2022 Predictions for the Cybersecurity Industry and Advice for Newcomers or Those Working for Small to Medium-Sized Businesses

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, CISM, BCS CITP, and Richard Nealon, CISSP-ISSMP, SSCP, SCF, CISM, CISA

As long-time information security professionals and (ISC)² Community Champions, we have experienced the way cybersecurity employees engage and work with one another continue to adapt in response to changes in the workplace and world at large. In 2021, we experienced a rapid evolution to these interactions. Like us, you may be wondering, what will 2022 look like for information security professionals?

We have several predictions and topics of concern for the cybersecurity industry in the coming year, from overarching fundamentals to those that will be of more concern to entry-level professionals and small and medium-sized businesses.

2022 Cybersecurity Fundamentals

Some of the issues faced by cybersecurity professionals in 2022 will include (but are not limited to) the evolving landscape of privacy (especially related to COVID-19 tracing), ransomware and the ongoing necessity for remote access. We believe that there will be continuous changes happening with new laws/regulations related to the Internet of Things and the devices that are intended to improve our lifestyle. We suggest that all cybersecurity professionals be informed on these topics as they evolve. The (ISC)² Community Champions will provide an update on these topics and more as they arise throughout the year:

• Injection attacks
• Privacy laws
• Supply chain challenges
• Remote access, 5G, and VPN
• SASE (Secure Access Service Edge)
• Zero Trust
• IoT, OT and IoMT medical devices
• Ransomware – including The Perfect Ransomware Victim
• COVID-19 tracing and privacy issues
• AI benefits and threats
• Quantum computing cryptography
• State attacks
• Cloud insecurity

New Cybersecurity Professionals and Small-to-Medium-sized Businesses (SMBs)

The list below includes concerns that SMBs may experience.

• Staffing, Budget and Upper Management
  • Typically, the infosecurity shop, or department, is smaller or is staffed by employees with many other responsibilities.
  • Budgets are also a concern in these shops, as security budgets can often be the first cut when financial challenges arise.
  • Senior management leaders have other priorities.
  • Time may not be allocated for adequate cybersecurity awareness training.
• Third-Party Access
  • With the pandemic, we have seen an increase in the need for remote or use of Virtual Private Networks (VPNs), with a general movement towards Secure Access Service Edge (SASE) to protect applications and move away from traditional networks.
• Secure Web Development
• Policies and Procedures
  • Data classification and ownership.
  • DevSecOps and Agile software development including APIs, and microservices and related weaknesses. 
  • Quantitative risk management i.e., FAIR methodology vs. Qualitative risk management – key to commencing Zero Trust Architecture (ZTA) journeys
• Data Leakage
• Security Awareness
• Privacy
  • The rise in neurotechnology to breach the privacy of the human brain.

Join us in the (ISC)² Community to share your predictions for the coming year or to further discuss and engage on the topics listed above.