Cyber security trends businesses can anticipate in 2022

Cyber exposure company Tenable has identified three major cyber security trends businesses can expect in the coming year.

3 December 2021

This includes addressing the vulnerabilities of the hybrid workforce, and the need for businesses to adopt a zero trust model to gain visibility into the scale of the attack surface. 

1. Ransomware operators to adopt cost-benefit analysis

Rather than targeting and scaling attacks on low-hanging fruit, 2022 will bring new strategies for ransomware operators, said Tenable vice president of operations technology Marty Edwards. 

“They will get more selective about their targets, aiming to strike a balance between making money and dodging a target on their back from law enforcement. In order to outsmart this equation, organisations must stop trying to prevent adversaries’ missions and instead prevent them from being worthwhile. 

“In other words, organisations must make sure these missions cost too much to conduct. If the reward doesn’t cover the cost of the investment, threat actors won’t pursue it.”

2. Increased number of intelligent devices will lead to greater cyber exposure

Smart city initiatives, smart building initiatives and efforts to reduce carbon emissions will lead to a proliferation of intelligent devices (IIoT technology) being attached to the internet. 

Dick Bussiere, technical director APAC for Tenable, said this trend will be accelerated by the increased capacity and speed of 5G networks. 

“Intelligent devices such as sensors, lights, meters are indirectly being connected to critical infrastructure and controlled through secure remote access,” he said. 

“These intelligent devices serve as the eyes and glue by which future smart city initiatives will be linked together. Through actionable information from massive streams of real-time data, critical infrastructure operators will be able to address public health, reduce traffic congestion and manage critical resources such as water, electricity and more.”

Mr Bussiere, who is based in Singapore and oversees the Asia-Pacific region, said there are two broad issues with this from the perspective of cyber security. 

“The first is from the nature of 5G networks themselves – 5G brings ‘more and faster’, which means that the ‘value’ of the network to an attacker is increased as more devices become attached. The second broad issue is the security of the ‘IIoT’ devices themselves. Normally, devices falling in this category are inexpensive, may not have had rigorous testing from a security perspective, and may not enjoy vendor support in the long term,” he said.

“Furthermore, they introduce new portals for an attack due to the convergence of IT and OT operations. This naturally leads to a large population of vulnerable devices. Managing this enhanced risk will become a challenge.”

Are you at risk of a cyber attack?

Explore our next-gen cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

3. Attacks on SaaS and shared services are imminent

As organisations ride on the trends already in motion to accelerate their innovation projects or migrate to the cloud to meet the demands of hybrid work models, their interdependencies on third-party services (e.g. software-as-a-service) will continue to expand. 

“We’ve already seen severe consequences of how attacks against third parties can facilitate attacks against seemingly unrelated organisations, with adversaries hitting IT infrastructure able to move laterally to OT infrastructure,” Mr Bussiere said. 

“We believe that attacks against commonly used SaaS and other software platforms will accelerate in 2022. Therefore, organisations must take precautions to adequately ensure that their third-party vendors are secure and implement audited industry best practices.”

Mr Bussiere said that this highlights how critical it is to ensure that third-party software and services have best security practices. 

“It also highlights the need to utilise a security solution that provides appropriate visibility, security and control across the converged infrastructure,” he said.

Cyber attacks on the rise

Cyber attacks are up 30% in the last six months as cybercriminals exploit the pandemic and the shift to remote working – with experts warning Australian small businesses owners to watch out as they are now the primary targets for cybercrime. 

Business Australia general manager, products, Phil Parisis, said despite all the warnings, most SMEs are still unprepared for a cyber attack.

“Australian small businesses can be easy targets with SMEs accounting for nearly half of all cybercrime incidents,” Mr Parisis said.

“Research shows that business owners are aware of cybercrime, but they are just not prepared – 90% of attacks are still successful due to human error.

“We often hear from businesses that ‘I'm just a small law firm, a building company, why would anybody target me?’”

Business Australia has launched Business Australia Cyber, specially designed to help small businesses learn how to spot cyber risks and prevent attacks with a Cyber Security Health Check.


Explore our next-gen cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.