Cybersecurity Trends and Drivers in 2022 After a record-breaking year of cyberattacks, it's more vital than ever that business and organizations develop solid plans for prevention, detection and response.

By John Morris

Opinions expressed by Entrepreneur contributors are their own.

Last year came to a tumultuous end with the discovery of a serious vulnerability in Apache Log4j that can be exploited with minimal effort. It was also marked by the shutdown of the Colonial Pipeline due to a ransomware attack, and the realization that SolarWinds code was infected with malware that spread to thousands of customers and government agencies.

As bad as this sounds, it's likely to get worse. The profitability of cybercrime keeps growing — as does the sophistication of the attackers, who are often sponsored by nations with significant resources — and the organizations with the most to lose are often those without the resources or expertise to adequately protect themselves, such as medium-sized businesses, governments and healthcare providers.

So, what does 2022 have in store for us regarding cybersecurity, and what can we do to prepare?

Increased attack vectors

The proliferation of endpoints is opening up new avenues of attack. Endpoints include anything that communicates back and forth with a network. Laptops, tablets, smartphones and wearable devices are all susceptible endpoints, along with IoT devices like security cameras, connected home appliances, voice assistants and many other items that consumers and businesses might not consider vulnerable. What's worse, many of these use the same hardware to enable connectivity, so a vulnerability could have far-reaching effects. We are likely to see increasing attacks on IoT devices as a way to gain entry to networks, mine cryptocurrency or steal data. According to Threatpost, the first six months of 2021 saw more than 100 percent growth in cyberattacks against IoT devices, and this rate will only increase in 2022.

Related: Protect Your Business by Becoming a Cybersecurity Analyst

AI-related attacks

AI and machine learning systems are ripe for both being attacked and being used to conduct attacks. Many organizations use these technologies to crunch massive amounts of data (the prime target for most hackers), and the same capabilities that power speech recognition, autonomous vehicles and online shopping can massively scale automated cyberattacks.

We expect attacks on AI systems, which could take the form of subverting physical assets (such as drones and self-driving vehicles), to have disastrous results. There may also be increased use of such systems for political purposes, such as disseminating misinformation, invading privacy or sowing discord.

Increased adoption of zero-trust architecture

The days of "trust but verify" are over. In today's distributed work and cloud computing environments, the network no longer stops at the office walls… it's everywhere. "Zero trust" refers to the practice of authenticating, authorizing and continuously validating network users before giving them access to applications and data. Strong identity management, endpoint protection, encryption and continuous monitoring form the foundation of a zero-trust environment.

The pandemic introduced new opportunities for malicious actors to access networks as employees rapidly shifted to working from home and IT departments struggled to make network resources available outside the office walls. Adopting a zero-trust framework is a journey, and there is no single solution, but organizations must move quickly to implement access control policies, authentication and least-privileged environments that will protect valuable data assets.

Related: How to Protect Your Business From Cyber Attacks

Elevation of cybersecurity to the executive level

According to an October 2021 UncommonX report, 60% of midsize organizations reported suffering a ransomware attack over the course of the previous 18 months prior to its publication. The even more staggering finding was that even after these devastating attacks, 70% of these organizations had not prioritized cybersecurity, and only 35% had conducted a risk assessment in the past year. Additionally, many lacked a chief information security officer (CISO) or otherwise dedicated person whose responsibility is security/cybersecurity, even though phishing and ransomware attempts had been on the rise. As a result, IT bears most of the responsibility, even when they might not have the capability to effectively manage it.

Cybersecurity is a business decision at its core because it involves an assessment of risk and an investment in people and technology to mitigate that risk. For this reason alone, it should be elevated to the C-suite or board level as a strategic partner. Company leaders should be evaluating cybersecurity initiatives as they would other investments — asking if an incident or breach is worth the risk to business operations, reputation and customer trust? Some organizations may be willing to accept those risks, but the decision should be made at the highest levels and then supported with the appropriate level of investment.

Guarding against insider threat

The Great Resignation or "big quit" of 2021 has highlighted the fact that employees are fundamentally reassessing their jobs, levels of satisfaction and feelings about employers. Outgoing staff members can pose a high risk of insider threat because they already have access to sensitive data such as customer lists, trade secrets and financial information. They may also be more amenable to selling that information if approached, or to allowing unauthorized access to the network or premises.

Related: Identify and Stop Rogue Employees Before They Become a Security Threat

Moving forward

One of the best outcomes of 2021 being such a challenging year would be to see more organizations prepare for the inevitable. Many perhaps think that they aren't interesting enough to be hacked, or that their data wouldn't be valuable to anyone else. They don't realize that today's cybercriminals are highly opportunistic: If data isn't valuable enough to sell, it can be held for ransom because the business needs it to continue operations. So, with that in mind, every organization should be developing solid plans for prevention, detection and response.

Wavy Line
John Morris

Entrepreneur Leadership Network Contributor

CEO of UncommonX

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
Lock
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
Lock
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Growing a Business

My Startup Scored a Multimillion-Dollar Contract With a Fortune 100 Client in Just 3 Years. Here's What We Learned.

There's no perfect litmus test to gauge if you're ready to go after big business or not — but if you don't take the risk, you'll never realize the reward.

Business News

The Virgin Islands Want to Serve Elon Musk a Subpoena, But They Can't Find Him

Government officials would like to talk to Tesla's owner as part of an investigation into the Jeffrey Epstein case.

Marketing

5 Questions to Ask a PR Pro Before Hiring Them

You probably haven't considered asking these questions, but they're a great way to find the right PR firm for your business.

Side Hustle

A Simple Household Chore Turned Into a Side Hustle — Now She Earns Up to $24,000 Per Month

Christian Sanya, 44, was working as a medical laboratory technologist in 2019 when she discovered a side gig that would change her life.

Marketing

This Location-Based Marketing Technique Is the Key to Boosting Retail Sales

Let's take an in-depth look at geofencing marketing and how it's helping retail locations drive foot traffic and boost sales.