7 top trends in cybersecurity for 2022

Cybersecurity has become a critical priority for businesses as they now navigate current threats in 2022. Many trends in cybersecurity are emerging as companies continue to make adjustments due to the threat landscape. The stakes could not be higher as new threats continue to develop and existing vulnerabilities and compromise techniques continue to be used. So what trends are developing in cybersecurity in 2022?

Threats are more sophisticated and dangerous than ever

In a world where ransomware can shut down business-critical environments for days, and double-extortion threats are the new normal, organizations have everything to lose if they take a lax stand on their cybersecurity posture. In addition, attackers now operate in sophisticated groups that function as businesses, with their own marketing teams and development staff. It may seem ludicrous, but this is the world of cybersecurity we live in today.

What’s more, today’s organizations are using more technologies than ever before. As a result, the sheer attack surface area is vast, with the technology footprint extending from on-premises environments to the public cloud. With  this being known about the technology landscape today, cybersecurity trends are developing. Let’s detail the following:

  1. Defense against compromised credentials
  2. Increasing hybrid workforce security
  3. Protecting against supply chain attacks
  4. Governments will become more involved
  5. More cloud security
  6. Container and Kubernetes security
  7. More critical infrastructure attacks

1. Defense against compromised credentials

Time after time, breached credentials are the culprit behind the massive system and data breaches that leave organizations paying millions in ransom demands and leaving customer confidence and business reputation in shambles. Protecting identity and access management systems against compromised credentials is a top priority. Many organizations are federating their on-premises Active Directory environments with cloud SSO resources. If on-premises Active Directory accounts become compromised, it automatically places on-premises and any federated accounts at risk.

According to the IBM Cost of a Data Breach Report 2021, compromised credentials were the most common initial attack vector and took the longest to discover. Organizations must protect their Active Directory infrastructure from weak and compromised passwords and other risks as these are increasingly becoming the source of major attacks and data breaches worldwide.

2. Increasing hybrid workforce security

Organizations worldwide have largely shifted to a hybrid workforce, allowing employees to work from anywhere and from a wide range of devices. While this has extended the flexibility of the modern workforce, it has also introduced many cybersecurity risks. As employees are no longer located in the confines and behind the more robust protections of corporate firewalls and other cybersecurity protections, it becomes much easier for an attacker to compromise end-users using BYOD devices and located on home networks.

Businesses have had to rethink their strategies for the anywhere workspace where everywhere is the edge. It requires a multi-layered approach of zero-trust technologies enforcing least privilege best practices and protecting business-critical data.

3. Protecting against supply chain attacks

The Solarwinds attack helps to emphasize the danger and level of sophistication needed to pull off such a far-reaching attack. Effective supply chain attacks are challenging to pull off and are not as common as other forms of attack that may be a quicker win. However, the attack on Solarwinds helps illustrate just how dangerous, hard to detect, and damaging such an attack can be. In late 2022, it was disclosed the U.S. Treasury was breached by the Russian attack group Cozy Bear, the same group that had targeted FireEye. It was learned that SolarWinds was a common factor in both breaches. Attackers were able to deploy malware as legitimate updates from Solarwinds as part of their Orion NMS system. A valid digital certificate signed the malware, which corroborates this was indeed a supply chain attack.

In 2022 and beyond, organizations have to take more drastic measures to help protect against supply chain attacks. As demonstrated by the SolarWinds attack, attackers can infiltrate very high-level applications and trusted solutions even if it is difficult to do. No software or solution should be inherently trusted simply due to the vendor or how long the solution has been around.

4. Governments will become more involved

Gartner predicted that the percentage of states passing legislation to regulate ransomware payments, fines, and negotiations will rise to 30% by 2025. The United States has already passed legislation to help improve the nation’s cybersecurity posture and protect businesses from the threat posed by ransomware. US legislation also helps to remove barriers to sharing threat information.

Undoubtedly, as nations continue to cope with the fallout of ransomware attacks, there will be more government involvement to help with this cybersecurity threat.

5. More cloud security

Today it would be hard to find a business that does not have a presence in the cloud to some degree. Most organizations are housing some of their business-critical infrastructure in the cloud. Attackers are increasingly targeting cloud environments as they realize more critical data for compromise exists in cloud environments.

Not long ago, the first malware in AWS Lambda was discovered. The malware was discovered as a Linux 64-bit ELF executable using third-party libraries that make use of compromised accounts. It helps to illustrate attackers will increasingly use malware and other attacks that specifically target cloud environments.

Cybersecurity trends in 2022 and beyond will include more protective measures and technology solutions to help protect critical cloud services and data, as these will be targeted for years to come.

6. Containers and Kubernetes security

More organizations than ever are modernizing their applications using containerized workloads orchestrated by Kubernetes. However, while containers and Kubernetes are maturing, security for these environments is not well understood in the enterprise. As a result, attackers are increasingly targeting containerized workloads running in Kubernetes environments, specifically the data attached.

A recent survey found that 89% of respondents said Kubernetes ransomware is a problem, yet only 33% of those feel they have the protections in place to guard against it. Current cybersecurity trends include securing modern containerized applications running in Kubernetes from the threat of ransomware and other types of compromise.

7. More critical infrastructure attacks

As shown by the attack on Colonial Pipeline, ransomware and other attacks can have a real-world impact on human lives. The Colonial Pipeline attack led to fuel shortages for millions and everyday life disrupted for weeks. It helps to emphasize the real-world fallout of a ransomware or other cyberattack on critical infrastructure.

Gartner recently predicted that by 2025, threat actors would have weaponized operational technology environments to cause human casualties, which is a scary thought. So undoubtedly, a cybersecurity trend will include increased attacks on critical infrastructure and counter-protective measures to help protect against such attacks.

Bolstering cybersecurity posture

A continual trend seen now in 2022 is organizations must continue to bolster their cybersecurity posture. Cybersecurity has been likened to the layers of an onion where businesses need to implement the protective measures needed to increase their defensive strategies and do this proactively. However, there is usually low-hanging fruit that can drastically improve an organization’s security posture.

One of the common themes among many breaches is compromised credentials. As mentioned earlier, Active Directory is often used to federate access to other third-party cloud services. So, if Active Directory credentials are compromised, all connected services and SSO credentials are exposed. Specops Password Policy helps organizations take control of credentials in their Active Directory environments.

It allows businesses to:

  • Effectively enforce compliance requirements
  • Implement breached password protection
  • Help users create stronger passwords
  • Extend the functionality of the existing Group Policy infrastructure
  • Prevent the use of billions of breached passwords
  • Real-time dynamic feedback at password change
  • Passphrase support
  • Length-based password expiration
  • Regular expression-based password filtering
  • Proactively find and remove breached passwords in your Active Directory environment
Specops Password Policy Breached Password Protection Interface.
Specops Breached Password Protection effectively blocks compromised passwords

Learn more about Specops Breached Password Protection and sign up for a free trial version here: Active Directory Password Filter – Specops Password Policy.

(Last updated on September 7, 2022)

brandon lee

Written by

Brandon Lee

Brandon Lee has been in the industry 20+ years, is a prolific blogger focusing on networking, virtualization, storage, security & cloud, and contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Back to Blog