Back to Blog

Cybersecurity Trends to Watch in 2022
Cybersecurity

7 Cybersecurity Trends to Watch in 2022

11 minute read | February 16, 2022
Kindra Cooper

Written by:
Kindra Cooper

Free Cybersecurity Course

Enter the cybersecurity field with our free introductory course. Learn the basics and build a strong foundation.

Enroll for Free

Ready to launch your career?

While 2021 was a year of flux in cybersecurity—with high-profile breaches including the SolarWinds hack, the Colonial Pipeline attack, and alleged election interference—2022 looks to be less of a year of “firsts” than a solidifying of what we learned the previous year. 

We’ll see hackers and cybersecurity professionals going head-to-head to use offensive and defensive AI in increasingly sophisticated ways. Now that the pandemic has cemented remote work as an ongoing arrangement rather than a passing fad, cybercriminals are redoubling their efforts to target home wifi networks, which are notoriously attack-prone without the right safeguards in place like using a VPN, disabling universal plug-and-play, or creating a unique password different from the one set by the internet service provider.

Even though the talent shortage in cybersecurity is easing up for the second consecutive year, new positions are being created faster than organizations can fill them. Unfilled cybersecurity roles create major vulnerabilities for businesses, especially with the growing costs of cybercrime. Cybersecurity Ventures predicts that the cost of cybercrime will balloon 15% per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. 

Here’s what else you need to know for 2022. 

1. AI-Powered Cybersecurity Is on the Rise

1. AI-Powered Cybersecurity Is on the Rise

With an estimated 2,200 cyberattacks taking place per day—equating to one attack every 39 seconds—SOC analysts are bombarded with alerts. Analysts have to triage the alerts, investigate those that appear to be likely threats, identify the type of threat, and issue a response. Needless to say, the process is slow. That’s where defensive AI comes in. By detecting unusual patterns of behavior and cross-examining a threat against a database of known threats, AI can do what it does best: infer relationships and anomalies. Financial institutions already use this type of threat analysis to detect fraud: they use AI to analyze a customer’s keystrokes, their voice over the phone, or the location of a transaction. Any actions that appear out of the ordinary are flagged for investigation. However, one of the biggest shortfalls in human-first cybersecurity is how easy it is to miss threats that have already infiltrated the network. In fact, 56% of breaches take months or longer to discover, according to Verizon’s 2019 Data Breach Investigation Report. 

Human-machine teaming provides a crucial stopgap. In a survey by MIT Review, 60% of respondents reported that human-driven responses to cyberattacks are failing to keep up with automated attacks. Research by Capgemini recently found that two-thirds of businesses now believe AI is necessary to identifying and countering critical cybersecurity threats, and nearly three-quarters of businesses are using or testing AI for this purpose. However, AI is also being used to launch cyberattacks (offensive AI) as well as mitigate them (defensive AI). 

Here are some of the top use cases for defensive and offensive AI in 2022. 

  • Threat detection. Automated threat analysis is carried out by a type of IT infrastructure known as security information event management (SIEM) which combines two technologies: security information management (SIM) and security event management (SEM). A SIEM system conducts real-time monitoring by collecting log and event data from the organization’s entire information security system, including applications, networks, security devices, and other sources. The algorithms are designed to run pattern recognition and detect malware or ransomware attacks before they enter the system. A 2019 report by AT&T revealed that 76% of cybersecurity professionals reported their organization’s use of SIEM tools resulted in a reduction of security breaches. 
  • User authentication. Traditional user authentication works by matching a combination of inputs such as a password, PIN, or security code to a database of known inputs. However, hackers can gain access to user credentials using brute force attacks and social engineering, or by intercepting emails and text messages. Even biometric authentication–facial recognition, fingerprints, voice recognition, or keystroke recognition–can be faked as hackers use AI to perpetrate attacks. 

The top use case for defensive AI is risk-based authentication. This means using information on context to determine whether or not a user is legitimate. Context includes data such as the location from which the user is attempting to log in and the device being used. For example, if the user typically logs in from home via one IP address and suddenly attempts to log in from another IP address, AI will flag it as an unusual log-in attempt. With each login attempt, the AI returns a risk score. If the risk is high, the user will either be blocked from access or asked to provide an alternate form of authentication. Best of all, the AI develops increasingly accurate algorithms over time to determine which factors indicate a likely attack. 

  • Secure application development. Until recently, cybersecurity protections were treated as an afterthought in software development. Secure application development is the process of integrating security measures into every stage of development. For example, conducting security-focused code reviews using natural language processing-enabled tools that highlight vulnerabilities right from the integrated development environment (IDE), or doing penetration testing during the QA phase. Dynamic code testing analyzes running code and can simulate attacks on production systems to reveal more complex attack patterns. 

According to SAP, 84% of cyber attacks happen on the application layer, making it the number-one attack surface for hackers. The reason? Once an attacker exploits a weakness in an application, they gain access to the data behind that application, including user information. Unfortunately, the majority of applications aren’t completely secure. In a report by Veracode, 83% of the 85,000 applications it tested exhibited at least one security flaw, and 20% of all apps had at least one high-severity vulnerability.

  • Launching cyberattacks. Cybercriminals haven’t quite reached the point where they can use AI to launch autonomous cyberattacks with little human input, but they’re getting close. Currently, the main use case of offensive AI is to augment existing cyberattack methods–tampering with datasets that are used to train a machine learning model to introduce bias or enhancing social engineering strategies by digging up information on the victim. For example, in 2019, an attacker used AI to imitate a CEO’s voice in a phone call, defrauding a UK energy company of £200,000. According to a Forrester survey, 88% of security experts believe AI-powered attacks will become common in the coming years.

2. IoT Devices Represent a Major Attack Vector

2. IoT Devices Represent a Major Attack Vector

While IoT devices make it easy to never run out of coffee, track your own biometrics, or open your blinds without using your hands, they represent a juicy attack vector for cybercriminals. The first six months of 2021 saw 1.5 billion attacks on IoT devices, an increase of more than 100% from the previous half-year. According to Symantec, IoT devices suffer an average of 5,200 cyberattacks every month. IoT attacks make it easier for cybercriminals to attack private citizens. By gaining access to networks via household appliances, attackers can infiltrate computer systems that share the same Wifi network to steal personal information or spy on the home’s inhabitants. 

Get To Know Other Cybersecurity Students

Eric Rivera

Eric Rivera

IAM Security Specialist at Dearborn Group

Read Story

Jose Mendoza

Jose Mendoza

Cyber Security Career Track Student at Springboard

Read Story

Karen Peterson

Karen Peterson

Compliance Advisory Associate at Coalfire

Read Story

Common types of attacks include exploiting cameras and microphones embedded in IoT devices to listen in on personal conversations and capture footage from inside the home. A couple in Milwaukee reported that hackers took over their Nest camera, doorbell, and thermostat by playing disturbing music at high volume, talking to them through a camera in the kitchen, and hiking their thermostat to over 90 degrees. 

However, with millions of people working remotely, hackers are using IoT devices as an entry point to corporate resources. When remote workers log onto corporate networks using personal devices on a home Wifi network, there is less endpoint visibility (a security measure that allows admins to see what devices are trying to access the network) and introduces more attack vectors. In fact, 80% of reported security incidents originate from endpoints (remote computing devices used by people), rather than the firewall or servers, according to CSO. 

IoT devices are hijacked the same way computers are, where the infected device is added to a botnet (a network of “zombie” computers that an attacker controls remotely to conduct scams and cyberattacks).

In fact, these devices are especially vulnerable because, unlike regular computer software, personal devices aren’t updated or patched regularly, even though they may be secure to start with. The lack of security features makes it easy for hackers to plant malware to launch brute force attacks, scan for open ports, or deploy DDoS attacks. Another concern is that 98% of the data transmitted by an IoT device is unencrypted, making it vulnerable to man-in-the-middle attacks—an eavesdropping methodology for gaining access to sensitive data.

3. Attacks on the Cloud Are (Mostly) Avoidable

3. Attacks on the Cloud Are (Mostly) Avoidable

Another byproduct of the pandemic, cloud-based attacks are on the rise as remote work becomes institutionalized. In fact, 53% of corporate data is stored in the cloud, with the rest residing in on-premise data centers. Cloud-based storage is inherently safer than on-site servers, however, security vulnerabilities are caused by the actions of individual users. IBM found that two-thirds of cloud attacks are simple mistakes with the configuration of apps, databases, and security policies–with the AWS outage in November 2021 being one of the most high-profile examples.    

Cloud computing provides shared computing resources–data storage, databases, and computing power–over the internet for very little cost. Cloud developers must deploy encryption algorithms to protect sensitive data from attacks. Data stored in the cloud is susceptible to loss, breach, or damage because of human error or application vulnerabilities. 

Data transiting from the cloud to the user is especially vulnerable because it must be transmitted through an API. APIs allow users to interact with cloud applications (an API is a software intermediary that allows two applications to exchange data). Authorization to API-accessible objects must be secured using an API gateway and authorization checks.

4. The Hacker-for-Hire Industry Is Booming

4. The Hacker-for-Hire Industry Is Booming

Hacker-for-hire services enable anyone to contract a hacker to execute a personal attack (eg: financial/legal sabotage or public defamation), change school grades by hacking into a school system and hack a website, computer, or phone. A common form of personal attack is to frame the victim as a buyer of child pornography. The industry recently gained public attention with the exposure of NSO Group, a billion-dollar Israeli company that sold hacking tools to governments around the world for over a decade. “In the last decade, the industry has grown from a novelty into a key instrument of power for nations around the world,” Patrick Howell O’Neill writes in the MIT Review. 

Yes, there are “white hat” or ethical hackers who perpetrate cyberattacks in a controlled environment with an organization’s permission in order to assess their cyber resiliency (also known as penetration testing), but hacker-for-hire services are anything but legal and are mostly found on the Dark Web. Hackers also offer DDoS services–making the device or network inaccessible to intended users. For example, they might deploy a network of infected devices to flood a website with traffic so others can’t access it. They can also gain access to people’s email and social media accounts in order to steal personal information.

5. The Talent Shortage Persists

5. The Talent Shortage Persists

According to CyberSeek, there are over half a million cybersecurity job openings in the US right now. Worldwide, the shortage amounts to about 2.72 million workers, according to a 2021 Cybersecurity Workforce study by (ISC)2. While the talent shortage has been decreasing slowly over the past two years—there were 4.19 million cybersecurity workers in the world in 2021, an increase of 700,000 from the year before—it’s not enough to keep up with demand. According to Tech Beacon, online job board Indeed.com saw a 14% increase in cybersecurity job postings from October 2020 to October 2021. 

Understaffing leads to systems being improperly configured and vulnerable to attack and makes organizations slow to patch critical systems. According to CyberSN, the pandemic appears to be contributing to an increase in resignations in the cybersecurity field. 

Since the beginning of the pandemic, resignations have increased 20% on the US East Coast and 18% on the West Coast. However, the limited talent pool isn’t just a matter of too few receiving cybersecurity training. Unfortunately, entry-level professionals with no prior IT experience are struggling to land their first role, according to Tech Beacon. Entry-level certifications like CompTIA Security+ or the CISSP will help newly minted cybersecurity analysts provide standardized proof of their skills to prospective employers.

6. The Great Resignation Increases Cybersecurity Risk

6. The Great Resignation Increases Cybersecurity Risk

A report by 1Password found that burned-out employees are a third less likely to follow their company’s security guidelines. The report also found that security professionals are twice as likely as other workers to report feeling burned out and doing the bare minimum. Security professionals are also 50% more likely to be actively looking for a new job. 

What’s more, waves of employees leaving at once can overwhelm IT and security teams, who must manage identity and access as they offboard employees and migrate important data from the user’s account to another company platform. This is a complex process, so companies will often continue paying for that user’s account instead of deactivating it. Research suggests that 72% of departing staff take some company data with them, leading to the risk of that data being improperly leaked.

7. The Regulatory Landscape Is Finally Catching Up

7. The Regulatory Landscape Is Finally Catching Up

New regulations in 2022 seek to expand privacy protections for consumers and make cybersecurity risk an integral part of financial reporting. Companies in some sectors are now required to report cyberattacks and must design their networks to conform with zero-trust principles (requiring all users within or outside of the organization’s network to be authenticated). 

Over $500 million from president Joe Biden’s Build Back Better agenda is earmarked for the Cybersecurity and Infrastrastructure Security Agency (CISA) to help state and local governments manage cyberattacks. 

We will likely see more states implementing something similar to the California Consumer Protection and Privacy Act (CCPA), inspired by Europe’s GDPR, which led to global scrutiny of consumer data privacy practices. These laws aim to give citizens control over their personal data, especially personally identifiable information (PII) such as your name, date of birth, and your social security and credit card numbers. The laws limit the types of data businesses can collect and how long they can retain the data, while also giving consumers the right to access their own data. 

Is cybersecurity the right career for you?

According to Cybersecurity Ventures, the cybersecurity industry is expected to have 3.5 million high-paying, unfilled jobs this year. With Springboard’s comprehensive Cyber Security Career Track, you’ll work 1:1 with an industry-mentor to learn key aspects of information technology, security software, security auditing, and finding and fixing malicious code. Learning units include subject-expert approved resources, application-based mini-projects, hands-on labs, and career-search related coursework.

The course will culminate in a multi-part capstone project that you can highlight on your resume for prospective employers or use to demonstrate your technical knowledge in your job interview. The learning materials will also help prepare you to pass the globally-recognized CompTIA Security+ certification so you stand out when applying for cybersecurity roles.

Learn more about Springboard’s Cyber Security Career Track here.

About Kindra Cooper

Kindra Cooper is a content writer at Springboard. She has worked as a journalist and content marketer in the US and Indonesia, covering everything from business and architecture to politics and the arts.