Cybersecurity will continue to rapidly gain in both relevance and importance in 2022.
Our world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders.
Threat actors will focus attention, as never seen before, against technology supply-chains and all manner of national critical infrastructures such as banking, healthcare, government services, logistics, communications, and transportation. Most visibly, high-profile ransomware attacks will capture the bulk of media headlines, but more sophisticated strategic attacks will occur in stealth.
The cybersecurity industry will struggle with resources and agility in responding to new attacks, but consumers will begin to demand that products and services are trustworthy, fueling greater support by executives for cybersecurity programs that manage security, privacy, and safety.
Overall, 2022 will be a more difficult and trying year for cybersecurity than its predecessors.
The gloves are fully off. The National Critical Infrastructure (CI) sectors will be the main target for both cybercriminals and digitally capable nations. Attacks will blend across Operational Technology (OT) and Information Technology (IT) systems, making defense and response more difficult. Attacks will be designed to impact service delivery and defenses will be seriously tested across all sectors. In particular, the telecommunications, healthcare, government, energy, transportation, and water management systems will be targeted most. Many will fall victim to these acts, thereby impacting their downstream service customers. Attacking a single critical infrastructure supplier can disrupt the lives of millions.
I expect increased levels of critical infrastructure attacks will occur throughout the year, with a handful being spectacular in their scope and downstream effects. Crippling incidents will raise serious concerns from the public and government. Calls for better security will echo loudly, but the practical up-leveling of protections will remain challenging to achieve.
Cyberattacks are now everyone’s problem.
Law enforcement agencies around the globe continue to get better at pursuing cybercriminals for prosecution. In 2022 a new tactic will emerge, targeting the infrastructure, personal assets, and systems of the hackers. Many governments, including the U.S. in cooperation with their close allies, will leverage their military and intelligence branches to offensively begin hack-back operations. Essentially, hacking the hackers.
It will be a shock to many unprepared and loosely organized cybercrime gangs. However, this shift has been expected and is inherent to the nature of adversarial engagements. To professional criminals, being attacked is simply an occupational hazard, therefore not surprising and simply a practical matter to be addressed.
I predict the professionals will spend the first quarter or so, hardening their infrastructure, better securing their organization, preparing recovery options, and improving the stealth of their money transfer and laundering operations. They will get ready for the more hostile environment before returning to the field of battle. Definitely, by the second half of the year, we will see them back in force, manoeuvring around the more active government hunters. Expect the next generation of cybercriminals to better leverage automation and distributed resources, such as Ransomware-as-a-Service (RaaS), hijacked infrastructures, compromised technology suppliers, public blockchains, and cryptocurrency, making it more difficult for government attackers to severely disrupt their capabilities.
The overall success of cybercrime will attract a greater percentage of people joining the Internet to participate in entry-level positions. Those who are economically impoverished may be drawn to the profit potential of becoming a ransomware affiliate, online money mule, data harvester, malware distributor, or malicious social engineer. The greater pool of low-level expendable resources will add additional scalability and insulation from the inner core of the criminal organizations.
Cybersecurity will face growing legions of novice cyber attackers being educated, directed, and empowered by the more experienced criminal professionals who will share the staggering financial rewards.
Security and governments have failed to properly respond to the explosive rise of impacts due to ransomware. The attacks will only get worse, accelerating rapidly in scope, innovation, and damage by mid-year. The effectiveness of standard defenses, such as email filters and backups, begins to decline as attackers find ways to undermine those controls.
Critical Infrastructure will be a primary target. Well-organized attackers will also begin campaigns against carefully selected high-value targets. Regardless of how secure they may be, many will fall victim to the patient, methodical, relentless, and well-organized attacks.
The impacts of ransomware will grow at least 10x for 2022, possibly an order of magnitude more. By the end of the year, the government and many industries will be declaring cyber-attacks as a national emergency, a threat to democracy, and one of the highest priorities to address. Many of us will sadly look back and realize we did have the chance to crush ransomware starting in 2021 but chose to act in meager ways without strategic foresight or conviction. A severe price will be paid in 2022 and it will be our enemies who benefit and get stronger because of our inaction.
For years, law enforcement organizations have been investing in technology and training, putting them in a much better position in 2022. New tools, processes, and cross-border collaboration will result in many criminal cases being filed for actors around the globe.
The effectiveness of investigations will rise but not significantly undercut the overall damage by cybercriminals. Attackers' growth and impacts on victims will continue to outpace law enforcement efforts.
Expect to see some major cases and wins announced for the good guys. A short-term slowdown in the first part of the year will give way to criminals returning with better tactics, improved tools of their own, stronger infrastructures, and more distributed capabilities by the second half of 2022.
Overall losses for the year due to cybercrime will reach new highs.
Governments and nation-states will be committed to a full-blown digital arms race. Rulers will abandon any remaining apprehension and internally commit to leveraging cyber as a tool to influence foreign policy.
Militaries and their supporting defense industrial base, intelligence agencies, and diplomatic corps will augment their toolsets with new cyber capabilities to provide leaders with new defensive and offensive options. Highly skilled teams, advanced tools, and significant spending will support greater capabilities as mechanisms to push foreign policy and protect essential national capabilities.
Nations bring in significant financial and technical resources and offer political cover for those conducting offensive operations. Attacks will be initiated directly from government agencies and through external 3rd party vendors hired as cyber mercenaries.
These powerful organizations have the ability to conduct very expensive and complicated attacks, like the SolarWinds supply chain attacks of 2020/2021. These exploitations penetrate deeply and reach across a wide range of public and private victims at a scale never seen before.
National critical infrastructures, political activities, and powerful influencers in adversarial countries will be prime targets for compromise, manipulation, conveying veiled threats, or as exhibitions of power.
Cyber represents a much lower bar for entry and is an equalizing form of warfare. The importance of borders, industrial capacities, geographical distances, kinetic military might, and total defense budgets, are minimized. Every country can play in this game and most will want an advantageous seat at the table.
In 2022, cyber will be a brave new battlefield, where state coordinated attacks could undermine economic stability, sway the opinions of the masses, disrupt national infrastructures, and cripple the ability and morale to conduct military operations, destabilize governments, and manipulate political sovereignty. Most attacks will happen in covert ways, away from the public eye, similar to the cold war a generation ago. The public will hear more attribution of cyberattacks and finger-pointing speculation to other nations, but little definitive proof will be left as evidence.
2022 is the year hidden battles begin with cyber warfare between major nations and ideologies, opening the era of a cold cyber-war.
Governments who maintain control of power with fear, oppression, suppression of free speech, and constrain independent press, will fully embrace digital technology to monitor, control information dissemination, and manipulate citizens in 2022.
Offensive cyber operations will become a part of their domestic policy toolbox. Oppressive governments will prioritize the establishment of several capabilities to protect their positions of power, including identifying dissidents or disloyal citizens, controlling social media narratives by suppressing unflattering data and discussions about government practices and their rulers, and detecting potentially threatening topics that receive public attention.
In places where freedom, privacy, and liberty are already rare or dwindling, technology will be used in ruthless ways at scale, for controlling the flow of information, enabling widespread surveillance of citizens, and as a mechanism to target groups for persecution.
Artificial Intelligence (AI) use-cases are blossoming and being adopted across every digital domain, bringing tremendous efficiencies, automated scalability, and fostering new capabilities for unimaginable benefits. The great power of AI, specifically Machine Learning (ML) and Deep Learning (DL) tools, will be leveraged by cyber attackers and defenders in much more significant ways. A new arms race is brewing for 2022, with opposing forces working to leverage AI to undermine or enhance the security, privacy, and safety of digital systems.
AI will be applied offensively to undermine the security, privacy, and safety of targets. Attackers will use AI in large-scale operations for fraud, theft, social engineering, target-intelligence gathering, and the dynamic control of botnets. New AI innovations will work to undermine identity and trust of people.
Cybersecurity will respond to these amplified threats with AI-enhanced systems of their own, that will strive to keep pace at detecting, protecting, and recovering from attacks. This will expand on the current use of AI for rudimentary anomaly detection into entirely new branches for better efficiency and scalability of cybersecurity.
The AI arms race will become obvious to the cybersecurity community who find themselves dealing with the threats attacking at scale with automated intelligent weapons. Defenders will scramble to respond and invest sizable resources to maintain parity.
The most desirable AI security technologies will largely be developed in startups and sought for acquisition by established cybersecurity and technology companies, adding to the already feverish M&A activities in the industry. By the end of 2022, many important deals will be announced and it will signal the beginning of a buying spree to significantly augment digital protections with new features enabled by AI.
AI will be the new weapon for cybersecurity in 2022. New weapons introduced into battle, will always experience trials, blunders, invoke surprise, fear, and eventually, refinement to create powerful systems for both sides. The attackers, who maintain the initiative, will see the greatest benefit in the window of time it takes for defenders to respond with improved defenses.
AI, for all its amazement, will showcase how the manipulation and misuse of technology can harm as greatly as it can benefit. The use of AI will begin to shift the types of attacks, tools, and tactics that cyber attackers use at scale by the end of 2022.
Quantum hacking research begins to show results in 2022. Qubit rates of quantum computers, essentially their processing speed, are climbing to levels where they, in theory, can begin to chip away at the locks protecting data. Combined with optimized or potentially new algorithms, there are many encryption schemes at risk, mostly in the public/private communications and transactions space.
I expect some proof-of-concept work to surface next year that leverages quantum hardware with custom software to showcase how specific encryption schemes could be compromised at scale.
This early research, showing actual capabilities, will send a shudder down the spine of technology houses and governments. As a result, there will be a spur of activity to rush the finalization and implementation of new quantum resistance algorithms, hardened against such attacks.
Decisions on which standards to adopt are strategically important to the industry but the work to implement is where the most difficulty exists and the greatest investments are required.
Widespread attacks in the wild and transitions to better-hardened encryption standards in products are still more than a year away, as part of a much larger battle that will unfold across the next decade that will put the confidentiality of the world's digital data at risk.
Proof-of-Concept attacks against encryption with quantum systems is the next milestone that will fuel a shift in data protection standards and will eventually force fundamental changes to the infrastructure of the global digital ecosystem.
An explosive infusion of more money, value, and services in cryptocurrency will earn equally more attacks! Criminals, by their very nature, go where the money is. They will thrive in 2022 by riding the massive growth of value attached to cryptocurrency ecosystems.
The cryptocurrency industry is in its wild-west phase of insane growth and currently exceeds over $2 trillion in value, with little regulation or oversight. A massive land grab is taking place with innovation and droves of globally connected consumers are interested in exploring these new digital economic currencies, tools, services, and virtual worlds.
It is a criminal's paradise. The low bar of entry for fraud, frail and disjointed regulations, a notable absence of effective law enforcement, little accountability for actors, and a vast number of potential victims willing to invest in trivial ventures is the perfect environment for cyber criminals success.
2022 will be fraught with many more cryptocurrency frauds, rug-pulls, exchange hacks, pyramid schemes, account takeovers, asset thefts, money laundering, and other financial crimes perpetrated by cybercriminals. Expect numerous attacks and frauds, exceeding 3x of 2021 losses.
Cryptocurrency hacks are not new, but society has viewed the victimization of early-adopting technophiles as a consequence of their risk-seeking fringe behaviors. But as mainstream populations flood into crypto and begin to be victimized, the political fall-out will drive more visible demands for regulation and oversight.
Cryptocurrency is becoming more mainstream. As we enter 2022, it is estimated that 16% of Americans have used cryptocurrency, with a disproportional ratio of younger adults (18 to 29) being the most popular. Survey data also shows 32% of those who have never used crypto are interested and an incredible 68% of American millionaires own cryptocurrency. Financial institutions are receiving many requests for crypto-based solutions and investment mechanisms. Numerous countries have already enacted favorable regulations to embrace the use of digital currencies, such as Canada, Germany, Singapore, Dubai, Portugal, and many others, but the US is struggling to define clear laws.
Until regulation establishes a framework of rules and law enforcement evolves mature capabilities for investigation and prosecution, the attackers will run rampant. Only technologists and code currently stand in the way as static barriers that will not hold smart attackers at bay for long.
As the value of cryptocurrency increases, more attacks will occur totaling billions of dollars in losses. With the combination of easy victims, vast wealth, and a lack of policing to interdict attackers, 2022 will be a tremendously successful year for cybercriminals targeting cryptocurrency projects, users, and services.
The US government will invest and attempt to work more closely with the private sector, especially those organizations that control or support national critical infrastructure sectors. The Cybersecurity Infrastructure Security Agency (CISA) and partner organizations will step up to fill large gaps by building a runway for better data collection, public/private collaboration, and publishing recommended standards for industries to improve general security.
Although by the end of 2022 many newly forged public-private collaborations will be in place, most will be about data sharing to the government. It will be seen as an unbalanced partnership as these capabilities won’t be perceived as directly helping the majority of private sector participants. The shine will fade until the next phase where governments can show how they are quantitatively helping businesses proactively minimize their risks-of-loss.
Cybersecurity in 2022 will be confusing, frustrating, and yet be driven by a newfound sense of frenzied urgency. It will be a pivotal year as cybersecurity will once again remake itself to align with new expectations and rapidly evolving threats.
But the year will be different as consumers will feel tangible impacts for cyberattacks and begin to realize the importance of trustworthy technology. As security, privacy, and safety become a purchase criterion and topic of public discussion, providers of products and services will respond by improving the foundations of digital innovation.
The powerful economic incentives will significantly increase the resources for security but come with sky-high expectations. By comparison, looking back at 2021 it will seem easy to see what the cybersecurity industry will experience in 2022 and beyond.
The only easy day was yesterday.
“The only easy day was yesterday”, a motto taken from the military, will fit well with the cybersecurity professionals finding themselves in the thick of what 2022 will bring. The year will unfold with new challenges as levels of exuberance increase with equally ambiguous expectations, more funding but a lack of available resources, greater tools that are used just as proficiently (perhaps better) by attackers, and bigger threats with seemingly unlimited budgets searching for vulnerabilities and crafting professional exploits in record time.
It will take a collaborative effort for all entities participating in the global digital ecosystem to make significant progress. Every government agency, company, and consumer must play a role to improve cybersecurity and reduce victimization. Demanding trust in digital technology is the first step we must take to endure 2022.
Only one thing is for certain in 2022, we are all at risk.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.