Trends in Cybersecurity:
2022 Year in Review
What We Learned and Where We Go from Here
The cybersecurity industry is another year older and wiser. The year 2022 again saw massive growth of the industry and continued prioritization of cybersecurity to businesses and individuals across the globe. Even if you didn’t know much of anything about cybersecurity before the year started, you definitely did by its end.
But what were the biggest stories from the year gone by? What lessons can we learn from these events? And most importantly, where do we go from here in order to become better and more resilient as an industry?
Let’s find out!
Click here to learn more about PlexTrac, the cybersecurity industry’s Premier Pentest Reporting and Collaboration Platform.
Cybersecurity Year in Review Story 1: Breaches, Breaches, and More Breaches
Surprise, surprise, there were more breaches than ever before in 2022!
According to InfoSecurity Magazine, there was a massive 70 percent rise in data breaches in Q3 of 2022 when compared to 2021. And these attacks weren’t limited to small, helpless companies without a strong security presence. Large companies like Microsoft, Crypto.com, Red Cross, and Cash App highlighted some of the bigger names who fell victim to a costly breach in 2022.
These are expensive lessons for small and large companies, alike. However, these breaches illuminate one reality that we all must face: Security adversaries aren’t going anywhere and no one is immune from a breach. Businesses and the cybersecurity industry must respond to these threats in order to move the needle and mitigate the number and severity of breaches as a whole.
Cybersecurity Year in Review Story 2: Increased Awareness and Prioritization
The bittersweet truth about the rise in total attacks and breaches is a heightened sense of urgency to fix the problem by spreading awareness and prioritizing improvement, both by businesses and governments alike.
This sounds all well and good, but what does this look like in practice? On the heels of last year’s cybersecurity executive order by the Biden Administration, more action has been taken to ensure we’re collectively better protected from breaches.
One tangible example of the macro cybersecurity investment by businesses is the growth of the security industry as a whole. The cybersecurity industry currently has a value of $173.5 billion, and that number is expected to grow at a compound annual growth rate (CAGR) of 8.9 percent to reach a total value of $266.2 billion by 2027. This incredible number includes investments in growing the cybersecurity job force, developing and advancing existing security practices, and creating new cybersecurity technology to make the lives of infosec professionals easier.
Another example of this action is the increased investment in employee security training by businesses. According to Cybercrime Magazine, the security training market is projected to hit $10 billion annually by 2027. This training ensures that all employees have a baseline understanding of proper security hygiene and practices and that they know what to do in the event of a breach.
Cybersecurity Year in Review Story 3: Attack Surface Expansion
The COVID-19 pandemic brought the working world into the future with the work-from-home (WFH) and work-from-anywhere (WFA) shift that occurred in 2020. Throughout 2022 many employees have continued to enjoy the increased flexibility and convenience to be able to work from home in sweatpants, or go into the office for social interactions and planning. In fact, over 36 million Americans, or 22 percent of the workforce is projected to still work-from-home by 2025. However, a byproduct of this innovation was an expanded attack surface for adversaries, with more ways than ever to break the metaphorical lock and access precious company data.
Combine this new norm with a technology ecosystem with an enhanced reliance on multiple cloud / SaaS platforms and you have the perfect recipe for vulnerability to threats if proactive precautions aren’t taken to combat these developments.
So, what is the industry to do to combat this trend? After all, many believe that the key to a secure security program is the minimization of your attack surface. Tactics to minimize your risk and protect your workforce — while still adapting to the new WFH and WFA models — include
- Mandating security training and education for your entire workforce
- Limiting employee application access to vendors approved by your security team
- Implementing widespread adoption of The Principle of Least Privilege and Zero Trust whenever possible
Cybersecurity Year in Review Story 4: Ransomware and other Advanced Attacks
Ransomware is one of the most popular AND successful tactics in the industry right now, and also the most well-known to the general public. However, it’s not the only advanced attack that’s been on the rise in 2022. While 2021 might have been “the year of ransomware,” to many 2022 was proof that the year previous was no fluke and that advanced attacks were here to stay.
In fact, 2022 has seen a massive rise in the sophistication and monetization of illegal ransomware-as-a-service (RaaS) providers that deploy advanced attacks on companies for a large payout in return. Eerie, right? Clearly the black hats went to business school this past year. This development also means that security and IT teams can expect more refined, resource-backed malware that can be produced faster than ever.
So, what can the good people do to defend themselves against these attacks? The honest truth is that your business needs to keep up with adversaries to stand a chance… This means you should continue to invest in the growth of your security team, the advancement and maturity of its processes, and the number of technologies your team has at its disposal. If you don’t have the resources to make these investments, consider working with a security consultancy or managed security service provider (MSSP) to help fill gaps and provide support for your team and organization as a whole.
Cybersecurity Year in Review Story 5: Security Vendor Consolidation
The last trend we wanted to touch on from 2022 was the consolidation of security vendors in the industry. It’s a surprise to nobody in the industry that cybersecurity is full of blinky lights that advertise “one-stop solutions” to very complex and often impossible problems. Truly, it can be hard to get a good idea of what vendors you definitely need, what ones are nice to haves, and what products should have you running for the hills.
It seems that many security organizations and teams are gauging the return-on-investment (ROI) of their tech stacks and cutting bait on many that they don’t deem as a necessity for their security efforts.
This adjustment has been made for a couple of reasons. The first is security, as a larger tech stack means more opportunities and trails that adversaries can exploit to gain access to parts of your networks. Keeping your number of unique vendors to a minimum helps you reduce your attack surface and maintain a clear view of your security posture. But that isn’t all… Due to the current state of the economy, many security teams are also facing static or even shrinking budgets, and must make cuts to technology sources in order to retain staff.
Doing more with less is a less than ideal reality for many security teams, but this development only stresses the further need to track ROI from the products you use day-to-day.
Speaking of ROI, let’s talk about PlexTrac!
Improve Your Security Team’s Efficiency and Effectiveness with PlexTrac
In the world of cybersecurity today you need all the help you can get. PlexTrac was created by cybersecurity professionals to help cybersecurity professionals focus on the right cybersecurity work while also empowering teams to be more efficient and effective in their workflows.
Create security reports in half the time, collaborate with your team in real-time, track vulnerabilities through to remediation, and generate ROI with PlexTrac, the Premier Cybersecurity Reporting and Collaboration Platform.
Click here to book your live demo of the PlexTrac platform.