Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Top 9 security predictions for 2022

By Andre Durand
cyber-security-freepik1170x658v486.jpg

Image by mikeygl via Freepik

February 21, 2022

In an IT landscape shifted to remote work among a global pandemic, the cybercriminals have been busy. Starting with the cryptocurrency exchange hack of Livecoin in January, thousands of ever-more-sophisticated cybersecurity attacks were recorded in 2021. In fact, last year experienced a 17% increase in the number of recorded breaches, says the Identity Theft Research Center (ITRC). And there is no sign of letting up.


While the full impact of these incidents will unfold in the months and years ahead, 2022 will present a new set of cybersecurity challenges that will impact how organizations build trust in this constantly evolving digital age.


Within this rapidly evolving landscape, here are the nine key trends that will shape how organizations should think about the year ahead.  


1. Cybersecurity becomes an ESG (Environment, Social and, Governance) Issue

As our lives become more digital, and digital and physical controls collide, investing in cybersecurity to keep society safe will become recognized as the fourth responsibility of ESG for corporations. We're already seeing demand for separate board-level cyber risk committees, and we've experienced how cyberattacks have more than just technological implications. As the digital/physical worlds converge around cybersecurity, it's clear that keeping people safe and society productive is going to require more than troops, planes and battleships. It's going to require governments and the private sector to take cybersecurity seriously. A society that is not secure (digitally and physically) is a society that is not free.


2. Multi-Factor Authentication (MFA) Mandate

In the ongoing war against global cyber threats, one of the weakest links in our security systems is the use of password-only protection to secure access to sensitive information and systems. It's estimated that over 80% of breaches occur because of stolen or compromised passwords. As a result, companies are turning to multi-factor authentication to bolster their digital front doors, and we are seeing companies mandate MFA for everything in order to protect themselves.


Further accelerating this shift is the cyber risk and insurance industry, which requires MFA to obtain cyber risk insurance.  


3. Bad Bot Tsunami

 Bots are over-running customer-facing systems, which means enterprises will need to leverage artificial intelligence (AI) and machine learning to both detect and protect against bots impersonating humans when creating or attempting to take over accounts. 


Bots today dominate fraudulent eCommerce and online activity, with bad bots now accounting for 25% of internet traffic. That's because they have increased in sophistication and can now mimic human behavior.


4. Focus Shifts to Authorization


Driven by zero trust security models (don't trust the user, the device or the network. Verify always), a decade of focus on authentication will begin to shift towards authorization. Namely, what can the user do? In a zero trust world, companies want their policy to be the perimeter. While allowing users to be productive and access corporate resources securely from any device is the desired end-state, companies need to not only ensure that the user and device is making the request but that that user is authorized to make the request. In the new highly distributed world (users working from anywhere, workloads served from anywhere), authentication (who is making the request) and authorization (what are they allowed to do) become the backbone of a new zero trust security paradigm.


5. The Rise of Digital Wallets

For the past 50 years, you and I have been second-class citizens when it comes to our digital identity. Companies run the systems that manage our digital identity.


In 2022, a new paradigm will emerge. A paradigm in which users will become individuals and digital identity credentials will begin to be stored on an individual's phone. Proof of identity, proof of employment, proof of loyalty, proof of membership, proof of credit worthiness, proof of certification, proof of education. These digital credentials will find their way into a secure digital identity wallet stored on our phones and accessed via our biometrics like FaceID.


This will usher in a new paradigm for personal control, personal privacy and sharing data about ourselves. One in which users will have more control over who and when their data is shared.


It will be key for companies to think through how their existing identity systems will interface with this new paradigm.


6. Attacks on zombie and shadow APIs

APIs cannot remain the most used, most abused and least visible part of our enterprise infrastructure. Though APIs have enormous benefits for those who utilize them, the extent to which they are used can, unfortunately, lead to blind spots in our security programs, particularly with the increased use of zombie and shadow APIs. These rogue APIs happen when an API is developed as part of an application, but the API itself is considered an implementation detail of the application and is only known by a close-knit group of developers.


Currently, these threats are not on the radar of security operatives because they don't have visibility into the implementation details. But it's projected by Gartner that over 90% of attacks will focus on APIs in 2022. For those companies without well-formed API governance, controls and security practices, APIs will become the weak link. 


7. Convergence of IT and operational technology (OT)

Threats and attacks to physical infrastructure will only increase in 2022 as our OT infrastructure becomes smart and connects to our digital infrastructure. As a result of this modernization, enterprises will be forced to rethink how they address new and emerging cybersecurity threats as they will have very real-world, physical impacts. Information technology and operational (physical) technology will collide, and IT teams will take over responsibility for the security of OT. This will lead to a need for interoperability between IT/OT initially and, ultimately, a convergence of redundant technology to control who can physically get in the building and who can access apps. 


8. Rise of the chief information security officer (CISO)

The CISO's role is to help their enterprise support new services and offerings while ensuring the security, safety and reliability of the company's IT infrastructure. As corporate boards put cyber risk more front and center, identity leaders will increasingly report directly to the CISO, and the CISO will report to the board. Gartner predicts that 40% of boards will have a dedicated cybersecurity committee by 2025.


9. Identity Focus Shifts from Security to Experience

Much of the focus in identity and security has been on simply making it work and keeping pace with the demands of the business. But as new no-code and low-code identity and integration options emerge, the focus will shift to enabling frictionless end-user experiences. Business leaders will take a more active role in demanding exceptional experiences to compete in a largely digital-first world.

KEYWORDS: bots Chief Information Security Officer (CISO) cyber security digital identity governance multi-factor authentication risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andre Durand serves as Chief Executive Officer at Ping Identity. Durand has founded a number of software companies, including Jabber which was sold to Cisco. He holds a BA in Biology and Economics from the University of California at Santa Barbara. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Top physical security predictions for 2022

    Top 6 physical security predictions for 2022

    See More
  • SEC_Web_Top-Cyber-Predictions-2022-1170x658.jpg

    Top 15 cybersecurity predictions for 2022

    See More
  • fraud-scam-freepik1170x658x57.jpg

    Top 4 fraud predictions for 2022

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing