, geopolitics, IoT and privacy.

Editor-at-Large Ryan Naraine on nation-state APTs, software supply chain security and the hackers-for-hire industry:

Ransomware slows – Major ransomware outbreaks will slowly subside as companies beef up defenses and counter-operations by global law enforcement disrupt and (partially) disable the high-profile gangs. In 2022, security leaders will continue to prioritize the basics (properly tested backups, patching, multi-factor authentication and secure cloud deployments) to reduce exposure to ransomware extortion, making it more of a nuisance than a national security threat. We will see a blurring of the lines between ransomware and nation-state data theft and espionage campaigns (see prediction on Iran and North Korea below).

Supply chain mega-hacks – Even as ransomware attacks subside, the extent of the software supply chain weaknesses will come into sharper focus. Expect a few more SolarWinds-type supply chain mega-hacks to dominate the headlines as more and more threat actors take aim at the open-source software ecosystem. By the end of 2022, financially motivated cybercriminals will join the nation-state APT operators in the supply chain malware free-for-all. It will be a long, painful slog.

The hacker-for-hire industry – A big story this year will be the continued outing of PSOAs (private sector offensive actors) supplying exploits and hacking tools to governments around the world. The big tech vendors – especially Microsoft, Facebook, Apple and Google – will lead the pushback with research reports naming-and-shaming private mercenary hacking teams and, depending on where these vendors are located, expect to see more U.S. government sanctions activity.  Interestingly, several U.S.-based companies will be caught up in the firestorm.

Iran and North Korea financial malware – Government-backed hackers linked to North Korea and Iran will aggressively target poorly protected organizations with malware capable of siphoning billions of dollars from crypto-banks and financial institutions. In response to sanctions from the west, Iran and North Korea APT teams will hide among the ransomware gangs to expand the scope of billion-dollar financial crimes.

China’s zero-day factory – The scale of China’s offensive cyber capabilities will be front and center in 2022 as new zero-day disclosure rules take effect and Chinese hackers continue to show off technical brilliance at exploiting the most modern software products. The just-passed Data Security Law in China gives that government exclusive access to a steady stream of zero-days and, like we saw with the Log4j crisis, private Chinese companies are already feeling the squeeze. This year, I expect to see Tianfu Cup zero-day hacking competition serving as a kind of military display of Chinese hacking capabilities with a stunning arsenal of zero-days feeding into .gov malware toolkits.

Malware below the OS – We will soon start to see a steady flow of malware discoveries below the operating system, specifically rootkits and bootkits targeting flaws in UEFI firmware. By the end of the year, every major APT toolkit will include firmware implantation capabilities, forcing a major revamp of anti-malware defenses.

The great resignation in cyber – Weary and overworked from all the major cybersecurity crises, skilled practitioners will continue to resign en-masse, leaving security programs struggling to fill important positions. The lingering exhaustion from the SolarWinds/Kaseya/Log4j incidents, combined with pandemic-induced anxieties, will cause the ‘great resignation’ to hit harder as director-level staff join the exodus. By the end of 2022, the cybersecurity skills shortage will reach critical levels with no real relief in sight.

Eduard Kovacs on industry trends and OT/ICS security:  

VC funding frenzy – 2022 will be another record-breaking year in terms of venture capital funding for startups solving cybersecurity problems. The surge in valuations and so-called unicorns will continue into 2022 with multiple companies scoring significant funding rounds at head-scratching valuations.

M&A activity – The volume of mergers and acquisitions will remain steady – roughly 400 cybersecurity-related deals will be announced in 2022.

Targeting the power sector – Electric utilities will continue to be targeted by ransomware and some will suffer significant disruptions, mostly on the IT side. 

OT breaches – Some manufacturers will publicly admit that production has been disrupted due to a breach in the OT network, which is increasingly connected to the IT network and even the internet.

Industrial control system vulnerabilities – The number of ICS vulnerabilities discovered by vendors and researchers will continue to increase and it will exceed 1,000 in 2022.

Kevin Townsend on geopolitics, privacy, tokenization:

Geopolitics – There is already a global cyberwar. So far, it is jockeying for position – like interfering in elections, mapping critical infrastructure networks and stealing state and trade secrets. The danger is that at any time, somebody could make a mistake and go too far – and that could lead to actual fisticuffs.

Mobile Internet of Things – IoT devices are increasingly used in vehicles: cars, transporters, aircraft, drones and satellites. These vehicles will become attractive targets. Compromise could be catastrophic. Extortion could be the motivation.

Privacy – Governments legislate for privacy to please the voters. But governments do not adequately enforce their own legislation for fear of upsetting big business and damaging economies. This is an ongoing tension that needs to, but probably cannot, be solved.

Tokenization – The cloud has changed the economics of ‘encryption’. Tokenization is no longer too expensive to consider. Technically, tokenization offers many advantages over traditional encryption. The question will be whether new tokenization companies can make headway against entrenched opinions and investment in traditional encryption.

Quantum – Some form of quantum computing could, but almost certainly will not, appear in 2022. However, the future threat of quantum decryption is here now. Vendors will announce more methods of quantum-proofing encryption, while nation states will increase the theft of national and trade secrets and PII, pending future decryption.

Adversarial AI –  The use of artificial intelligence by criminal groups will increase. It will be used in advanced BEC attacks, and in confusing AI and machine learning defenses.

Ionut Arghire on cybercrime and IoT security:

Ransomware will continue to be a menace to both private and public sectors, critical infrastructure included. It’s a proven, high-return business model for numerous cybergangs and others will join the fray/replace retiring groups. Nation-states will also increase their extortion-based revenue-generating activities.

Russia- and China-backed APT groups will be less visible, mainly due to an increase in sophistication. Lesser known APTs will add new exploits to their arsenal immediately, but established groups will invest more in keeping a low profile. At least one years-long APT campaign will be uncovered. 

IoT and software supply chain vulnerabilities will remain a steady occurrence in headlines, but, following 2021’s major attacks, security researchers will focus on the latter. That will result in more high-impact supply chain flaws being discovered.

Counter-operations –  Security companies and law enforcement will increase their efforts to identify and dismantle cybercrime rings, but disruptions will most likely be temporary/partial. An increase in adversary sophistication will result in malicious operations being restored with relative ease.

Thank you for reading SecurityWeek, we wish you a healthy and secure 2022! 

You can also read some 2022 insights from our industry contributors:

Derek Manky: A New Year Will Bring New Targets: What to Look for in 2022

Laurence Pitt: What to Expect in 2022: Microservices Will Bring Macro Threats

Keith Ibarguen: The Human Connection: A Mindset for the Coming Year

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

M&A Tracker

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.