Main menu


7 Cybersecurity Predictions for 2022 - A Changing World and Crime

7 Cybersecurity Predictions for 2022 - A Changing World and Crime

7 Cybersecurity Predictions for 2022 - A Changing World and Crime

As 2021 draws to a close, we see a world changed by COVID-19, new business models that require a shift to remote and hybrid work. And ruthless cybercriminals continue to target the cracks in our increasingly digital society.

Looking ahead to 2022, KPMG makes the following seven predictions for cybersecurity:

1.Cybersecurity: Ransomware epidemic calls for a strategic response

Ransomware has become “endemic” rather than transient, and criminal gangs are becoming more sophisticated in their extortion tactics, including encrypting systems, destroying online backups, and threatening data disclosure. . Governments view cybercrime as a national security threat, with regulators sanctioning criminal groups and requiring banks to track and report ransomware payments. Insurers are also looking to de-risk their portfolios given the rising cost of paying ransoms.

In 2022, it is predicted that there will be more cases of ransomware-related criminal groups exploiting vulnerabilities in supply chains and cloud services. It will also make the national security community more active in destroying and disrupting infrastructure used by criminal gangs. This includes tracking and blocking the use of cryptocurrencies to make or receive payments. The debate over whether ransom payments should be made illegal will continue, with complaints about states harboring criminal gangs.

2.Cybersecurity:  A digital world that fails in unexpected ways

The impact of ransomware on organizations has also captured the attention of corporate boards and sparked a broader debate about operational resilience. Organizations will have to realize they need to prepare for the worst and be more realistic about how they would respond in the event of a major ransomware attack. In 2022, we will hear the word “resilience” often, and it is predicted that attention will also be focused on response and recovery.

In Europe, the Digital Operational Resilience Act and the Network Information Systems Directive version 2 have come into force, requiring regulators to focus on the resilience of digital infrastructure and system risks due to interdependence. will be paying attention. Digital infrastructure will also fail in unexpected ways, exposing unintended connections between systems.

3.Cybersecurity:  Geopolitical tensions unfolding in cyberspace

The world is complex, with many political tensions and biases. Political tensions and biases will play out in cyberspace as nations gain control over “their” cyberspace, the information that flows through it, and even the ways in which opinions are expressed.

In 2022, these problems will be in full swing. Privacy legislation will be enacted, forming a complex global web of regulations and extraterritorial obligations. Debate continues as to liability, class action lawsuits and class action lawsuits. As the economic impact of COVID-19 recedes, regulators will lose leniency, and headline (huge) fines will be imposed.

Political issues will lead nations to launch cyberattacks more aggressively, and virtual conflicts will spill over into the real world related to diplomacy and trade.

4.Cybersecurity: Security changes in hybrid work

The shift to cloud services is accelerating as hybrid work, which combines working at the office and working from home, becomes more established. This change has created a radically different IT landscape with telecommuting, bring your own devices, split tunneling of traffic, and DevOps processes. Traditional security models are becoming obsolete, with buzz around Zero Trust, Cloud Access Security Brokers (CASB) and Secure Access Service Edges (SASE).

2022 is predicted to be the year when the debate shifts from theoretical to practical. Some companies may find that their existing security models no longer fit the new environment, leaving them increasingly vulnerable. Transforming security models will require new skills, new solutions, new vendor relationships, and will create winners and losers among cybersecurity companies.

5.Cybersecurity:  Supply Chain Security Growing in Importance

“Third-party assurance” is often trivialized to things like compliance activities, even though most of the IT environment today resides outside corporate premises and data centers. With the spread of SaaS, PaaS, and IaaS, the IT environment has changed dramatically. In 2021, two supply chain attacks occurred and attracted social attention. More attacks are expected in 2022, with organized crime recognizing that supply chain attacks can affect thousands of people.

Managed service providers and cloud providers will come to be seen as part of critical digital infrastructure and will receive increased regulatory attention. Third-party risk scoring services will continue to mature, but still provide an incomplete and partial picture of risk. There will also be more discussion about containerization to limit the impact of compromised software and services. In 2022, the whole third-party risk space will receive more attention.

6.Cybersecurity:  Race against time more than ever

The time required for a cyberattack is shrinking rapidly. Actively leveraging ransomware and automated tools that kick in just days after the initial compromise, attackers are speeding up their attacks on compromised systems. Cyber ​​defense is also exploring the use of SOAR (security orchestration and automated response) while suffering from the complexity of IT environments and over-detection of security events.

By 2022, SOAR, which was an auxiliary tool for efficiency, will be positioned as an essential and important countermeasure against rapidly changing threats. Responses to incidents need to be expanded not only within the company but also across the industry. Active defense programs piloted in the public sector will disrupt criminal infrastructure by extending the umbrella of protection over critical private sector infrastructure.

7.Cybersecurity:  New technology, new regulatory challenges

2022 is expected to see the introduction of the first regulations on the use of artificial intelligence and machine learning systems. It also includes prohibiting extreme uses of AI, such as manipulating human behavior, controlling risky applications, or interacting directly with people. Robotics, autonomous systems, embedded systems, and even deepfakes, the relationship between technology and society is becoming more and more complex.