GettyImages-1390536486.jpg

The past two years were defined by high-profile cybersecurity incidents. In 2020, security firm FireEye helped uncover the SolarWinds cyber espionage attack that targeted various businesses and government entities. In 2021, the ransomware attack that affected Colonial Pipeline brought renewed attention to these destructive and expensive incidents.

Although the year isn’t quite over yet, 2022 seemed to lack such a “signature incident.” Some experts believed Russia’s invasion of Ukraine in February would kick off a wide-scale nation-state attack aimed at crippling critical infrastructure, but that particular scenario has not materialized (at least so far). That’s despite a cyber component to that conflict, according to various reports.

Nonetheless, the past 12 months have witnessed increasing cybersecurity activity. Recent figures released by Check Point Research, for example, found global attacks increased by 28 percent in the third quarter of 2022 compared to the same period in 2021. During this time, attackers targeted the healthcare and educational industries most, while the average weekly number of attacks per organization worldwide reached more than 1,130.

From ongoing concerns over ransomware attacks to vulnerabilities in open-source software and cloud platforms to debates over privacy and data security, these six cybersecurity trends are some of the most important developments that happened in 2022… and are likely to affect tech and security pros’ jobs and careers well into 2023.

Ransomware Is Still an Ongoing Threat to Every Organization

While ransomware attacks have made headlines year after year, the challenges organizations face in defending against these incidents only seemed to grow in 2022. In September, Cybersecurity Ventures published a report that estimated ransomware will collectively cost victims $265 billion annually by 2031.

The same study found that ransomware attacks will eventually happen every two seconds. It’s easy to see why these numbers keep climbing. Take the cybercriminal organization LockBit, which security firm Webroot named as one of the most dangerous threat groups the company tracked in 2022. LockBit not only offers ransomware-as-a-service but also threatens to publish stolen data if victims do not pay. If that wasn’t bad enough, the gang conducts DDoS attacks.

Lucia Milică, global resident CISO for security firm Proofpoint, noted that several incidents her company tracked this year showed the ransomware problem as continuing unabated.

“Cyberattacks pummeled organizations across the globe and ransomware continued to wreak havoc, whether it was to force a 157-year-old educational institution to close its doors, the entire nation of Costa Rica to declare an emergency, or a major automaker to shutter operations for one whole day,” Milică told Dice. “Our research confirms this worrying trend, as these attacks grew in both frequency and impact the prior year. Seventy-eight percent of organizations faced at least one email-based ransomware attack attempt and over two-thirds were infected by ransomware in 2021, an increase over 2020. Once the final tally is known this year, we anticipate it will reveal that the growth of ransomware attacks continues.”

Securing Data in the Cloud Remains a Concern 

While some organizations pushed to bring workers back to the office in 2022, remote and hybrid work remained a constant for many. That meant businesses continued to invest in cloud-based platforms as well as Software-as-a-Service (SaaS) tools to ensure employees had access to resources and data.

This also meant additional spending on security tools to ensure that cloud and SaaS tools, as well as the endpoints that support them, remained secure. After spending $5.7 billion on cloud security tools and services in 2022, Garter predicts that number will jump to $6.7 billion in 2023.

Despite spending billions on security tools and services, enterprises and other organizations remained vulnerable to data leaks from unsecured databases hosted in the cloud in 2022. For some industry observers, this means additional training is needed to complement the increasing spending on cybersecurity technology.

“The trend of companies leaking data by making cloud buckets public is not losing any speed. There are plenty of ways to prevent this misconfiguration, and most defaults are secure,” Mitch Fentz, cybersecurity consultant at nVisium, told Dice. “I suspect that the root of the problem is a lack of understanding of the nuances of how [Identity and Access Managment] statements are parsed. Whatever the specific root problem is for a given instance, I would bet it's in a process, such as lack of training, lack of meaningful code review by senior engineers, and CI/CD design problems—not a lack of technical solutions.”

Shining a Light on Open-Source Vulnerabilities

Over the past several years, security watchers have tried to shine more of a light on vulnerabilities in open-source software. Over the last 12 months, these initiatives have gained much-needed attention. In January, for example, the White House gathered tech giants such as Apple, Amazon, Meta, Microsoft and the Linux Foundation to discuss how to remove more of these flaws from the software supply chain.

In August, the U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency published a paper offering additional guidance for organizations to follow to better detect and mitigate open-source security vulnerabilities in the supply chain. While some observers see improvements, Bud Broomhead, CEO at security firm Viakoo, noted that the use of open-source code to build operational technology (OT) and IoT devices means paying attention to these bugs will remain a major part of any tech professional’s job.

“The shift to open-source software vulnerabilities by threat actors was clear across 2022 and will continue to be a major attack vector in 2023,” Broomhead told Dice. “The danger open-source vulnerabilities present is that they require multiple vendors to provide patches, are often found in OT and IoT devices that are hard to remediate, and can be exploited many years after they were discovered. This trend will also encourage organizations to have automated remediation capabilities for IT, OT and IoT devices to rapidly shrink the attack surface at scale.”

Passwords Still Trip Up Users and Create Security Issues

While 2022 is the year that “passwordless” was supposed to take off (Apple, Google and Microsoft all have various tools for their products to eliminate passwords while keeping devices secure), one major problem remains: Many employees still use weak passwords and weak passwords remain a major security threat.

For instance, the Ponemon Institute finds that 54 percent of security incidents were caused by credential theft. In addition, the 2022 Verizon Data Breach Investigations Report noted that half of all data breaches could be traced to stolen credentials and compromised passwords.

“Going ‘passwordless’ has made the news, but we're a long way from ever reaching a true passwordless future. For there to be practical and widespread implementation, platform vendors must standardize what it even means to go passwordless,” Zane Bond, director of product management at Keeper Security, told Dice. “Right now, it’s a confusing mix of passwords, biometrics, SSO and passkeys. At the end of the day, accounts still need to be protected with a strong and unique password, and managed within a secure password management system. And if a physical device or security key is lost, damaged or forgotten, a password is typically still used for fallback authentication.”

Consumer Concerns Over Data Privacy

It’s been several years since the European Union enacted the General Data Protection Regulation (GDPR) but the push to protect more data and the privacy of private citizens continued into 2022. 

In the U.S., some 35 state legislatures and the District of Columbia introduced or considered almost 200 consumer privacy bills in 2022, according to statistics kept by the National Conference of State Legislatures. At least five states, including California, Colorado and Virginia, have enacted comprehensive consumer privacy laws.

Privacy concerns only increased in October, when Elon Musk bought Twitter, and the social network underwent a series of layoffs, including those executives responsible for the security and privacy of users. European regulators have started to raise concerns about what a Musk-led Twitter would do with the data it collects.

“Modern data privacy regulations will continue to be adopted across the globe, including more state and federal privacy regulations in the U.S. The financial penalties and consideration of privacy as an international policy focus area have certainly increased interest in privacy. Increasingly, these regulations have defined financial penalties similar to those of GPDR and California Consumer Privacy Act,” Gopi Ramamoorthy, senior director of security and GRC at Symmetry Systems, told Dice.

Don’t Forget About API Security

While APIs have become fairly standard technologies for many organizations, their use is only increasing. Postman, the world’s largest public API hub, reported its user base collectively made 1.13 billion API requests in 2022, up from 855 million requests in 2021. Another study found 92 percent of organizations have significantly or somewhat increased their API usage—yet 62 percent said a third or more of these APIs are undocumented.

This increasing use of APIs, coupled with difficulties tracking their usage, remains a major concern, with CISOs rating APIs as the top IT component needing security, according to a VMware report.

“One of the biggest cybersecurity trends this year by far has been the increasing recognition of the high-security risks that come with growing API usage,” Nick Rago, Field CTO at Salt Security, told Dice. “Driven by cloud-native design, API development, integration, and consumption has surged. Companies continue to roll out APIs at an unprecedented rate to deliver innovative new services to customers. The resulting API attack surface has given attackers a bigger target to exploit, and left businesses faced with a new set of security threats.”