This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.
Cody Cornell, Co-Founder and Chief Strategy Officer
Organizations will Increasingly Adopt Low-Code Security Automation
In 2022, automation will grow beyond the Security Operations Center (SOC) to serve as a system of record for the entire security organization. As companies struggle to adequately staff security teams--and fallout from ‘The Great Resignation’ adds additional stress across the organization-- automation will help employees overcome process and data fatigue. Companies will seek to use low-code automation to harness the collective knowledge of their entire security organization and form a centralized system of record for operational data.
Nick Tausek, Security Solutions Architect
Attacks on Companies for Social Justice will Increase by a Double-Digit Percentage
This year we have seen an increase in both internal and external actors breaching companies such as Epic and Twitch for “ethical” reasons versus purely financial intentions. In 2022, there will be a significant increase in hacking for a political or social cause. Most organizations in this position will fail to adequately respond to the threat of exposure by focusing only on “clamping down” internally to prevent leakage rather than addressing problematic business cultures that make employees want to go rogue.
The Federal Government Will Fail to Begin Regulating Social Media Companies Ahead of the Midterm Elections
Facebook whistleblower Frances Haugen’s testimony before Congress in October cast a spotlight on the need for social media regulations. Many see the latest allegations of widespread negligence as the final straw. Social media companies like Facebook that carry large fractions of the world’s communications, from personal messaging to business traffic, can no longer be trusted to self-regulate. The need for greater transparency into social media companies’ moderation practices has been clearly highlighted to Congress and the general public. There needs to be insurance that they are not being influenced by entities hostile to the United States, such as when Facebook sold political ads to accounts that paid in Russian rubles leading up to the 2016 election. Although numerous pieces of legislation will be proposed in the House and Senate after the conversation was reignited, the flame will quickly die out in 2022 as political gridlock keeps Congress from officially taking the oversight process into their own hands to curb disinformation tactics. This will have the effect of further sowing distrust, anti-vaccine information, and social discord, as misinformation and disinformation run rampant on the most popular platforms.
Josh Rickard, Security Solutions Architect
A Large-Scale Software Supply Chain Attack will Take Down a Major Cloud Computing Service
As organizations add more third-party SaaS and IaaS providers to their technology stack, the impact of cyberattacks on centralized cloud services will have a broader impact. In 2022, we will see cybercriminals take advantage of misconfigured SaaS APIs to exploit private data at an unprecedented scale. This will lead to a large distribution of core software code becoming compromised and impacting thousands of organizations across the globe.
The Average Ransomware Payout will Double as Ransomware as a Service (RaaS) Proliferates
Over the last several years, we have seen ransomware groups such as DarkSide and REvil successfully franchise their ransomware services to attackers. Similar to how cybercriminals have developed phishing kits to launch attacks with minimal effort, ransomware groups will seek to grow the RaaS ecosystem and improve infrastructure. In 2022, this will make it even easier to deploy ransomware attacks and will lead to a rise in more sophisticated attacks such as double extortion.