CyCognito’s 2022 Cyber Security Predictions

By Lisa Bilawski, Director of Content Marketing | January 11, 2022

Once again, the season of cyber security predictions is back upon us. This year we come with a collection of predictions from a selection of experts to provide a glimpse of what is coming in 2022. 

2020 was a whirlwind of changes to adapt to a unique biological threat. This forced an evolution in how businesses operated, moving more into the cloud and pushing rapid adoption of remote work. In 2021, this trend continued with remote work still being the rule rather than the exception and businesses learning how to manage in this new environment.

On the other hand, attackers were quick to adapt to the changes in business and have been busily continuing their business. Ransomware has continued to rise to take advantage of companies already struggling to maintain the new normal. The increased attack surface of business transformation also opened the door to some of the most significant breaches on record with SolarWinds, Colonial Pipeline, and Kaseya, just to name a few.

The stakes have only gotten higher for businesses to protect their digital assets. What security challenges and trends are in store for 2022? 

In this series, we've been exploring predictions from CyCognito experts on the state of cybersecurity for 2022. In our newest installment, we spoke with Ansh Patnaik, CyCognito's Chief Product Officer, and Randy Streu, CyCognito’s Vice President of Business & Corporate Development about their predictions and expectations for this year. 

Predictions from Ansh Patnaik, Chief Product Officer at CyCognito

Ansh's extensive experience delivering enterprise software across security, compliance, cloud, and data-related software segments and his ability to translate market data into product vision offers a unique perspective and extraordinary insight when looking at industry trends. We asked him to share his top predictions for 2022, and here's what Ansh had to say:

Security Board Seat Requires the Right Data

While the board has often had members on it with primary expertise that they brought to the table, cybersecurity was rarely a focus. With the increase in attacks over the last few years, there is a real need to have cybersecurity experience in the boardroom. In fact, Gartner predicts that by 2025 40% of boards will have a dedicated cybersecurity committee. 

I agree with Gartner that we will see more board-level focus on security and with this increased focus we will also see an increased need for the data to arm that board member (or team). I anticipate that we’ll see requests for the following broad categories of data. First, information of the current state of their cybersecurity program in both relative and absolute terms. How are they doing overall, and how does that compare to their peers? Second, as with insurance, they will want trend data. And finally, they will need to know what areas generate the most risk. What asset groups or subsidiaries or geographies are presenting the most risk to the company. Then, they can present this information to direct funding and risk-mitigation efforts.     

Getting Proactive Against Ransomware

We all acknowledge that 2021 was the year of ransomware. It has impacted all aspects of the security industry, and in some cases, even our everyday lives. Historically, the common wisdom was that the best defense against ransomware is for organizations to backup their data. But that’s a false hope. Even if an organization can restore data, an organization still runs the risk that any stolen data will itself be ransomed. 

The real best defense is to prevent ransomware from ever entering an organization in the first place. 2022 is the year to get that done. It’s the year to invest in the technologies that help you proactively identify the paths of least resistance into your organization so you can fortify those exposures before an attacker can take advantage. 

Ansh's predictions about the board-level changes that organizations should expect are on point. It's imperative that cybersecurity awareness become embedded in our organizational mindset. This is definitely a trend that enterprises need to get in front of because executives with cybersecurity acumen aren’t an unlimited resource. Being proactive about ransomware makes smart business sense, especially since August of 2021 saw a 125% increase in cybersecurity incident volume year-over-year. Prevention is going to be a watchword for 2022, without a doubt.

Predictions from Randy Streu, VP of Business & Corporate Development

Randy’s broad range of leadership experience in both public and venture-backed companies creating comprehensive and transformative partner programs across global markets, including OEM, channel, and strategic technology alliance initiatives, lends him exceptional insight. We asked him to share his top predictions for 2022, and here’s what Randy had to say:

360 Degree Visibility Becomes Critical

Organizations can only protect themselves from what they can see. The rapid evolution of technology and cloud adoption has made the IT ecosystem extremely complex and the proliferation of attacks in the past two years has highlighted the importance of knowing the external attack surface. But businesses will need improved visibility both inside and outside of the network to continue to stay ahead of attackers. 

For that reason, I predict that in 2022 the intersection of ASM (attack surface management) and XDR (extended detection and response) will gain steam. Converging the outside-in ASM discovery, contextualization, alerting, and monitoring with internal protection to draw more accurate correlations between data points and ensuring complete coverage will reduce false positives and allow security teams to diagnose actual attacks early on more accurately. This expedites the overall response rate, helping mitigate attacks early in their lifecycle before they become major incidents.

Cyber Insurance gets a Reboot 

With the fast pace of change and the skill of attackers—as evidenced by the continued rise in ransomware—the cyber insurance landscape is set for a seismic shift in 2022. Insurance companies that want to stay in the cyber security market and remain profitable will need to adopt a new and agile approach based on modern technology. In particular, approaches that mimic attacker behaviors to assess risk not only during underwriting but also continuously throughout the policy will see more success. We’re already seeing this from the smaller, tech-centric insurance vendors but I anticipate that in 2022 the heavyweights in the industry will also either adapt or opt-out.

As Randy's predictions indicate, now more than ever, in-depth visibility throughout your IT ecosystem is crucial to your cybersecurity posture. At the same time, watch as ransomware forces cyber insurance companies to adapt or die. 2022 is shaping up to be a dynamic year in all industries, with cybersecurity at the fore. You can get more insight on this in Randy's blog

Look forward to our next segment when we hear from more of CyCognito's top executives and experts on what trends to expect in our industry this year.

Predictions from Jim Wachhaus, Attack Surface Protection Evangelist

Today we’ll take a look at predictions from Jim Wachhaus, CyCognito’s Attack Surface Protection Evangelist. Jim’s twenty-plus years of experience in technical roles across the cybersecurity industry provides him unique insight into the state of cybersecurity both now and in the future. We asked him what his top predictions for 2022 looked like. Here’s what Jim had to say:

Ransomware/Supply Chain Disclosure

After having success in the Colonial Pipeline and Kaseya attacks, cybercriminals will increase their focus on ransomware attacks in the coming year. And given the success of both the SolarWinds and Accellion supply chain breaches, there will be more focus from the community on the “upstream origin” of “downstream attacks.” 

I predict that these ransomware and supply chain epiphanies will be accompanied by legislation to force timely and complete public disclosure of breaches involving ransoms or potential “downstream consequences.” These will include notification requirements after organizations pay a ransom so that the public and the government know where attacks are happening and how they occur. Better transparency will hopefully lead to organizations responding faster and catching attacks earlier or preventing the downstream consequences altogether with shortened response times.

Rise of AI/ML 

In 2022, artificial intelligence (AI) and machine learning (ML) will expand how we automate rote tasks and let professionals focus on more complex, creative, and strategic areas that cannot be readily automated. This is not to say that AI will replace anyone doing routine work. But for tasks like discovery and security testing, AI is pragmatic and promising, while the next steps will invariably need to be approved and taken by people. AI will be able to fill in for the routine, repetitive, and boring “first step” tasks with automation and machine accuracy with people doing the complex work of exploit validation and remediation.

ML-driven automation is essential for scale and accuracy in complex environments to maintain security and best practices. The adoption of AI and ML will grow in importance as increased cloud adoption and accelerated digital transformation continues to add complexity for humans and skilled labor shortages persist.

Year of Electric Vehicles (EV)

2021 was a weird year thanks to the pandemic and unintended consequences. The supply chain and international logistics became a family conversation topic as people stranded at home with more savings wanted to buy things that they couldn’t get thanks to bottlenecks on container ships at ports. Even multi-billionaires have lamented the pain of the supply chain shortages! But for us regular folk, because new cars were in short supply, people sought to purchase more used cars in 2021.

In 2022, this is likely to change as supply chains work out issues and automakers push out new electric vehicles that are more affordable. So, all those used cars will start to get long in the tooth, and rather than invest in legacy technology that guzzles gas and requires ongoing maintenance I think more consumers will switch to EVs for not just the economy but pragmatism and fun of innovation and automation.

As Jim’s predictions indicate, it’s not time to let our guard down and we can expect the government will try to ensure we don’t. At the same time, we can look for expanded adoption of AI and ML in answer to increasing technological complexity and skills shortage’s. Let’s just hope he’s spot on about those electric cars. 

About Lisa Bilawski, Director of Content Marketing

Lisa Bilawski, Director of Content Marketing, enjoys creating content for the security and IT audience that educates, delights and inspires."

Contact Author:
  • linkedin
  • email

Start Eliminating Your Shadow Risk

Demo Request