Where do we go from here?
As we head into 2022, the nation and the world ponder that question on topics ranging from the spread of the omicron coronavirus variant to new job prospects to the rise of inflation and interest rates to when international travel will return to pre-pandemic levels.
And in the midst of our accelerating digital transformation that has redesigned government and business processes over the past two years with remote work and more, the vast number of online trends, cyber forecasts, and security predictions are growing in breadth and depth more than ever before.
As I predicted back in early 2016 (see the end of this article on how to benefit from security predictions): “The more the security and technology industries grow, the more predictions we will have. From the Internet of Things, to new technologies to robots to self-driving cars, do you really think we will be talking about security and privacy less in 2020? I don’t.”
Indeed, this continues to be true as we enter 2022. There is tremendous professional value in reviewing these security prediction reports, and the companies that best articulate our future digital problems are also the best equipped to offer valuable solutions. With cybersecurity concerns again topping the list of CIO concerns for 2022, there has never been a more important set of cyber insights to digest in order to equip technology pros to fight the cyber battles ahead in the new year.
Still, many companies are renaming these reports without the traditional “predictions” or “forecasts.” White papers and annual reports are often using phrases like “trends,” “findings,” “recommended solutions,” “actions required,” “themes” or other words that still point to their desire to describe what has happened, what is coming next and what needs to be done now to prepare for 2022 and beyond.
Last December in “The Top 21 Security Predictions For 2021,” I noted the following summary of expected trends for 2021:
- There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.
- The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
- More growth in the security industry. Our numbers of new products and new mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
- Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
- Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
- Tons of high-profile IoT hacks, some of which will make headline news.
- Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.
- Lots of 5G vulnerabilities will become headline news as the technology grows.
- Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.
So how did we do? In most respects, this list of cyber industry predictions proved to be very accurate. If any faults were to be found, the predictions understated the attacks on critical infrastructure — and the government response afterwards. Both of those items show up in this year’s predictions.
Last week, I released my roundup of the top 2021 cybersecurity stories, with ransomware crippling critical infrastructure at the top of the list.
This year we again see many familiar themes, with cyber threats around working from home, supply chain, new ransomware, mobile threats, and new twists on cloud threats spread throughout the report. We again see forecasts of more government compliance rules, 5G challenges, APTs, deepfakes getting really dangerous, privacy concerns, and another year of healthy growth in technology and cyber companies.
New focuses this year cover:…
Protection of critical cyber systems: Canada introduces new legislation under Bill C-26
On June 14, 2022 the Government of Canada introduced Bill C-26, An Act Respecting Cyber Se…