The Business Impact of Cybersecurity in 2022

experts’ predictions

Across the Threat Landscape

Get started

read the Gartner market guide

Here are some insightful and actionable perspectives on this very topic from Secureworks and other industry experts. Read on!

Your success as a cybersecurity professional depends on much more than just a technical understanding of cyberthreats and the countermeasures needed to thwart them. You also need to understand how cybersecurity itself can best operate as a collective of resources—human and otherwise—within the larger context of the organization you serve.

ransomware and business email

compromise remained major threats.

read the Gartner market guide

Cyber Insurance

read the Gartner market guide

Cloud

Ransomware

State Activity

Cyber Crime

Download Gartner Market Guide for MDR

Gartner predicts that 50% of organizations will be using MDR services for threat monitoring, detection and response by 2025. To learn more on this last prediction, download Gartner’s Market Guide for Managed Detection and Response.

Ken Deitz Chief Information Security Officer, Secureworks

The Virtual SOC is Here to Stay

In 2022, we will not see the return to on-site SOCs. Instead, we will see an increase in a hybrid model where several services will be outsourced (threat detection, threat hunting, incident response) and others will remain controlled internally but through remote workers. The physical walls of the SOC have permanently been taken down.

Steve Fulton Chief Product Officer, Secureworks

XDR Takes Center Stage

In 2022, XDR software sales will increase, taking security budget from SIEM, endpoint, and SOAR budgets.

Kyle Falkenhagen VP, Product, Secureworks

Year of Integration & Consolidation

With the shortages of security experts still rising, organizations will continue to look to consolidate vendors. Organizations want comprehensive Managed Detection and Response solutions that include both technology and services to meet their needs with the highest ROI possible.

Nash Borges VP, Engineering and Data Science, Secureworks

AI Alone Won't be Enough for Cybersecurity in 2022

Machine learning – an important subset of artificial intelligence, or AI – is increasingly relied upon to prevent and detect advanced threats. It does so at speed and scale beyond the reach of unaided human operators. But it can’t be your only cybersecurity strategy in 2022. When you're searching for important needles in immense haystacks, your most powerful defense will come from the pairing of AI with the best of human intuition. Cybersecurity in 2022 means defending your attack surface with managed detection and response, red teaming, threat hunting, and incident response approaches that combine AI with the best available human intelligence.

Pierre-David Oriol Senior Director, Product Management, Vulnerability Detection and Response, Secureworks

Risk-based Vulnerability Management Will Take Lead

Spending will increase in the area of vulnerability management – but compliance will be less of the driver. Instead, organizations will invest more in risk-based modeling and prioritization solutions so they can talk to the boards and executive teams about the level of risk one is willing to consume vs. the relative cost of putting risk mitigation plans in place.

Lisa Washburn Senior Director, Product Management, Secureworks

The Cyber-Skills Gap Will Grow Wider in 2022

Continued cyberattacks reaching further down-market into targets of opportunity – of all sizes and across every industry – will exacerbate the already yawning cyber-skills gap. This will lead to increased recruitment and turnover in the ranks of security defenders as scarce talent is sought out in the marketplace by an increasing number of buyers across all sectors.

David Bushell Senior Director, IT, Secureworks

Patch or Be Punished

Organizations will fail to patch their systems in a timely manner and consequently will be compromised. This will be particularly profound in smaller organizations that lack the staff and expertise to properly manage patching, configuration, and policy changes as well as overall remediation. As a result, there will be increased demand for systems that prioritize, automate, track, and verify remediation activities among service companies that work with smaller organizations. Log4j is just the latest example of the level of disruption and risk a vulnerability can deliver as we close out 2021.

Stacy Leidwinger VP, Portfolio Marketing, Secureworks

ITOps & SecOps Combine Powers

IT Operations and Security Operations synergies will increase in 2022. We’ll see rising demand for solutions that span both functions, and security vendors will include both IT and Security in their roadmaps, such as detection and enumeration of the attack surface, and deep telemetry from discovered assets with IT and Security insights.

Shahid Shah Co-Founder, Citus Health

The Race to Secure a Distributed Workforce Intensifies

As the need for remote and hybrid ways of working continues, challenges in securing work from home and remote work sites will grow.

Diana Kelley CTO & Co-Founder, SecurityCurve

Devsec Will Remain Essential and Challenging for Most Companies

Even if you're not building software from the ground up, at this point almost every company is writing some kind of custom scripts and coding to build and customize workflows. A leader needs to manage this function across the entire organization while also overseeing the secure SDLC (software development lifecycle) and governing the use of libraries, plug-ins, and other 3rd party components through a robust SCA (software composition analysis) and ALM (application lifecycle management) program.

David Chou Chief Information Officer, Harris Health

Rise in Managed Services for Cybersecurity

There will be an emphasis on utilizing more managed services for cyber monitoring especially as organizations transition to work from anywhere. The internal capabilities for organizations to develop the cyber skillset is a huge hurdle.

Tim Crawford Chief Information Officer & Strategic Advisor, AVOA

Increased Cybersecurity Visibility in the C-Suite

Historically, cybersecurity has not been a normalized subject of discussion. Moving forward, I expect cybersecurity to become a regular topic across the c-suite and during discussions about business operations and customer engagement.

David Chou Chief Information Officer, Harris Health

Adaptive Security Will Be the Key

Every security tool will incorporate AI to learn about the organization's environment to adapt their security responses.

Shahid Shah Co-Founder, Citus Health

Supply Chain Attacks Will Increase

The level of dependency that most organizations now have on heavily integrated third-party applications means that we will see more supply chain attacks that leverage third-party code, and in doing so bypass perimeter-based defenses.

Secureworks’ Counter Threat Unit analyzed a combination of 1,400+ incident response engagements, trillions of event logs from customer telemetry, and monitored 300+ threat groups to bring you the “2021 State of the Threat” report.

DOWNLOAD 2021 State of the threat REPORT

download full report

The past year has seen mixture of change and stasis in the threat landscape. TTPs evolved but ransomware and business email compromise remained major threats. The coming year will see continued evolution and new developments.

Find out what Secureworks threat intelligence experts predict will change and what will remain the same as we bring 2022 into focus…

Threat Actors Choose Speed Over Stealth

As it becomes more challenging to move through compromised environments without detection, adversaries will increasingly choose speed over stealth. Because of this, the time domain will become more and more important for defenders.

Business Email Compromise Will Remain a Serious Threat

Ransomware will continue to get all the headlines, while in the background BEC attacks will continue to lead to large single-loss events that are both easier and faster to conduct.

Common Security Gaps Remain Threat Actor Magnets

Keeping good cyber hygiene will be more important than ever. Cybercriminals will continue to leverage common security issues to compromise their targets wherever they can, in preference to using complex zero-day vulnerabilities. Prime examples of such issues include lack of MFA, compromised credentials, and services such as RDP exposed to the internet.

On-Premises Attacks Will Not Disappear as Hybrid Cloud is Embraced

The security of cloud-based resources will become increasingly important for organizations, although many network intrusions will continue to have a on-premises component to them.

Cloud Misconfigurations Will Add Risk

We’ll see an increase in cloud-based attacks due to the 'assumed security' of these platforms. Organizations will deploy new applications and infrastructure to the cloud where possible and spend less time understanding the particulars of their environment. However, while cloud-based technologies, such as containers, make deployment easier, they also introduce additional risk. I think we'll see more attacks due to misconfigurations (exposed data, "We didn't know that was internet facing," etc.), vulnerabilities, and a lack of adequate controls on these platforms.

We’ve seen ransomware evolve from encryption to exfiltration and exposure. As organizations prioritize risk mitigation, threat actors will advance their modus operandi and find the latest, most effective way to disrupt business by making the decision of ‘to pay or not to pay’ much more relevant again. Actors will start to target data integrity – modifying information in such a way that the time, effort, funds, and resource needed to assess, remediate, and recover will far outweigh the cost of extortion. Payment in these circumstances could significantly improve the survivability of an organization, and, therefore, becomes the perfect leverage for the adversary.

Data Integrity Gets a Long-Awaited Seat at the Table

Ransomware threat actors have realized that not all publicity is good publicity. Some will avoid targeting critical infrastructure operators and other organizations in politically sensitive verticals for fear of retribution from law enforcement and intelligence agencies. That will create challenges for these groups around tighter control of their affiliates. In contrast, other less established criminals may deliberately focus on those sensitive targets as a way of growing their own brand and filling a perceived gap in the ransomware market.

Ransomware Operators Will Change Tactics to Avoid Law Enforcement Consequences

Law enforcement will adopt increasingly aggressive techniques in their ongoing efforts to disrupt the ransomware ecosystem, or the ecosystems (e.g., cryptocurrency) it relies on. This will begin to impact cybercriminals’ ability to operate freely, although it will not deter the more capable (and more damaging) ransomware groups.

Crackdown on Ransomware Becomes More Aggressive

Threat actors will increasingly use DDoS attacks to augment ransomware attacks. DDoS attacks alone do not provide threat actors with a good return on investment, given organizations’ normal ability to withstand these attacks or minimize their impact. As an additional extortion technique against victims already struggling with ransomware, their impact is magnified.

DDoS Attacks Used to Augment Ransomware Attacks

There will be a rise in the number of intrusions where threat actors exfiltrate data without utilising ransomware to encrypt hosts, believing that holding the confidentiality of data hostage against the pressure of regulatory fines will negate the need for ransomware. Objectively it's faster and simpler for adversaries to execute and doesn't require them to give a cut to the ransomware operators. How widespread this becomes will depend on whether initial experiences prove as lucrative as traditional ransomware-based intrusions.

Number of ‘Ransomware-less’ Attacks Will Grow

Overt Blame Will Bolster Covert Deterrence

The U.S. and other Western states will become increasingly assertive in attributing hostile state cyber activity, coupled with more covert deterrence operations.

Espionage Remains Key Driver

Hostile state activity will continue to focus primarily on espionage rather than on disruption/destruction. Several states, notably China, Russia, and Iran, will continue to conduct operations aimed at harvesting bulk data to support subsequent cyber operations and traditional espionage activities.

Risk Calculation for Cyber Insurance Will Change

The cyber insurance market will reach a watershed moment where cover for certain types of activity (e.g., ransomware cover) becomes prohibitively expensive. Cyber insurers will become increasingly stringent about the conditions under which a policy will pay out. “None of this will fundamentally change the threat that organizations face, although the challenges around recouping a loss may change the risk calculation, increasing the value of effective preparation and incident response plans.”

Cyber Insurance

State Activity

Ransomware

Cloud

Cyber Crime

Cloud

Ransomware

State Activity

Cyber Insurance

2021 State of THE THREAT REPORT

server room 3d illustration with node base programming data design element.concept of big data
storage and cloud computing technology.