2021 has been another challenging year for businesses, not least because of the ongoing wave of cyberattacks. Everyone is hoping for some good news in 2022, but realistically, cybercrime slowing down won’t be on the agenda.

Cybersecurity and avoiding the threat of data breaches is going to be front of mind for many going into next year. We’ve spoken to two members of our leadership team who’ve shared their thoughts on four trends we’re likely to encounter in 2022.

1. Ransomware won’t be going away anytime soon

Steven Malone, VP of Product Management at Egress

“In 2022 we’ll see a disappointing but inevitable continuation of attack vectors that have been plaguing businesses for years – ransomware being a key one. Major ransomware attacks will continue to dominate the headlines, with criminal gangs trying out new and increasingly inventive ways to turn the screws on their victims.

“Something I always find amazing is that the first piece of ransomware was seen in the wild in 1989… And yet it’s still one of our biggest cybersecurity problems today!

“Unfortunately, I predict that major ransomware attacks will continue to rise in 2022, with criminal gangs trying out new, increasingly inventive and more threatening ways to turn the screws on their victims. We’ll see increasing use of tactics including making threatening calls to company employees, and leaking or selling the organization’s sensitive data online after an attack.

“In response to this, we’ll see a renewed focus on preventing ransomware – and because over 90% of malware is delivered via email, organizations will ramp up their anti-phishing defenses in the coming year.”

2. Supply chain attacks will lead to zero-trust adoption

Tony Pepper, CEO at Egress

“We saw some major supply chain hacks during 2021, which will have concerned plenty of businesses. Many have now realized that it’s not enough to only look internally – you need to consider the cybersecurity practices of vendors and third parties too.

“So as a natural evolution, I’m predicting that the supply chain will become every organization’s biggest problem and their least trusted channel of communication in 2022. In cybersecurity terms, you should approach everyone from a position of zero trust – even the companies you work with the most.

“Losing trust in the supply chain is likely to in turn drive adoption of the fast-emerging zero-trust market and other zero trust methodologies. However as zero trust concepts take hold in 2022, buyers should beware vendors that claim to singlehandedly solve the problem of zero trust. It’s simply not possible.

“Instead, organizations will need to layer combinations of technologies in order to truly achieve their zero trust goals.”

3. We’ll see an increase in multi-vector attacks

Tony Pepper, CEO at Egress

“I’m also predicting that we’ll see a rise in multi-vector attacks in 2022. We’ve already seen hackers combining phishing, smishing, and vishing – so I think the next step will be to include collaboration platforms. Hybrid work has created huge demand for collaboration tools, and from a cybercriminal’s perspective, they can be a treasure trove of company data that is often unsecured.

“People are slowly learning that they need to be cautious with their use of email in terms of both accidental data loss and phishing attacks. However, people tend to use corporate collaboration tools in a more casual and carefree way. Consumer messaging styles easily bleed over into corporate collaboration – and it’s this feeling of ease and safety that hackers will look to exploit.

“Cybercriminals will always follow current trends, and they’re always looking for opportunities to take advantage of changes in the way that organizations store their data, so I expect that we’ll see a rise in attacks targeting these platforms.”

4. CISO priorities will shift from training to technology

Steven Malone, VP of Product Management at Egress

“I think 2022 could be the year where cyber training programmes finally hit their limit. Cyberattacks have already outpaced the defense that security awareness training (SAT) can deliver – and organizations are starting to realize that their investments in training aren’t keeping people safe.

“Despite continued investment in SAT, insiders continue to pose the biggest cybersecurity risk. Security teams are more aware than ever that training isn’t enough to solve the problem, especially not on its own.

“Instead, I’m expecting the focus to shift onto de-risking behavior in the workplace using technology. Instead of training people then effectively leaving them to fend for themselves, more organizations will provide a technology-based safety net for employees as they carry out their work.

The best solutions will educate people in the process – helping them to become genuine cybersecurity assets, rather than constant sources of risk.”

Stop the sophisticated phishing attacks targeting your organization in 2022

Start next year off with by detecting any advanced phishing attacks targeting your business and gain a better view of cybersecurity across your organization. Egress Defend used machine learning and natural language processing to: