Get All Access for $5/mo

Cybersecurity Trends and Drivers in 2022 After a record-breaking year of cyberattacks, it's more vital than ever that business and organizations develop solid plans for prevention, detection and response.

By John Morris Edited by Matt Scanlon

Opinions expressed by Entrepreneur contributors are their own.

Last year came to a tumultuous end with the discovery of a serious vulnerability in Apache Log4j that can be exploited with minimal effort. It was also marked by the shutdown of the Colonial Pipeline due to a ransomware attack, and the realization that SolarWinds code was infected with malware that spread to thousands of customers and government agencies.

As bad as this sounds, it's likely to get worse. The profitability of cybercrime keeps growing — as does the sophistication of the attackers, who are often sponsored by nations with significant resources — and the organizations with the most to lose are often those without the resources or expertise to adequately protect themselves, such as medium-sized businesses, governments and healthcare providers.

So, what does 2022 have in store for us regarding cybersecurity, and what can we do to prepare?

Increased attack vectors

The proliferation of endpoints is opening up new avenues of attack. Endpoints include anything that communicates back and forth with a network. Laptops, tablets, smartphones and wearable devices are all susceptible endpoints, along with IoT devices like security cameras, connected home appliances, voice assistants and many other items that consumers and businesses might not consider vulnerable. What's worse, many of these use the same hardware to enable connectivity, so a vulnerability could have far-reaching effects. We are likely to see increasing attacks on IoT devices as a way to gain entry to networks, mine cryptocurrency or steal data. According to Threatpost, the first six months of 2021 saw more than 100 percent growth in cyberattacks against IoT devices, and this rate will only increase in 2022.

Related: Protect Your Business by Becoming a Cybersecurity Analyst

AI-related attacks

AI and machine learning systems are ripe for both being attacked and being used to conduct attacks. Many organizations use these technologies to crunch massive amounts of data (the prime target for most hackers), and the same capabilities that power speech recognition, autonomous vehicles and online shopping can massively scale automated cyberattacks.

We expect attacks on AI systems, which could take the form of subverting physical assets (such as drones and self-driving vehicles), to have disastrous results. There may also be increased use of such systems for political purposes, such as disseminating misinformation, invading privacy or sowing discord.

Increased adoption of zero-trust architecture

The days of "trust but verify" are over. In today's distributed work and cloud computing environments, the network no longer stops at the office walls… it's everywhere. "Zero trust" refers to the practice of authenticating, authorizing and continuously validating network users before giving them access to applications and data. Strong identity management, endpoint protection, encryption and continuous monitoring form the foundation of a zero-trust environment.

The pandemic introduced new opportunities for malicious actors to access networks as employees rapidly shifted to working from home and IT departments struggled to make network resources available outside the office walls. Adopting a zero-trust framework is a journey, and there is no single solution, but organizations must move quickly to implement access control policies, authentication and least-privileged environments that will protect valuable data assets.

Related: How to Protect Your Business From Cyber Attacks

Elevation of cybersecurity to the executive level

According to an October 2021 UncommonX report, 60% of midsize organizations reported suffering a ransomware attack over the course of the previous 18 months prior to its publication. The even more staggering finding was that even after these devastating attacks, 70% of these organizations had not prioritized cybersecurity, and only 35% had conducted a risk assessment in the past year. Additionally, many lacked a chief information security officer (CISO) or otherwise dedicated person whose responsibility is security/cybersecurity, even though phishing and ransomware attempts had been on the rise. As a result, IT bears most of the responsibility, even when they might not have the capability to effectively manage it.

Cybersecurity is a business decision at its core because it involves an assessment of risk and an investment in people and technology to mitigate that risk. For this reason alone, it should be elevated to the C-suite or board level as a strategic partner. Company leaders should be evaluating cybersecurity initiatives as they would other investments — asking if an incident or breach is worth the risk to business operations, reputation and customer trust? Some organizations may be willing to accept those risks, but the decision should be made at the highest levels and then supported with the appropriate level of investment.

Guarding against insider threat

The Great Resignation or "big quit" of 2021 has highlighted the fact that employees are fundamentally reassessing their jobs, levels of satisfaction and feelings about employers. Outgoing staff members can pose a high risk of insider threat because they already have access to sensitive data such as customer lists, trade secrets and financial information. They may also be more amenable to selling that information if approached, or to allowing unauthorized access to the network or premises.

Related: Identify and Stop Rogue Employees Before They Become a Security Threat

Moving forward

One of the best outcomes of 2021 being such a challenging year would be to see more organizations prepare for the inevitable. Many perhaps think that they aren't interesting enough to be hacked, or that their data wouldn't be valuable to anyone else. They don't realize that today's cybercriminals are highly opportunistic: If data isn't valuable enough to sell, it can be held for ransom because the business needs it to continue operations. So, with that in mind, every organization should be developing solid plans for prevention, detection and response.

John Morris

CEO of UncommonX

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

How to Be a Billionaire By 25, According to a College Dropout Turned CEO Worth $1.6 Billion

Austin Russell became the world's youngest self-made billionaire in 2020 at age 25.


Taylor Swift Has a Lucky Number. And She's Not the Only High Performer Who Leans Into Superstitions to Boost Confidence.

Even megastars like Swift need a little extra something to get them in the right mindset when it is game time.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


SEO Trends You Need to Be Aware of Right Now, According to a Seasoned Pro

Navigate the future of search engine optimization to elevate your online presence and drive meaningful engagement.

Health & Wellness

4 Habits I Cultivated to Become a Healthier, More Effective Entrepreneur

By the time I hit mid-life, some of my bad habits were becoming a risk to my long-term business goals — and my health. Here's how I was able to change them.


Guide Fellow Entrepreneurs to Success with an Exit Factor Franchise

Exit Factor franchisees play a vital role in the entrepreneurial community. As a business advisor, franchisees offer valuable guidance, solutions, and expertise to clients seeking to improve their business for a future exit.