Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

4 cybersecurity threats that organizations should prepare for in 2022

By Ian Pratt
cyber security network graphic
January 3, 2022

From HAFNIUM’s attack on Microsoft Exchange servers to the Colonial Pipeline ransomware attack that disrupted fuel deliveries, 2021 witnessed an increasing number and variety of cyber threats. Coupled with the challenges of securing a remote workforce, it’s become more challenging than ever for organizations to protect data and ensure the uptime of services.

The threat landscape is going to evolve and expand at pace in the year ahead. We should expect to see ransomware gangs continue putting lives at risk, the weaponization of firmware exploits and much more. Here are four key cybersecurity trends organizations need to be prepared for in 2022.

Continued commodification of software supply chain attacks could result in more high-profile targets

The Kaseya breach, which impacted over 1,500 companies, demonstrated how supply chain attacks can be monetized. As a result, it is likely that supply chain threats will rise over the next year, and we will see the continued commoditization of the tactics, techniques and procedures (TTPs) used to conduct such attacks.

Threat actors will search for weak links in software supply chains and target widely used software. Both small- to medium-sized businesses (SMBs) and high-profile victims may be targeted. The Kaseya attack should be a wakeup call to all independent software vendors (ISVs) that even if their customer base doesn’t consist of enterprise and government customers, they can still be caught in the crosshairs of attackers looking to exploit their customers. Now that this blueprint is in place, we could see these types of attack become more widespread in the year ahead.

Ransomware gangs could put lives at risk and engage in “pile-ons” 

Ransomware will continue to be a major risk in 2022, with victims potentially being hit more than once. The method will be akin to “social media pile-ons” — once an organization is shown to have paid a ransom, others will pile on to get their share of the action. In some instances, threat actors will hit a company multiple times — doubling or even tripling extortion rackets.

Ransomware operators will almost certainly intensify how they pressure victims into paying ransoms. Beyond data leak websites, attackers will use increasingly varied extortion methods, such as contacting customers and business associates of victim organizations. 

Threat actors could also focus on hitting certain industries that have a higher likelihood of payment such as healthcare firms and organizations in the critical infrastructure sector. Attackers may well target high-risk devices such as critical medical support systems and their supporting infrastructure, where the risk of significant harm will be highest and therefore a payout will come quickly.

Weaponization of firmware attacks will lower the bar for entry

Firmware provides a fertile opportunity for cyberattackers looking to gain long-term persistence or perform destructive attacks. The security of firmware is frequently neglected by organizations, with much lower levels of patching observed. 

In the last year we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously these types of cyberattacks were only used by nation-state actors. In the next 12 months, we can expect to see the TTPs for targeting firmware trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks.

The lack of visibility and control over firmware security will exacerbate this issue. Certain industries where these attacks could be more probable should start thinking about the risks posed by low-level malware and exploits.

Hybrid work will create more opportunities to attack users

The shift to hybrid work will continue to create problems for organizational security. The volume of unmanaged and unsecure devices has created a wider attack surface. Threat actors could start to target the homes and personal networks of top executives or even government officials, as these networks are easier to compromise than traditional enterprise environments.

Phishing will remain an ever-present threat in the era of hybrid work. The line between personal and professional has been blurred, with employees using home devices for work or corporate devices for personal tasks. This will continue, and it’s likely there will be an increase in phishing attacks targeting both corporate and personal email accounts, doubling attackers’ chances of a successful attack. 

High-profile sporting events will present new opportunities to lure users to click on malicious content. For example, the Winter Olympics in Beijing and FIFA World Cup in Qatar both give threat actors plenty of scope for exploitation. Such large events attract opportunistic attacks, be it a direct attack on organizers, sponsors, participants and fans or exploited as phishing lures for malware and ransomware campaigns targeted at users. Organizations need to educate their workforce on the risks and enforce technical controls to prevent compromise.

A new approach to security is needed

The rise of hybrid working and continued innovation from threat actors means 2022 has plenty of nasty surprises in store. As a result, a fresh approach to secure the future of work is required.

Cybersecurity leaders should focus on protection where it is needed most: the endpoint. Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust — least privilege access, isolation, mandatory access control and strong identity management.

This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralizing cyber-threats. For example, disposable virtual machines can be transparently created whenever the user performs a potentially risky activity, like clicking on an email attachment or link. This means any malware lurking inside is rendered harmless and allows organizations to drastically reduce their attack surface.
KEYWORDS: cyber attack cyber security threats firmware updates hybrid workforce ransomware remote workers software security zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ian Pratt is Global Head of Security for Personal Systems, HP Inc.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • supply-chain-freepik

    Supply chain cybersecurity trends: What professionals should be aware of and how to prepare for 2022

    See More
  • ChatGPT on computer

    Generative AI in the enterprise: 4 steps to prepare organizations

    See More
  • Doorway to Cybersecurity

    Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

    See More

Related Products

See More Products
  • 150 things.jpg

    Physical Security: 150 Things You Should Know 2nd Edition

  • CPTED.jpg

    CPTED and Traditional Security Countermeasures: 150 Things You Should Know

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!