Cybersecurity’s Evolution Through 2022

2021 was a landmark year in the cybersecurity landscape. Organizations faced an uptick in cyberattacks amid the continuation of remote work—and CISOs everywhere were put to the test. If 2021 was any indication, 2022 will be another record-breaking year in the cybersecurity space. 

In 2022, CISOs will need to remain vigilant and innovative to maintain their organizations’ security postures. Here’s what cybersecurity professionals and CISOs should expect as we move deeper into 2022.

Democratizing Cybersecurity Threat Awareness Will be a Top Priority

According to Cisco’s 2021 Cybersecurity Threat Trends report, more than 80% of all cyberattacks in 2021 came from phishing schemes targeting employees rather than security systems. Remember: Organizations are only as strong as their weakest link. 

An organization’s first line of defense is its people. Everyone is responsible for doing their part when it comes to identifying and reporting cyberthreats. Arming employees, customers and partners with information is a key preventative step business leaders can take to identify and mitigate vulnerabilities in 2022. For example, here at Cobalt, we launched a cybersecurity awareness campaign to ensure our employee base is knowledgeable about how cybercriminals deploy common attacks and what to look out for.

In 2022, we’ll see more security practitioners launch similar cybersecurity education initiatives to combat digital threats like social engineering. Awareness campaigns like these will become more and more common—and necessary—this year as cyberattacks proliferate. 

Organizations Will Integrate Pentesting With Their Tech Stacks

The global pentesting market is expected to reach $3.1 billion by 2027 according to a recent Marqual IT Solutions study. Though it’s abundantly clear that pentesting is a critical component of a comprehensive security program, many organizations pentest only on an as-needed basis, as traditional pentesting is costly, inefficient and inaccessible for many organizations.

Enter pentesting-as-a-service (PtaaS), a faster, cost-effective way for organizations to stay on top of their data security in between mandatory compliance checks. In 2022, PtaaS will pick up significant steam because of its speed, cost efficiency and accessibility. As cybercrimes increase in frequency and severity, PtaaS will become synonymous with preventative cybersecurity measures. 

More Major Breaches Will Focus on Stealing Cryptocurrencies

Cryptocurrency has a large role to play in the world of cybersecurity. As more legitimate firms embrace cryptocurrencies, it becomes a more lucrative target in addition to more traditional loot, like proprietary data or fiat currency. Cryptocurrency assets are anonymous by nature, so it’s open season for hackers to steal these coins and other assets with a lower risk of getting caught. And, since many consumers are new to the space, hackers can take advantage of investors’ ignorance and steal millions from unsuspecting victims in the process. 

Cryptocurrencies aren’t the only digital assets being sought after, though; NFTs and virtual real estate make for tempting targets as well. While the cryptocurrency market is currently experiencing massive volatility, its anonymity will make sure that it stays relevant to hackers everywhere in 2022. 

Ransomware-as-a-Service (RaaS) Will Become More Lucrative and Prevalent

Following the high-profile Conti attack last year, a growing number of criminal organizations (even those without sophisticated technical skills) decided to launch their own RaaS operations because there is big money in it. RaaS will continue to be successful in 2022 for one simple reason: Companies aren’t using proactive security controls.

RaaS threat actors pose a huge risk because their methods simply work. Most companies, to this day, still consider cybersecurity an afterthought. They aren’t built with security in mind; as such, cybercriminals will continue to exploit those fundamental weaknesses. 

 Nation-State Sponsored Attacks Will Increase

In the last few years, we have seen a rise in both small and large cyberattacks from state and non-state actors alike, including what we’re witnessing now between Russia and Ukraine. While state actors organize and fund these attacks to achieve geopolitical objectives, non-state actors often seek notoriety in addition to monetary rewards. These malicious parties are part of a larger ecosystem of brokers who provide information, access and financial means for those willing to pay for such assets – and they’re not going away anytime soon. Increased desire to leverage this as a source of financial gain will contribute to a continued rise in cybersecurity threats in 2022.

Mass Adoption of Policy-as-Code

In 2022, more business leaders will recognize that incorporating security into every aspect of the development life cycle will benefit their entire organizations and accelerate vulnerability remediation. Instead of writing code and then checking to see if it passes policy checks, developers must begin the development process with the current rules in mind to make sure that their code is compliant and highly secure. 

The mass adoption of policy-as-code will make coding and patching more efficient and protect organizations from new threats when they inevitably emerge. It will also make the generally laborious task of compliance testing much faster since all teams will recognize the same set of policies as they progress through the software development life cycle. This year, we will finally see developers creating with compliance in mind.

Cybercriminals are showing no sign of slowing down. Business leaders should keep their eyes on these six cybersecurity attack vectors to keep their digital assets secure in 2022.